View Full Version : ie redirects and possible maleware prob.
Hi, am having a problem with internet explorer redirect from google and ask.com. I think there is a virus on here that I'm not aware of. here is the DDS file. Thank you J
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by debbi at 20:09:29.62 on Thu 04/28/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1502.853 [GMT -7:00]
.
AV: Personal Internet Security 2011 *Enabled/Updated* {C5710F20-D491-416C-81BD-384D5383CEFD}
FW: Personal Internet Security 2011 *Enabled*
FW: Trend Micro Client-Server Security Agent Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\RETROG~2\bar\1.bin\2zbrmon.exe
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\debbi\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070406
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: N/A: {1c583e40-0629-4bb9-ab68-1cf539f2f782} - c:\program files\retrogamer_2z\bar\1.bin\2zSrcAs.dll
uURLSearchHooks: H - No File
mURLSearchHooks: N/A: {1c583e40-0629-4bb9-ab68-1cf539f2f782} - c:\program files\retrogamer_2z\bar\1.bin\2zSrcAs.dll
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Search Assistant BHO: {6ffed9d8-942f-4384-aa29-d3bd083a346a} - c:\program files\retrogamer_2z\bar\1.bin\2zSrcAs.dll
BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - c:\progra~1\bearsh~1\mediabar\datamngr\IEBHO.dll
BHO: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\bearsh~1\mediabar\toolbar\bsdtxmltbpi.dll
BHO: Updater For Simppull Toolbar: {c4b8bab4-1667-11df-a242-ba9455d89593} - c:\program files\simppulltoolbar\auxi\simppulltoolbAu.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Toolbar BHO: {fc1e426b-fa76-428f-b680-86ef1edb13c1} - c:\progra~1\retrog~2\bar\1.bin\2zbar.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll
TB: Retrogamer: {54ba686e-738f-42fe-badd-d8cb7cfbc07e} - c:\program files\retrogamer_2z\bar\1.bin\2zbar.dll
TB: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\bearsh~1\mediabar\toolbar\bsdtxmltbpi.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Personal Internet Security 2011] "c:\documents and settings\all users\application data\6ece77\PI6ec_2112.exe" /s /d
uRun: [0da83b50-2456-4866-a410-63f93f40654e_36] "c:\windows\system32\rundll32.exe" "c:\documents and settings\all users\application data\0da83b50-2456-4866-a410-63f93f40654e_36.avi", DllUnregisterServer
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Retrogamer_2z Browser Plugin Loader] c:\progra~1\retrog~2\bar\1.bin\2zbrmon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\client server security agent\pccntmon.exe" -HideWindow
uPolicies-explorer: DisallowRun = 1 (0x1)
uPolicies-disallowrun: 0 = msseces.exe
uPolicies-disallowrun: 1 = MSASCui.exe
uPolicies-disallowrun: 2 = ekrn.exe
uPolicies-disallowrun: 3 = egui.exe
uPolicies-disallowrun: 4 = avgnt.exe
uPolicies-disallowrun: 5 = avcenter.exe
uPolicies-disallowrun: 6 = avscan.exe
uPolicies-disallowrun: 7 = avgfrw.exe
uPolicies-disallowrun: 8 = avgui.exe
uPolicies-disallowrun: 9 = avgtray.exe
uPolicies-disallowrun: 10 = avgscanx.exe
uPolicies-disallowrun: 11 = avgcfgex.exe
uPolicies-disallowrun: 12 = avgemc.exe
uPolicies-disallowrun: 13 = avgchsvx.exe
uPolicies-disallowrun: 14 = avgcmgr.exe
uPolicies-disallowrun: 15 = avgwdsvc.exe
IE: &Search - http://tbedits.retrogamer.com/one-toolbaredits/menusearch.jhtml?s=100000494&p=RGxdm170YYus&si=1264000007FV5&a=ABA76228-9EFE-4526-87B6-83BC053993C3&n=2011041723
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://tuserver:4343/officescan/console/ClientInstall/WinNTChk.cab
DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} - hxxps://tuserver:4343/officescan/console/ClientInstall/setupini.cab
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://tuserver:4343/officescan/console/ClientInstall/setup.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} - hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} - hxxps://tuserver:4343/officescan/console/ClientInstall/RemoveCtrl.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {9BBB3919-F518-4D06-8209-299FC243FC30} - hxxps://tuserver:4343/SMB/console/html/root/AtxEnc.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {5A95F53F-077D-4801-856B-F7218C0CA92B} = 66.174.92.14 66.174.95.44
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\docume~1\debbi\locals~1\applic~1\skype\shared\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\progra~1\bearsh~1\mediabar\datamngr\datamngr.dll c:\progra~1\bearsh~1\mediabar\datamngr\IEBHO.dll
IFEO: image file execution options - svchost.exe
IFEO: a.exe - svchost.exe
IFEO: aAvgApi.exe - svchost.exe
IFEO: AAWTray.exe - svchost.exe
IFEO: About.exe - svchost.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2007-4-6 3456]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\client server security agent\TmXPFlt.sys [2006-9-6 225296]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\client server security agent\tmpreflt.sys [2006-9-6 36368]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-12-18 174720]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]
S2 mrtRate;mrtRate; [x]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2009-12-18 20480]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [2009-12-19 55056]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [2009-12-19 160912]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [2009-12-19 160912]
S3 PTDMWFLT;PTDMWWAN Filter Driver;c:\windows\system32\drivers\PTDMWFLT.sys [2009-12-19 13456]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [2009-12-19 118800]
S4 iComment Upgrade Service;iComment Upgrade Service;"c:\program files\icomment 2.1.22\upgradeservice.exe" --> c:\program files\icomment 2.1.22\UpgradeService.exe [?]
S4 OfcPfwSvc;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files\trend micro\client server security agent\OfcPfwSvc.exe [2006-11-10 278608]
S4 Retrogamer_2zService;Retrogamer Service;c:\progra~1\retrog~2\bar\1.bin\2zbarsvc.exe [2011-4-17 36864]
.
=============== Created Last 30 ================
.
2011-04-28 01:02:54 -------- d-----w- c:\docume~1\debbi\applic~1\simppulltoolbar
2011-04-24 09:56:03 192512 --sha-w- c:\windows\system32\fc10a.dll
2011-04-24 08:06:36 -------- d-----w- c:\docume~1\debbi\applic~1\bsbandmltbpi
2011-04-24 08:00:07 -------- d-----w- c:\docume~1\debbi\applic~1\mediabarbs
2011-04-24 08:00:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\52DE
2011-04-24 07:59:50 -------- d-----w- c:\docume~1\debbi\locals~1\applic~1\BearShare
2011-04-24 07:59:01 -------- d-----w- c:\program files\BearShare Applications
2011-04-24 07:38:54 -------- d-----w- c:\docume~1\alluse~1\applic~1\Fighters
2011-04-24 07:30:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\Free Ride Games
2011-04-24 07:12:12 -------- d-----w- c:\program files\W3i, LLC
2011-04-24 05:27:46 -------- d-----w- c:\docume~1\debbi\applic~1\com.w3i.plyt
2011-04-24 05:27:34 -------- d-----w- c:\program files\Playalot Games
2011-04-24 04:34:12 -------- d-----w- c:\docume~1\debbi\locals~1\applic~1\PackageAware
2011-04-24 04:33:03 -------- d-----w- c:\program files\common files\Symantec Shared
2011-04-24 04:32:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton
2011-04-24 04:32:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2011-04-24 04:26:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\EmailNotifier
2011-04-24 04:25:59 -------- d-----w- c:\program files\simppulltoolbar
2011-04-24 04:04:12 -------- d-----w- c:\docume~1\debbi\applic~1\ooVoo Details
2011-04-24 04:00:34 -------- d-----w- c:\docume~1\alluse~1\applic~1\Tarma Installer
2011-04-24 04:00:16 -------- d-----w- c:\docume~1\alluse~1\applic~1\WeCareReminder
2011-04-24 03:59:14 -------- d-----w- c:\program files\Yahoo!
2011-04-22 19:47:06 -------- d-----w- c:\docume~1\debbi\applic~1\iComment
2011-04-22 19:47:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\iComment
2011-04-22 19:47:05 -------- d-----w- c:\docume~1\debbi\applic~1\Sammsoft
2011-04-22 19:47:05 -------- d-----w- c:\docume~1\debbi\applic~1\Rubar-Toolbar
2011-04-18 03:52:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\GameTap Web Player
2011-04-18 03:51:58 819200 ----a-w- c:\windows\system32\GameTapWebPlayer_4_4_0_7.ocx
2011-04-18 03:49:47 -------- d-----w- c:\program files\Retrogamer_2z
2011-04-18 03:48:59 -------- d-----w- c:\program files\Retrogamer_2zEI
2011-04-10 04:08:46 -------- d-----w- c:\program files\The Weather Channel FW
2011-04-10 04:08:31 -------- d-----w- c:\docume~1\debbi\locals~1\applic~1\The Weather Channel
.
==================== Find3M ====================
.
2011-03-12 03:40:50 2637824 --sha-w- c:\docume~1\alluse~1\applic~1\0da83b50-2456-4866-a410-63f93f40654e_36.avi
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-18 23:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25:52 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
============= FINISH: 20:15:33.28 ===============
Jack&Jill
2011-05-03, 16:24
Hello and welcome to Safer Networking.
I am currently assessing your situation and will be back with a fix for your problem as soon as possible.
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this, click Thread Tools, then click Subscribe to this Thread. Under the Notification Type: title, make sure it is set to Instant notification by email, then click Add Subscription.
Please be patient with me during this time.
Meanwhile, please make a reply to this topic to acknowledge that you have read this and is still with me to tackle the problem until the end. If I do not get any response within 3 days, this topic will be closed.
Thank you so much for your help! I am patiently waiting. I understand that it might take awhile to go thru all the code. Thanks again. I appreciate all you do!:rolleyes:
Jhawke
Jack&Jill
2011-05-07, 08:03
Hello jhawke :),
Welcome to Malware Removal. I am Jack&Jill, and I will be helping you out.
Before we go further, there are a few things that I would like to make clear so that we are share the same understanding.
Please observe and follow these Forum Rules (http://www.malwareremoval.com/rules.php) and ALL USERS OF THIS FORUM MUST READ THIS FIRST (http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=47959).
Any advice is for your computer only and is taken at your own risk. Fixes sometimes will cause unexpected results, but I will do my best to assist you.
Please read the instructions carefully and follow them closely, in the order they are presented to you.
If you have any doubts or problems during the fix, please stop and ask.
All the tools that I will ask you to download and use are safe. Please allow if prompted by any of your security softwares.
Do not use or run any malware cleaning tools without supervision as they may cause more harm if improperly used.
Refrain from installing any new programs except those that I request during the fix to prevent interference to my diagnosis of the problem.
Lack of malware symptoms does not mean your computer is clean. Stick to this topic until I give the All Clear.
If you do not reply within 3 days, this topic will be closed.
If you are agreeable to the above, then everything should go smoothly :) . We may begin.
--------------------
Your logs strongly suggest that your computer is used for business or corporate purposes.
Please read this fifth post (http://forums.spybot.info/showpost.php?p=25712&postcount=5) of the Forum Rules and note the following:
Inform you IT department immediately when any workplace computers have been infected. There could be more than one machine at stake, possibly even the server.
I am unable to proceed further with the fixes due to our policy in dealings with corporate or business computers. The intention of this forum is not to replace a company's IT department.
We are also not willing to be held liable if any sensitive material has been compromised, be it caused by the infections or during the malware removal process. We are only helping out to get rid of malwares from computers, no other intentions or purposes.
It would be advisable to refer to your IT department to have the computer fixed, or you may directly go the local computer shops if it is a personal business.
Thank you for your understanding.
"Your logs strongly suggest that your computer is used for business or corporate purposes."
Please be assured that at one time this was a company computer. The company went out of business and we were able to get this computer. We have not cleaned the company information off of this computer, but it is now used solely in my home, and not hooked up to any network. it is a stand-alone computer now. It is used solely for surfing the web, gaming, and school, and not used in any way for company, There is still some company documents on this computer, but i am working on getting them off of the computer.
Please help, again, this is strictly a home computer now.
Thank you
Jhawke
Jack&Jill
2011-05-11, 10:11
Hello jhawke :),
I thought about it a while and I am willing to continue to help provided that you uninstall all the programs related to the business.
When you are done, please rerun DDS and post back the Attach.txt.
thank you, it might take me a few days to get this done, please be patient with me. thank you
Jack&Jill
2011-05-13, 18:31
Hello jhawke :),
Since this is going to take a few days, please post back DDS.txt as well.
Hi,
I believe I was albe to get all the business programs and such deleted off the hard drive. I am not sure if got all the directs to tuserver off. I did run a scan disk, and defrag.
I ran spybot search & destroy. It found fraud.windowsprotectionsuite and microsoftwindows.redirecthosts, and could not fix those 18 errors.
Also when I try and do a ctrl+alt+delete, there is no response.
The computer will not allow me to have automatic updates from microsoft: it keeps giving me error message 0x80070424, I never could figure out what that error was.
Thanking you again for your help!
Here is the dds.txt and the attach.zip
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by debbi at 22:54:38.59 on Sun 05/15/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1502.1079 [GMT -7:00]
.
AV: Personal Internet Security 2011 *Enabled/Updated* {C5710F20-D491-416C-81BD-384D5383CEFD}
FW: Personal Internet Security 2011 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\debbi\Desktop\computer fix\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.pogo.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070406
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\bearsh~1\mediabar\toolbar\bsdtxmltbpi.dll
BHO: Updater For Simppull Toolbar: {c4b8bab4-1667-11df-a242-ba9455d89593} - c:\program files\simppulltoolbar\auxi\simppulltoolbAu.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\bearsh~1\mediabar\toolbar\bsdtxmltbpi.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {54BA686E-738F-42FE-BADD-D8CB7CFBC07E} - No File
uRun: [Personal Internet Security 2011] "c:\documents and settings\all users\application data\6ece77\PI6ec_2112.exe" /s /d
uRun: [0da83b50-2456-4866-a410-63f93f40654e_36] "c:\windows\system32\rundll32.exe" "c:\documents and settings\all users\application data\0da83b50-2456-4866-a410-63f93f40654e_36.avi", DllUnregisterServer
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
uPolicies-explorer: DisallowRun = 1 (0x1)
uPolicies-disallowrun: 0 = msseces.exe
uPolicies-disallowrun: 1 = MSASCui.exe
uPolicies-disallowrun: 2 = ekrn.exe
uPolicies-disallowrun: 3 = egui.exe
uPolicies-disallowrun: 4 = avgnt.exe
uPolicies-disallowrun: 5 = avcenter.exe
uPolicies-disallowrun: 6 = avscan.exe
uPolicies-disallowrun: 7 = avgfrw.exe
uPolicies-disallowrun: 8 = avgui.exe
uPolicies-disallowrun: 9 = avgtray.exe
uPolicies-disallowrun: 10 = avgscanx.exe
uPolicies-disallowrun: 11 = avgcfgex.exe
uPolicies-disallowrun: 12 = avgemc.exe
uPolicies-disallowrun: 13 = avgchsvx.exe
uPolicies-disallowrun: 14 = avgcmgr.exe
uPolicies-disallowrun: 15 = avgwdsvc.exe
IE: &Search - http://tbedits.retrogamer.com/one-toolbaredits/menusearch.jhtml?s=100000494&p=RGxdm170YYus&si=1264000007FV5&a=ABA76228-9EFE-4526-87B6-83BC053993C3&n=2011041723
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: microsoft.com\*.update
Trusted Zone: windowsupdate.com\download
DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://tuserver:4343/officescan/console/ClientInstall/WinNTChk.cab
DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} - hxxps://tuserver:4343/officescan/console/ClientInstall/setupini.cab
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://tuserver:4343/officescan/console/ClientInstall/setup.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} - hxxps://tuserver:4343/officescan/console/ClientInstall/RemoveCtrl.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1304568629125
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\docume~1\debbi\locals~1\applic~1\skype\shared\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs:
IFEO: image file execution options - svchost.exe
IFEO: a.exe - svchost.exe
IFEO: aAvgApi.exe - svchost.exe
IFEO: AAWTray.exe - svchost.exe
IFEO: About.exe - svchost.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2007-4-6 3456]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2009-12-18 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-12-18 174720]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [2009-12-19 55056]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [2009-12-19 160912]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [2009-12-19 160912]
S3 PTDMWFLT;PTDMWWAN Filter Driver;c:\windows\system32\drivers\PTDMWFLT.sys [2009-12-19 13456]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [2009-12-19 118800]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]
S4 iComment Upgrade Service;iComment Upgrade Service;"c:\program files\icomment 2.1.22\upgradeservice.exe" --> c:\program files\icomment 2.1.22\UpgradeService.exe [?]
.
=============== Created Last 30 ================
.
2011-05-16 01:04:44 -------- d-----w- c:\windows\system32\LogFiles
2011-04-28 01:02:54 -------- d-----w- c:\docume~1\debbi\applic~1\simppulltoolbar
2011-04-24 09:56:03 192512 --sha-w- c:\windows\system32\fc10a.dll
2011-04-24 08:06:36 -------- d-----w- c:\docume~1\debbi\applic~1\bsbandmltbpi
2011-04-24 08:00:07 -------- d-----w- c:\docume~1\debbi\applic~1\mediabarbs
2011-04-24 08:00:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\52DE
2011-04-24 07:59:50 -------- d-----w- c:\docume~1\debbi\locals~1\applic~1\BearShare
2011-04-24 07:59:01 -------- d-----w- c:\program files\BearShare Applications
2011-04-24 07:38:54 -------- d-----w- c:\docume~1\alluse~1\applic~1\Fighters
2011-04-24 07:30:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\Free Ride Games
2011-04-24 05:27:46 -------- d-----w- c:\docume~1\debbi\applic~1\com.w3i.plyt
2011-04-24 04:34:12 -------- d-----w- c:\docume~1\debbi\locals~1\applic~1\PackageAware
2011-04-24 04:33:03 -------- d-----w- c:\program files\common files\Symantec Shared
2011-04-24 04:32:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton
2011-04-24 04:32:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2011-04-24 04:26:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\EmailNotifier
2011-04-24 04:25:59 -------- d-----w- c:\program files\simppulltoolbar
2011-04-24 04:04:12 -------- d-----w- c:\docume~1\debbi\applic~1\ooVoo Details
2011-04-24 04:00:16 -------- d-----w- c:\docume~1\alluse~1\applic~1\WeCareReminder
2011-04-24 03:59:14 -------- d-----w- c:\program files\Yahoo!
2011-04-22 19:47:06 -------- d-----w- c:\docume~1\debbi\applic~1\iComment
2011-04-22 19:47:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\iComment
2011-04-22 19:47:05 -------- d-----w- c:\docume~1\debbi\applic~1\Sammsoft
2011-04-22 19:47:05 -------- d-----w- c:\docume~1\debbi\applic~1\Rubar-Toolbar
2011-04-18 03:52:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\GameTap Web Player
2011-04-18 03:51:58 819200 ----a-w- c:\windows\system32\GameTapWebPlayer_4_4_0_7.ocx
.
==================== Find3M ====================
.
2011-03-12 03:40:50 2637824 --sha-w- c:\docume~1\alluse~1\applic~1\0da83b50-2456-4866-a410-63f93f40654e_36.avi
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-18 23:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 22:55:20.87 ===============
Jack&Jill
2011-05-16, 18:26
Hello jhawke :),
How about the following programs? These do not fit my description of personal computer programs and are still on the installed programs list.
ACH Origination Application
Itibiti RTC
Microsoft Office 2000 Small Business
Sage BusinessWorks
Sage Components
VZAccess Manager
Here we go again :-)
I believe i removed ACH Origination Application
I don't know what Itibiti RTC is and couldn't find it to remove it
Microsoft Office 2000 Small Business I bought myself and have the licensing, I just like the features and am teaching myself the different programs, and it comes in handy for school. but if you want me to remove it, I will, I can always reinstall it.
Sage BusinessWorks should be removed, I thought I did...help???
Sage Components should be removed, thought I did....help???
VZAccess Manager is my verizon dsl connection manager and was installed after i got the computer, it is when i plug in my little usb hub thing to get connected.
here is another dds & attach.
Thanks again!
JHawke
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by debbi at 21:15:08.79 on Tue 05/17/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1502.1149 [GMT -7:00]
.
AV: Personal Internet Security 2011 *Enabled/Updated* {C5710F20-D491-416C-81BD-384D5383CEFD}
FW: Personal Internet Security 2011 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\debbi\Desktop\computer fix\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.pogo.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070406
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\bearsh~1\mediabar\toolbar\bsdtxmltbpi.dll
BHO: Updater For Simppull Toolbar: {c4b8bab4-1667-11df-a242-ba9455d89593} - c:\program files\simppulltoolbar\auxi\simppulltoolbAu.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\bearsh~1\mediabar\toolbar\bsdtxmltbpi.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {54BA686E-738F-42FE-BADD-D8CB7CFBC07E} - No File
uRun: [Personal Internet Security 2011] "c:\documents and settings\all users\application data\6ece77\PI6ec_2112.exe" /s /d
uRun: [0da83b50-2456-4866-a410-63f93f40654e_36] "c:\windows\system32\rundll32.exe" "c:\documents and settings\all users\application data\0da83b50-2456-4866-a410-63f93f40654e_36.avi", DllUnregisterServer
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
uPolicies-explorer: DisallowRun = 1 (0x1)
uPolicies-disallowrun: 0 = msseces.exe
uPolicies-disallowrun: 1 = MSASCui.exe
uPolicies-disallowrun: 2 = ekrn.exe
uPolicies-disallowrun: 3 = egui.exe
uPolicies-disallowrun: 4 = avgnt.exe
uPolicies-disallowrun: 5 = avcenter.exe
uPolicies-disallowrun: 6 = avscan.exe
uPolicies-disallowrun: 7 = avgfrw.exe
uPolicies-disallowrun: 8 = avgui.exe
uPolicies-disallowrun: 9 = avgtray.exe
uPolicies-disallowrun: 10 = avgscanx.exe
uPolicies-disallowrun: 11 = avgcfgex.exe
uPolicies-disallowrun: 12 = avgemc.exe
uPolicies-disallowrun: 13 = avgchsvx.exe
uPolicies-disallowrun: 14 = avgcmgr.exe
uPolicies-disallowrun: 15 = avgwdsvc.exe
IE: &Search - http://tbedits.retrogamer.com/one-toolbaredits/menusearch.jhtml?s=100000494&p=RGxdm170YYus&si=1264000007FV5&a=ABA76228-9EFE-4526-87B6-83BC053993C3&n=2011041723
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: microsoft.com\*.update
Trusted Zone: windowsupdate.com\download
DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://tuserver:4343/officescan/console/ClientInstall/WinNTChk.cab
DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} - hxxps://tuserver:4343/officescan/console/ClientInstall/setupini.cab
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://tuserver:4343/officescan/console/ClientInstall/setup.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} - hxxps://tuserver:4343/officescan/console/ClientInstall/RemoveCtrl.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1304568629125
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\docume~1\debbi\locals~1\applic~1\skype\shared\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs:
IFEO: image file execution options - svchost.exe
IFEO: a.exe - svchost.exe
IFEO: aAvgApi.exe - svchost.exe
IFEO: AAWTray.exe - svchost.exe
IFEO: About.exe - svchost.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2007-4-6 3456]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2009-12-18 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-12-18 174720]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [2009-12-19 55056]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [2009-12-19 160912]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [2009-12-19 160912]
S3 PTDMWFLT;PTDMWWAN Filter Driver;c:\windows\system32\drivers\PTDMWFLT.sys [2009-12-19 13456]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [2009-12-19 118800]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]
S4 iComment Upgrade Service;iComment Upgrade Service;"c:\program files\icomment 2.1.22\upgradeservice.exe" --> c:\program files\icomment 2.1.22\UpgradeService.exe [?]
.
=============== Created Last 30 ================
.
2011-05-16 01:04:44 -------- d-----w- c:\windows\system32\LogFiles
2011-04-28 01:02:54 -------- d-----w- c:\docume~1\debbi\applic~1\simppulltoolbar
2011-04-24 09:56:03 192512 --sha-w- c:\windows\system32\fc10a.dll
2011-04-24 08:06:36 -------- d-----w- c:\docume~1\debbi\applic~1\bsbandmltbpi
2011-04-24 08:00:07 -------- d-----w- c:\docume~1\debbi\applic~1\mediabarbs
2011-04-24 08:00:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\52DE
2011-04-24 07:59:50 -------- d-----w- c:\docume~1\debbi\locals~1\applic~1\BearShare
2011-04-24 07:59:01 -------- d-----w- c:\program files\BearShare Applications
2011-04-24 07:38:54 -------- d-----w- c:\docume~1\alluse~1\applic~1\Fighters
2011-04-24 05:27:46 -------- d-----w- c:\docume~1\debbi\applic~1\com.w3i.plyt
2011-04-24 04:34:12 -------- d-----w- c:\docume~1\debbi\locals~1\applic~1\PackageAware
2011-04-24 04:33:03 -------- d-----w- c:\program files\common files\Symantec Shared
2011-04-24 04:26:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\EmailNotifier
2011-04-24 04:25:59 -------- d-----w- c:\program files\simppulltoolbar
2011-04-24 04:04:12 -------- d-----w- c:\docume~1\debbi\applic~1\ooVoo Details
2011-04-24 04:00:16 -------- d-----w- c:\docume~1\alluse~1\applic~1\WeCareReminder
2011-04-24 03:59:14 -------- d-----w- c:\program files\Yahoo!
2011-04-22 19:47:06 -------- d-----w- c:\docume~1\debbi\applic~1\iComment
2011-04-22 19:47:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\iComment
2011-04-22 19:47:05 -------- d-----w- c:\docume~1\debbi\applic~1\Sammsoft
2011-04-22 19:47:05 -------- d-----w- c:\docume~1\debbi\applic~1\Rubar-Toolbar
.
==================== Find3M ====================
.
2011-03-12 03:40:50 2637824 --sha-w- c:\docume~1\alluse~1\applic~1\0da83b50-2456-4866-a410-63f93f40654e_36.avi
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-18 23:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
.
============= FINISH: 21:15:40.40 ===============
Jack&Jill
2011-05-18, 18:54
Hello jhawke :),
You may keep Microsoft Office 2000 Small Business. We will come back for the rest of the programs in a while.
Lets begin with uninstalling Spybot, then proceed with the following steps.
--------------------
Please download RegQuery© by Noviciate and save it to your desktop. Click here. (http://rathat.geekstogo.com/Applications/RegQuery.exe)
Double click on RegQuery.exe to run the program.
Copy and paste the following text into the white box:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options
Click the Query button. A Notepad file will open, please save it to a convenient location and post the contents of the report in your reply.
Click Exit to close the program.
--------------------
Please download Malwarebytes' Anti-Malware (MBAM)© from Malwarebytes and save it to your desktop. Click here. (http://www.malwarebytes.org/mbam-download.php)
Run MBAM
Double click on mbam-setup.exe and follow the prompts to install the program.
At the end of installation, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
MBAM will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update mirror, select one of the websites and click on Check for Updates.
Upon completion of update and loading, select the Scanner tab. Click on Perform full scan, then click on Scan.
Leave the default options as it is and click on Start Scan.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process.
When done, you will be prompted. Click OK, then click on Show Results.
Check (tick) all items except items in the C:\System Volume Information folder and click on Remove Selected.
After it has removed the items, a log in Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.
If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware. If you receive an (Error Loading) error on reboot, please reboot a second time . It is normal for this error to occur once and does not need to be reported unless it returns on future reboots.
--------------------
Please post back:
1. the RegQuery result
2. MBAM report
Hi Jack&Jill :alien:
Here are the reports requested
1. the RegQuery result
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aAvgApi.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AAWTray.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\About.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ackwin32.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Ad-Aware.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\adaware.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\advxdwin.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AdwarePrj.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\agent.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\agentsvr.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\agentw.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\alertsvc.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\alevir.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\alogserv.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AlphaAV]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AlphaAV.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AluSchedulerSvc.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\amon9x.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\anti-trojan.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Anti-Virus Professional.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AntispywarXP2009.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\antivirus.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AntivirusPlus]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AntivirusPlus.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AntivirusPro_2010.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AntivirusXP]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AntivirusXP.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\antivirusxppro2009.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AntiVirus_Pro.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ants.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\apimonitor.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\apitrap.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aplica32.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\apvxdwin.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\arr.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Arrakis3.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashAvast.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashBug.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashChest.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashCnsnt.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashDisp.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashLogV.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashMaiSv.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashPopWz.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashQuick.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashServ.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashSimp2.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashSimpl.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashSkPcc.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashSkPck.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashUpd.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashWebSv.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ASSTE.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswChLic.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswRegSvr.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswRunDll.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswUpdSv.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\atcon.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\atguard.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\atro55en.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\atupdater.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\atwatch.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\au.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aupdate.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\auto-protect.nav80try.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autodown.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autotrace.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autoupdate.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\av360.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avadmin.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVCare.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avcenter.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avciman.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avconfig.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avconsol.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ave32.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVENGINE.EXE]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgcc32.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgchk.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgcmgr.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgcsrvx.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgctrl.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgdumpx.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgemc.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgiproxy.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgnsx.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgnt.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgrsx.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgscanx.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgserv.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgserv9.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgsrmax.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgtray.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgui.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgupd.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgw.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgwdsvc.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avkpop.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avkserv.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avkservice.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avkwctl9.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avltmain.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avmailc.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avmcdlg.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avnotify.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avnt.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avp32.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avpcc.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avpdos32.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avpm.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avptc32.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avpupd.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avsched32.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVSTE.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avsynmgr.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avupgsvc.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVWEBGRD.EXE]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avwin.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avwin95.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avwinnt.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avwsc.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avwupd.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avwupd32.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avwupsrv.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avxmonitor9x.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avxmonitornt.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avxquar.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\b.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\backweb.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bargains.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdagent.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdfvcl.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdfvwiz.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\BDInProcPatch.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdmcon.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\BDMsnScan.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdreinit.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdsubwiz.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\BDSurvey.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdtkexec.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdwizreg.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bd_professional.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\beagle.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\belt.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bidef.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bidserver.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bipcp.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bipcpevalsetup.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bisp.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\blackd.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\blackice.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\blink.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\blss.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bootconf.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bootwarn.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\borg2.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bpc.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\brasil.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\brastk.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\brw.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bs120.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bspatch.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bundle.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bvt.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\c.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cavscan.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccapp.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccevtmgr.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccpxysvc.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccSvcHst.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cdp.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfd.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfgwiz.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfiadmin.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfiaudit.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfinet.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfinet32.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfp.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfpconfg.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfplogvw.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfpupdat.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Cl.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\claw95.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\claw95cf.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\clean.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cleaner.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cleaner3.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cleanIELow.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cleanpc.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Cleanup.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\click.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cmd32.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cmdagent.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cmesys.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cmgrdian.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cmon016.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\connectionmonitor.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\control]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cpd.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cpf9x206.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cpfnt206.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cqw32.exe]
"ApplicationGoo"=hex:14,02,00,00,10,02,00,00,00,02,00,00,90,04,34,00,00,00,56,\
00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,\
46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,00,00,07,00,0b,00,00,00,00,\
00,07,00,0b,00,00,00,3f,00,00,00,02,00,00,00,04,00,01,00,01,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,44,00,00,00,01,00,56,00,61,00,72,00,46,00,69,\
00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,00,00,24,00,04,00,00,00,54,00,\
72,00,61,00,6e,00,73,00,6c,00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,00,09,\
04,e4,04,f0,03,00,00,01,00,53,00,74,00,72,00,69,00,6e,00,67,00,46,00,69,00,\
6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,cc,03,00,00,01,00,30,00,34,00,30,\
00,39,00,30,00,34,00,45,00,34,00,00,00,4a,00,19,00,01,00,43,00,6f,00,6d,00,\
6d,00,65,00,6e,00,74,00,73,00,00,00,43,00,72,00,79,00,73,00,74,00,61,00,6c,\
00,20,00,53,00,51,00,4c,00,20,00,44,00,65,00,73,00,69,00,67,00,6e,00,65,00,\
72,00,20,00,37,00,2e,00,30,00,00,00,00,00,88,00,34,00,01,00,43,00,6f,00,6d,\
00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,00,00,53,00,65,00,\
61,00,67,00,61,00,74,00,65,00,20,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,\
00,65,00,20,00,49,00,6e,00,66,00,6f,00,72,00,6d,00,61,00,74,00,69,00,6f,00,\
6e,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,20,\
00,47,00,72,00,6f,00,75,00,70,00,2c,00,20,00,49,00,6e,00,63,00,2e,00,00,00,\
ae,00,45,00,01,00,4c,00,65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,\
00,69,00,67,00,68,00,74,00,00,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,\
68,00,74,00,20,00,28,00,63,00,29,00,20,00,31,00,39,00,39,00,31,00,2d,00,31,\
00,39,00,39,00,10,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\crashrep.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\csc.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cssconfg.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cssupdat.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cssurf.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ctrl.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cv.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cwnb181.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cwntdwmo.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\d.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\datemanager.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dcomx.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\defalert.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\defscangui.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\defwatch.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\deloeminfs.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\deputy.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\divx.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\divx.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\divxdec.ax]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DJSMAR00.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dllcache.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dllreg.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\doors.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dop.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dpf.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dpfsetup.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dpps2.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\driverctrl.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DRMINST.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwatson.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drweb32.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwebupw.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dssagent.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dvp95.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dvp95_0.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ecengine.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\efpeadm.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\egui.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ekrn.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\emsw.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\enc98.EXE]
"DisableHeapLookAside"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EncodeDivXExt.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EncryptPatchVer.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ent.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\esafe.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\escanhnt.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\escanv95.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\espwatch.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ethereal.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\etrustcipe.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\evpn.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\exantivirus-cnet.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\exe.avxw.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\expert.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explore.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\f-agnt95.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\f-prot.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\f-prot95.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\f-stopw.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fact.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fameh32.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fast.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fch32.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fih32.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\findviru.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\firewall.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fixcfg.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fixfp.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fnrb32.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fp-win.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fp-win_trial.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fprot.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\frmwrk32.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\front.exe]
"ApplicationGoo"=hex:54,09,00,00,54,02,00,00,00,02,00,00,8c,03,34,00,00,00,56,\
00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,\
46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,02,00,a8,11,2e,04,00,00,02,\
00,a8,11,2e,04,00,00,3f,00,00,00,20,00,00,00,04,00,00,00,01,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,ec,02,00,00,01,00,53,00,74,00,72,00,69,00,6e,\
00,67,00,46,00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,c8,02,00,00,\
01,00,30,00,30,00,30,00,30,00,30,00,34,00,62,00,30,00,00,00,38,00,10,00,01,\
00,43,00,6f,00,6d,00,6d,00,65,00,6e,00,74,00,73,00,00,00,4f,00,72,00,69,00,\
67,00,6e,00,61,00,6c,00,20,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,\
00,42,00,11,00,01,00,43,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,\
6d,00,65,00,00,00,00,00,53,00,41,00,50,00,20,00,41,00,47,00,2c,00,20,00,57,\
00,61,00,6c,00,6c,00,64,00,6f,00,72,00,66,00,00,00,00,00,5a,00,19,00,01,00,\
46,00,69,00,6c,00,65,00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,00,69,\
00,6f,00,6e,00,00,00,00,00,53,00,41,00,50,00,20,00,46,00,72,00,6f,00,6e,00,\
74,00,65,00,6e,00,64,00,20,00,66,00,6f,00,72,00,20,00,57,00,69,00,6e,00,64,\
00,6f,00,77,00,73,00,00,00,00,00,3c,00,0e,00,01,00,46,00,69,00,6c,00,65,00,\
56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,00,00,34,00,35,00,32,00,30,\
00,2e,00,32,00,2e,00,30,00,2e,00,31,00,30,00,37,00,30,00,00,00,32,00,09,00,\
01,00,49,00,6e,00,74,00,65,00,72,00,6e,00,61,00,6c,00,4e,00,61,00,6d,00,65,\
00,00,00,46,00,45,00,57,00,46,00,52,00,4f,00,4e,00,54,00,00,00,00,00,7a,00,\
2b,00,01,00,4c,00,65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,00,69,\
00,67,00,68,00,02,00,00,00,00,00,00,00,01,00,00,00,4c,00,00,00,3c,fd,06,00,\
04,00,00,00,00,00,00,00,65,05,00,00,02,00,00,00,03,00,00,00,00,00,01,00,53,\
00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,61,00,63,00,6b,00,20,00,\
33,00,00,00,23,00,54,02,00,00,00,02,00,00,8c,03,34,00,00,00,56,00,53,00,5f,\
00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,46,00,4f,00,\
00,00,00,00,bd,04,ef,fe,00,00,01,00,03,00,9e,11,26,04,00,00,03,00,9e,11,26,\
04,00,00,3f,00,00,00,20,00,00,00,04,00,00,00,01,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,ec,02,00,00,01,00,53,00,74,00,72,00,69,00,6e,00,67,00,46,\
00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,c8,02,00,00,01,00,30,00,\
30,00,30,00,30,00,30,00,34,00,62,00,30,00,00,00,38,00,10,00,01,00,43,00,6f,\
00,6d,00,6d,00,65,00,6e,00,74,00,73,00,00,00,4f,00,72,00,69,00,67,00,6e,00,\
61,00,6c,00,20,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,42,00,11,\
00,01,00,43,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,\
00,00,00,00,53,00,41,00,50,00,20,00,41,00,47,00,2c,00,20,00,57,00,61,00,6c,\
00,6c,00,64,00,6f,00,72,00,66,00,00,00,00,00,5a,00,19,00,01,00,46,00,69,00,\
6c,00,65,00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,00,69,00,6f,00,6e,\
00,00,00,00,00,53,00,41,00,50,00,20,00,46,00,72,00,6f,00,6e,00,74,00,65,00,\
6e,00,64,00,20,00,66,00,6f,00,72,00,20,00,57,00,69,00,6e,00,64,00,6f,00,77,\
00,73,00,00,00,00,00,3c,00,0e,00,01,00,46,00,69,00,6c,00,65,00,56,00,65,00,\
72,00,73,00,69,00,6f,00,6e,00,00,00,00,00,34,00,35,00,31,00,30,00,2e,00,33,\
00,2e,00,30,00,2e,00,31,00,30,00,36,00,32,00,00,00,32,00,09,00,01,00,49,00,\
6e,00,74,00,65,00,72,00,6e,00,61,00,6c,00,4e,00,61,00,6d,00,65,00,00,00,46,\
00,45,00,57,00,46,00,52,00,4f,00,4e,00,54,00,00,00,00,00,7a,00,2b,00,01,00,\
4c,00,65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,\
00,02,00,00,00,00,00,00,00,01,00,00,00,4c,00,00,00,3c,fd,06,00,04,00,00,00,\
00,00,00,00,65,05,00,00,02,00,00,00,03,00,00,00,00,00,01,00,53,00,65,00,72,\
00,76,00,69,00,63,00,65,00,20,00,50,00,61,00,63,00,6b,00,20,00,33,00,00,00,\
23,00,54,02,00,00,00,02,00,00,20,03,34,00,00,00,56,00,53,00,5f,00,56,00,45,\
00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,46,00,4f,00,00,00,00,00,\
bd,04,ef,fe,00,00,01,00,00,00,04,00,f0,03,00,00,00,00,04,00,f0,03,00,00,3f,\
00,00,00,00,00,00,00,04,00,01,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,7e,02,00,00,01,00,53,00,74,00,72,00,69,00,6e,00,67,00,46,00,69,00,6c,\
00,65,00,49,00,6e,00,66,00,6f,00,00,00,5a,02,00,00,01,00,30,00,34,00,30,00,\
39,00,30,00,34,00,45,00,34,00,00,00,2e,00,07,00,01,00,43,00,6f,00,6d,00,70,\
00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,00,00,53,00,41,00,50,00,\
20,00,41,00,47,00,00,00,00,00,5a,00,19,00,01,00,46,00,69,00,6c,00,65,00,44,\
00,65,00,73,00,63,00,72,00,69,00,70,00,74,00,69,00,6f,00,6e,00,00,00,00,00,\
53,00,41,00,50,00,20,00,46,00,72,00,6f,00,6e,00,74,00,65,00,6e,00,64,00,20,\
00,66,00,6f,00,72,00,20,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,00,00,\
00,00,36,00,0b,00,01,00,46,00,69,00,6c,00,65,00,56,00,65,00,72,00,73,00,69,\
00,6f,00,6e,00,00,00,00,00,34,00,2e,00,30,00,2e,00,30,00,2e,00,31,00,30,00,\
30,00,38,00,00,00,00,00,2c,00,06,00,01,00,49,00,6e,00,74,00,65,00,72,00,6e,\
00,61,00,6c,00,4e,00,61,00,6d,00,65,00,00,00,46,00,52,00,4f,00,4e,00,54,00,\
00,00,5e,00,1d,00,01,00,4c,00,65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,\
00,72,00,69,00,67,00,68,00,74,00,00,00,43,00,6f,00,70,00,79,00,72,00,69,00,\
67,00,68,00,74,00,20,00,a9,00,20,00,31,00,39,00,39,00,33,00,2d,00,31,00,39,\
00,39,00,37,00,20,00,53,00,41,00,50,00,20,00,41,00,47,00,00,00,00,00,28,00,\
00,00,01,00,4c,00,65,00,67,00,61,00,6c,00,54,00,72,00,61,00,64,00,02,00,00,\
00,00,00,00,00,01,00,00,00,4c,00,00,00,3c,fd,06,00,04,00,00,00,00,00,00,00,\
65,05,00,00,02,00,00,00,03,00,00,00,00,00,01,00,53,00,65,00,72,00,76,00,69,\
00,63,00,65,00,20,00,50,00,61,00,63,00,6b,00,20,00,33,00,00,00,23,00,54,02,\
00,00,00,02,00,00,18,03,34,00,00,00,56,00,53,00,5f,00,56,00,45,00,52,00,53,\
00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,46,00,4f,00,00,00,00,00,bd,04,ef,fe,\
00,00,01,00,00,00,04,00,dd,03,00,00,00,00,04,00,dd,03,00,00,3f,00,00,00,00,\
00,00,00,04,00,01,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,78,02,\
00,00,01,00,53,00,74,00,72,00,69,00,6e,00,67,00,46,00,69,00,6c,00,65,00,49,\
00,6e,00,66,00,6f,00,00,00,54,02,00,00,01,00,30,00,34,00,30,00,39,00,30,00,\
34,00,45,00,34,00,00,00,2e,00,07,00,01,00,43,00,6f,00,6d,00,70,00,61,00,6e,\
00,79,00,4e,00,61,00,6d,00,65,00,00,00,00,00,53,00,41,00,50,00,20,00,41,00,\
47,00,00,00,00,00,5a,00,19,00,01,00,46,00,69,00,6c,00,65,00,44,00,65,00,73,\
00,63,00,72,00,69,00,70,00,74,00,69,00,6f,00,6e,00,00,00,00,00,53,00,41,00,\
50,00,20,00,46,00,72,00,6f,00,6e,00,74,00,65,00,6e,00,64,00,20,00,66,00,6f,\
00,72,00,20,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,00,00,00,00,34,00,\
0a,00,01,00,46,00,69,00,6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,\
00,00,00,00,00,34,00,2e,00,30,00,2e,00,30,00,2e,00,39,00,38,00,39,00,00,00,\
2c,00,06,00,01,00,49,00,6e,00,74,00,65,00,72,00,6e,00,61,00,6c,00,4e,00,61,\
00,6d,00,65,00,00,00,46,00,52,00,4f,00,4e,00,54,00,00,00,5e,00,1d,00,01,00,\
4c,00,65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,\
00,74,00,00,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,00,74,00,20,00,\
a9,00,20,00,31,00,39,00,39,00,33,00,2d,00,31,00,39,00,39,00,37,00,20,00,53,\
00,41,00,50,00,20,00,41,00,47,00,00,00,00,00,28,00,00,00,01,00,4c,00,65,00,\
67,00,61,00,6c,00,54,00,72,00,61,00,64,00,65,00,6d,00,02,00,00,00,00,00,00,\
00,01,00,00,00,4c,00,00,00,3c,fd,06,00,04,00,00,00,00,00,00,00,65,05,00,00,\
02,00,00,00,03,00,00,00,00,00,01,00,53,00,65,00,72,00,76,00,69,00,63,00,65,\
00,20,00,50,00,61,00,63,00,6b,00,20,00,33,00,00,00,23,00
1. the RegQuery result continued
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\frw.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsaa.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav32.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav530stbyb.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav530wtbyb.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav95.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsgk32.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsm32.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsma32.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsmb32.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fullsoft.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\gator.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\gav.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\gbmenu.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\gbn976rl.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\gbpoll.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GBROWSER.DLL]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\generics.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\gmt.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guard.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guarddog.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardgui.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hacktracersetup.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hbinst.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hbsrv.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\History.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\homeav2010.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hotactio.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hotpatch.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\htlog.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\htmlmarq.ocx]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\htmlmm.ocx]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\htpatch.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hwpe.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hxdl.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hxiul.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iamapp.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iamserv.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iamstats.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ibmasn.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ibmavsp.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\icload95.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\icloadnt.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\icmon.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\icsupp95.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\icsuppnt.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Identity.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\idle.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iedll.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iedriver.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IEShow.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iface.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ifw2000.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\inetlnfo.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\infus.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\infwin.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\init.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\init32.exe ]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\install.exe]
"ApplicationGoo"=hex:58,02,00,00,54,02,00,00,00,02,00,00,6c,07,34,00,00,00,56,\
00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,\
46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,05,00,05,00,07,00,a8,07,05,\
00,05,00,07,00,a8,07,3f,00,00,00,00,00,00,00,04,00,04,00,01,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,cc,06,00,00,01,00,53,00,74,00,72,00,69,00,6e,\
00,67,00,46,00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,54,03,00,00,\
01,00,30,00,34,00,30,00,39,00,30,00,34,00,42,00,30,00,00,00,18,00,00,00,01,\
00,43,00,6f,00,6d,00,6d,00,65,00,6e,00,74,00,73,00,00,00,4c,00,16,00,01,00,\
43,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,00,\
00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,43,00,6f,00,\
72,00,70,00,6f,00,72,00,61,00,74,00,69,00,6f,00,6e,00,00,00,68,00,20,00,01,\
00,46,00,69,00,6c,00,65,00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,00,\
69,00,6f,00,6e,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,\
00,74,00,20,00,45,00,78,00,63,00,68,00,61,00,6e,00,67,00,65,00,20,00,53,00,\
65,00,72,00,76,00,65,00,72,00,20,00,53,00,65,00,74,00,75,00,70,00,00,00,36,\
00,0b,00,01,00,46,00,69,00,6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,\
6e,00,00,00,00,00,35,00,2e,00,35,00,2e,00,31,00,39,00,36,00,30,00,2e,00,37,\
00,00,00,00,00,2c,00,06,00,01,00,49,00,6e,00,74,00,65,00,72,00,6e,00,61,00,\
6c,00,4e,00,61,00,6d,00,65,00,00,00,53,00,65,00,74,00,75,00,70,00,00,00,9c,\
00,3c,00,01,00,4c,00,65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,00,\
69,00,67,00,68,00,74,00,00,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,\
00,74,00,20,00,02,00,00,00,00,00,00,00,01,00,00,00,4c,00,00,00,3c,fd,06,00,\
05,00,00,00,00,00,00,00,65,05,00,00,02,00,00,00,03,00,00,00,02,00,00,00,53,\
00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,61,00,63,00,6b,00,20,00,\
34,00,00,00,23,00
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\install[1].exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\install[2].exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\install[3].exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\install[4].exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\install[5].exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\intdel.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\intren.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iomon98.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ishscan.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ISSTE.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\istsvc.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jammer.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\javai.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jdbgmrg.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jedi.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\JsRcGen.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jvm.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jvm_g.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavlite40eng.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavpers40eng.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavpf.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kazza.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\keenvalue.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kerio-pf-213-en-win.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kerio-wrl-421-en-win.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kerio-wrp-421-en-win.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\killprocesssetup161.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ldnetmon.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ldpro.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ldpromenu.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ldscan.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\licmgr.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\livesrv.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lnetinfo.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\loader.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\localnet.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lockdown.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lockdown2000.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lookout.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lordpe.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lsetup.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\luall.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\luau.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lucomserver.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\luinit.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\luspt.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\main123w.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MalwareRemoval.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mapisvc32.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcagent.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcmnhdlr.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcmscsvc.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcnasvc.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcproxy.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\McSACore.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcshell.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcshield.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcsysmon.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mctool.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcupdate.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcvsrte.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcvsshld.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\md.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mfin32.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mfw2en.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mfweng3.02d30.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mgavrtcl.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mgavrte.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mghtml.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mgui.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\minilog.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mmod.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mngreg32.exe]
"ApplicationGoo"=hex:58,02,00,00,54,02,00,00,00,02,00,00,44,02,34,00,00,00,56,\
00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,\
46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,01,00,01,00,0c,00,00,00,01,\
00,01,00,0c,00,00,00,00,00,00,00,00,00,00,00,04,00,00,00,01,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,44,00,00,00,00,00,56,00,61,00,72,00,46,00,69,\
00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,00,00,24,00,04,00,00,00,54,00,\
72,00,61,00,6e,00,73,00,6c,00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,00,09,\
04,b0,04,a4,01,00,00,01,00,53,00,74,00,72,00,69,00,6e,00,67,00,46,00,69,00,\
6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,80,01,00,00,01,00,30,00,34,00,30,\
00,39,00,30,00,34,00,42,00,30,00,00,00,40,00,20,00,01,00,43,00,6f,00,6d,00,\
70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,00,00,44,00,65,00,4c,\
00,6f,00,72,00,6d,00,65,00,20,00,4d,00,61,00,70,00,70,00,69,00,6e,00,67,00,\
00,00,44,00,22,00,01,00,50,00,72,00,6f,00,64,00,75,00,63,00,74,00,4e,00,61,\
00,6d,00,65,00,00,00,00,00,52,00,65,00,67,00,20,00,28,00,44,00,4c,00,69,00,\
62,00,62,00,79,00,5c,00,6d,00,73,00,66,00,29,00,00,00,00,00,34,00,14,00,01,\
00,46,00,69,00,6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,\
00,00,31,00,2e,00,30,00,31,00,2e,00,30,00,30,00,31,00,32,00,00,00,38,00,14,\
00,01,00,50,00,72,00,6f,00,64,00,75,00,63,00,74,00,56,00,65,00,72,00,73,00,\
69,00,6f,00,6e,00,00,00,31,00,2e,00,30,00,31,00,2e,00,30,00,30,00,31,00,32,\
00,00,00,34,00,12,00,01,00,49,00,6e,00,74,00,65,00,72,00,6e,00,61,00,6c,00,\
4e,00,61,00,6d,00,65,00,00,00,4d,00,4e,00,47,00,52,00,45,00,47,00,33,00,32,\
00,00,00,00,00,02,00,00,00,00,00,00,00,01,00,00,00,4c,00,00,00,3c,fd,06,00,\
04,00,00,00,00,00,00,00,65,05,00,00,02,00,00,00,03,00,00,00,00,00,01,00,53,\
00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,61,00,63,00,6b,00,20,00,\
33,00,00,00,23,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\monitor.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\moolive.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mostat.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mpfagent.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mpfservice.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MPFSrv.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mpftray.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mrflux.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mrt.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msa.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msapp.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MSASCui.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msbb.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msblast.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscache.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msccn32.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msci_uno.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscman.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msconfig]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscoree.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscorsvr.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscorwks.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msdm.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msdos.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msfwsvc.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msiexec16.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msjava.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mslaugh.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msmgt.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MsMpEng.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msmsgri32.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mso.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msseces.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mssmmc32.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mssys.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msvxd.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mu0311ad.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mwatch.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\n32scanw.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nav.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navap.navapsvc.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navapsvc.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navapw32.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navdx.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navlu32.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navnt.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVOPTRF.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navstub.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navw32.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navwnt.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nc2000.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ncinst4.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ndd32.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\neomonitor.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\neowatchlog.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netarmor.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netd32.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netinfo.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netmon.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netscanpro.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netspyhunter-1.2.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netutils.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NeVideoFX.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nisserv.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nisum.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nmain.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\normist.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\norton_internet_secu_3.0_407.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\notstart.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\npf40_tw_98_nt_me_2k.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\npfmessenger.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NPMLIC.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nprotect.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\npscheck.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\npssvc.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nsched32.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nssys32.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nstask32.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nsupdate.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NSWSTE.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nt.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ntrtscan.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ntvdm.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ntxconfig.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nui.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nupgrade.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nvarch16.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nvc95.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nvsvc32.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nwinst4.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nwservice.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nwtool16.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\OAcat.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\OAhlp.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\OAReg.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\oasrv.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\oaui.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\oaview.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\OcHealthMon.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ODSW.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ollydbg.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\OLT.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\onsrvr.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\optimize.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ostronet.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\otfix.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\outpost.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\outpostinstall.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\outpostproinstall.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ozn695m5.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\padmin.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\panixk.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\patch.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pav.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavcl.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PavFnSvr.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavproxy.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavprsrv.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavsched.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavsrv51.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavw.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pc.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pccwin98.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pcfwallicon.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pcip10117_0.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pcscan.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pctsAuxs.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pctsGui.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pctsSvc.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pctsTray.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PC_Antispyware2010.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pdfndr.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pdsetup.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PerAvir.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\periscope.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\persfw.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\personalguard]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\personalguard.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\perswf.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pf2.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pfwadmin.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pgmonitr.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\photohse.EXE]
"GlobalFlag"="0x00200000"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pingscan.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\platin.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PMSTE.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pop3trap.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\poproxy.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\popscan.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\portdetective.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\portmonitor.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\powerscan.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ppinupdt.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pptbc.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ppvstop.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ppw32hlp.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\printhse.EXE]
"GlobalFlag"="0x00200000"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\prizesurfer.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\prmt.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\prmvr.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\procdump.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\processmonitor.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\procexplorerv1.0.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\programauditor.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\proport.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\protector.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\protectx.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\prwin8.EXE]
"DisableHeapLookAside"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ps80.EXE]
"DisableHeapLookAside"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PSANCU.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PSANHost.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PSANToManager.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PsCtrls.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\psdmt.exe]
"ApplicationGoo"=hex:14,02,00,00,10,02,00,00,00,02,00,00,b4,02,34,00,00,00,56,\
00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,\
46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,35,00,07,00,00,00,00,00,35,\
00,07,00,00,00,00,00,3f,00,00,00,00,00,00,00,04,00,00,00,01,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,12,02,00,00,01,00,53,00,74,00,72,00,69,00,6e,\
00,67,00,46,00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,ee,01,00,00,\
01,00,30,00,34,00,30,00,39,00,30,00,34,00,62,00,30,00,00,00,42,00,11,00,01,\
00,43,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,\
00,00,50,00,65,00,6f,00,70,00,6c,00,65,00,53,00,6f,00,66,00,74,00,2c,00,20,\
00,49,00,6e,00,63,00,2e,00,00,00,00,00,28,00,00,00,01,00,46,00,69,00,6c,00,\
65,00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,00,69,00,6f,00,6e,00,00,\
00,00,00,2a,00,05,00,01,00,46,00,69,00,6c,00,65,00,56,00,65,00,72,00,73,00,\
69,00,6f,00,6e,00,00,00,00,00,37,00,2e,00,35,00,33,00,00,00,00,00,9c,00,3c,\
00,01,00,4c,00,65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,00,69,00,\
67,00,68,00,74,00,00,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,00,74,\
00,20,00,a9,00,20,00,31,00,39,00,38,00,38,00,2d,00,31,00,39,00,39,00,38,00,\
20,00,50,00,65,00,6f,00,70,00,6c,00,65,00,53,00,6f,00,66,00,74,00,2c,00,20,\
00,49,00,6e,00,63,00,2e,00,20,00,20,00,41,00,6c,00,6c,00,20,00,52,00,69,00,\
67,00,68,00,74,00,73,00,20,00,52,00,65,00,73,00,65,00,72,00,76,00,65,00,64,\
00,00,00,3c,00,0a,00,01,00,4f,00,72,00,69,00,67,00,69,00,6e,00,61,00,6c,00,\
46,00,69,00,6c,00,65,00,6e,00,61,00,6d,00,65,00,00,00,70,00,73,00,64,00,6d,\
00,74,00,2e,00,10,00,00,00,00,00,00,00
1. the RegQuery result continued
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PsImSvc.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PskSvc.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pspf.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PSUNMain.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\purge.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qconsole.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qfinder.EXE]
"DisableHeapLookAside"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qh.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qpw.EXE]
"DisableHeapLookAside"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qserver.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Quick Heal.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QuickHealCleaner.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rapapp.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rav7.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rav7win.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rav8win32eng.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ray.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rb32.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rcsync.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\realmon.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\reged.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regedt32.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rescue.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rescue32.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rrguard.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rscdwld.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rshell.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rtvscan.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rtvscn95.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rulaunch.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rwg]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rwg.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SafetyKeeper.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\safeweb.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sahagent.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\salwrap.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Save.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SaveArmor.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SaveDefense.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SaveKeep.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\savenow.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sbserv.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sc.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\scam32.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\scan32.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\scan95.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\scanpm.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\scrscan.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\seccenter.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Secure Veteran.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\secureveteran.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Security Center.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SecurityFighter.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\securitysoldier.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\serv95.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\setloadorder.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\setup.exe]
"ApplicationGoo"=hex:00,07,00,00,54,02,00,00,00,02,00,00,84,07,34,00,00,00,56,\
00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,\
46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,05,00,05,00,07,00,a8,07,05,\
00,05,00,07,00,a8,07,3f,00,00,00,00,00,00,00,04,00,04,00,01,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,e4,06,00,00,01,00,53,00,74,00,72,00,69,00,6e,\
00,67,00,46,00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,60,03,00,00,\
01,00,30,00,34,00,30,00,39,00,30,00,34,00,42,00,30,00,00,00,18,00,00,00,01,\
00,43,00,6f,00,6d,00,6d,00,65,00,6e,00,74,00,73,00,00,00,4c,00,16,00,01,00,\
43,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,00,\
00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,43,00,6f,00,\
72,00,70,00,6f,00,72,00,61,00,74,00,69,00,6f,00,6e,00,00,00,68,00,20,00,01,\
00,46,00,69,00,6c,00,65,00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,00,\
69,00,6f,00,6e,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,\
00,74,00,20,00,45,00,78,00,63,00,68,00,61,00,6e,00,67,00,65,00,20,00,53,00,\
65,00,72,00,76,00,65,00,72,00,20,00,53,00,65,00,74,00,75,00,70,00,00,00,36,\
00,0b,00,01,00,46,00,69,00,6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,\
6e,00,00,00,00,00,35,00,2e,00,35,00,2e,00,31,00,39,00,36,00,30,00,2e,00,37,\
00,00,00,00,00,2c,00,06,00,01,00,49,00,6e,00,74,00,65,00,72,00,6e,00,61,00,\
6c,00,4e,00,61,00,6d,00,65,00,00,00,53,00,65,00,74,00,75,00,70,00,00,00,9e,\
00,3d,00,01,00,4c,00,65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,00,\
69,00,67,00,68,00,74,00,00,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,\
00,74,00,20,00,02,00,00,00,00,00,00,00,01,00,00,00,4c,00,00,00,3c,fd,06,00,\
05,00,00,00,00,00,00,00,65,05,00,00,02,00,00,00,00,00,00,00,00,00,00,00,53,\
00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,61,00,63,00,6b,00,20,00,\
33,00,00,00,24,00,54,02,00,00,00,02,00,00,a4,08,34,00,00,00,56,00,53,00,5f,\
00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,46,00,4f,00,\
00,00,00,00,bd,04,ef,fe,00,00,01,00,05,00,05,00,07,00,a8,07,05,00,05,00,07,\
00,a8,07,3f,00,00,00,00,00,00,00,04,00,04,00,01,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,04,08,00,00,01,00,53,00,74,00,72,00,69,00,6e,00,67,00,46,\
00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,f0,03,00,00,01,00,30,00,\
34,00,30,00,39,00,30,00,34,00,42,00,30,00,00,00,18,00,00,00,01,00,43,00,6f,\
00,6d,00,6d,00,65,00,6e,00,74,00,73,00,00,00,4c,00,16,00,01,00,43,00,6f,00,\
6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,00,00,4d,00,69,\
00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,43,00,6f,00,72,00,70,00,\
6f,00,72,00,61,00,74,00,69,00,6f,00,6e,00,00,00,68,00,20,00,01,00,46,00,69,\
00,6c,00,65,00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,00,69,00,6f,00,\
6e,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,\
00,45,00,78,00,63,00,68,00,61,00,6e,00,67,00,65,00,20,00,53,00,65,00,72,00,\
76,00,65,00,72,00,20,00,53,00,65,00,74,00,75,00,70,00,00,00,36,00,0b,00,01,\
00,46,00,69,00,6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,\
00,00,35,00,2e,00,35,00,2e,00,31,00,39,00,36,00,30,00,2e,00,37,00,00,00,00,\
00,2c,00,06,00,01,00,49,00,6e,00,74,00,65,00,72,00,6e,00,61,00,6c,00,4e,00,\
61,00,6d,00,65,00,00,00,53,00,65,00,74,00,75,00,70,00,00,00,a6,00,41,00,01,\
00,4c,00,65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,\
68,00,74,00,00,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,00,74,00,20,\
00,02,00,00,00,00,00,00,00,01,00,00,00,4c,00,00,00,3c,fd,06,00,05,00,00,00,\
00,00,00,00,65,05,00,00,02,00,00,00,00,00,00,00,00,00,00,00,53,00,65,00,72,\
00,76,00,69,00,63,00,65,00,20,00,50,00,61,00,63,00,6b,00,20,00,33,00,00,00,\
24,00,54,02,00,00,00,02,00,00,18,04,34,00,00,00,56,00,53,00,5f,00,56,00,45,\
00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,46,00,4f,00,00,00,00,00,\
bd,04,ef,fe,00,00,01,00,05,00,05,00,07,00,a8,07,05,00,05,00,07,00,a8,07,3f,\
00,00,00,00,00,00,00,04,00,04,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,78,03,00,00,01,00,53,00,74,00,72,00,69,00,6e,00,67,00,46,00,69,00,6c,\
00,65,00,49,00,6e,00,66,00,6f,00,00,00,54,03,00,00,01,00,30,00,34,00,30,00,\
39,00,30,00,34,00,42,00,30,00,00,00,18,00,00,00,01,00,43,00,6f,00,6d,00,6d,\
00,65,00,6e,00,74,00,73,00,00,00,4c,00,16,00,01,00,43,00,6f,00,6d,00,70,00,\
61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,00,00,4d,00,69,00,63,00,72,\
00,6f,00,73,00,6f,00,66,00,74,00,20,00,43,00,6f,00,72,00,70,00,6f,00,72,00,\
61,00,74,00,69,00,6f,00,6e,00,00,00,68,00,20,00,01,00,46,00,69,00,6c,00,65,\
00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,00,69,00,6f,00,6e,00,00,00,\
00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,45,00,78,\
00,63,00,68,00,61,00,6e,00,67,00,65,00,20,00,53,00,65,00,72,00,76,00,65,00,\
72,00,20,00,53,00,65,00,74,00,75,00,70,00,00,00,36,00,0b,00,01,00,46,00,69,\
00,6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,00,00,35,00,\
2e,00,35,00,2e,00,31,00,39,00,36,00,30,00,2e,00,37,00,00,00,00,00,2c,00,06,\
00,01,00,49,00,6e,00,74,00,65,00,72,00,6e,00,61,00,6c,00,4e,00,61,00,6d,00,\
65,00,00,00,53,00,65,00,74,00,75,00,70,00,00,00,9a,00,3b,00,01,00,4c,00,65,\
00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,00,74,00,\
00,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,00,74,00,20,00,02,00,00,\
00,00,00,00,00,01,00,00,00,4c,00,00,00,3c,fd,06,00,05,00,00,00,00,00,00,00,\
65,05,00,00,02,00,00,00,00,00,00,00,00,00,00,00,53,00,65,00,72,00,76,00,69,\
00,63,00,65,00,20,00,50,00,61,00,63,00,6b,00,20,00,33,00,00,00,24,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\setup32.dll]
"ApplicationGoo"=hex:14,02,00,00,10,02,00,00,00,02,00,00,04,03,34,00,00,00,56,\
00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,\
46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,1c,00,08,00,00,00,00,00,00,\
00,08,00,00,00,00,00,3f,00,00,00,00,00,00,00,04,00,00,00,01,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,64,02,00,00,01,00,53,00,74,00,72,00,69,00,6e,\
00,67,00,46,00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,40,02,00,00,\
01,00,30,00,34,00,30,00,39,00,30,00,34,00,62,00,30,00,00,00,44,00,12,00,01,\
00,43,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,\
00,00,43,00,6f,00,72,00,65,00,6c,00,20,00,43,00,6f,00,72,00,70,00,6f,00,72,\
00,61,00,74,00,69,00,6f,00,6e,00,00,00,4e,00,13,00,01,00,46,00,69,00,6c,00,\
65,00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,00,69,00,6f,00,6e,00,00,\
00,00,00,43,00,6f,00,72,00,65,00,6c,00,20,00,53,00,65,00,74,00,75,00,70,00,\
20,00,57,00,69,00,7a,00,61,00,72,00,64,00,00,00,00,00,2c,00,06,00,01,00,46,\
00,69,00,6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,00,00,\
38,00,2e,00,30,00,32,00,38,00,00,00,46,00,13,00,01,00,49,00,6e,00,74,00,65,\
00,72,00,6e,00,61,00,6c,00,4e,00,61,00,6d,00,65,00,00,00,43,00,6f,00,72,00,\
65,00,6c,00,20,00,53,00,65,00,74,00,75,00,70,00,20,00,57,00,69,00,7a,00,61,\
00,72,00,64,00,00,00,00,00,6c,00,24,00,01,00,4c,00,65,00,67,00,61,00,6c,00,\
43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,00,74,00,00,00,43,00,6f,00,70,\
00,79,00,72,00,69,00,67,00,68,00,74,00,20,00,a9,00,20,00,31,00,39,00,39,00,\
37,00,2c,00,20,00,43,00,6f,00,72,00,65,00,6c,00,20,00,43,00,6f,00,72,00,70,\
00,6f,00,72,00,08,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\setupvameeval.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\setup_flowprotector_us.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sevinst.exe]
"ApplicationGoo"=hex:14,02,00,00,10,02,00,00,00,02,00,00,38,03,34,00,00,00,56,\
00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,\
46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,02,00,0a,00,01,00,0a,00,02,\
00,0a,00,01,00,0a,00,00,00,00,00,00,00,00,00,04,00,01,00,01,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,98,02,00,00,01,00,53,00,74,00,72,00,69,00,6e,\
00,67,00,46,00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,74,02,00,00,\
01,00,30,00,34,00,30,00,39,00,30,00,34,00,45,00,34,00,00,00,4a,00,15,00,01,\
00,43,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,\
00,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,20,00,43,00,6f,00,72,\
00,70,00,6f,00,72,00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,00,60,00,1c,00,\
01,00,46,00,69,00,6c,00,65,00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,\
00,69,00,6f,00,6e,00,00,00,00,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,\
63,00,20,00,53,00,79,00,6d,00,65,00,76,00,65,00,6e,00,74,00,20,00,49,00,6e,\
00,73,00,74,00,61,00,6c,00,6c,00,65,00,72,00,00,00,34,00,0a,00,01,00,46,00,\
69,00,6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,00,00,31,\
00,30,00,2e,00,32,00,2e,00,31,00,30,00,2e,00,31,00,00,00,30,00,08,00,01,00,\
49,00,6e,00,74,00,65,00,72,00,6e,00,61,00,6c,00,4e,00,61,00,6d,00,65,00,00,\
00,53,00,45,00,56,00,49,00,4e,00,53,00,54,00,00,00,7e,00,2d,00,01,00,4c,00,\
65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,00,74,\
00,00,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,00,74,00,20,00,28,00,\
43,00,29,00,20,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,20,00,43,\
00,6f,00,72,00,01,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sgssfw32.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sh.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\shellspyinstall.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\shield.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\shn.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\showbehind.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\signcheck.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\smart.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\smartprotector.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\smc.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\smrtdefp.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sms.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\smss32.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\snetcfg.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\soap.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sofi.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SoftSafeness.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sperm.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\spf.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sphinx.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\spoler.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\spoolcv.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\spoolsv32.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\spywarexpguard.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\spyxx.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\srexe.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\srng.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ss3edit.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ssgrate.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ssg_4104.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\st2.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\start.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\stcloader.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\supftrl.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\support.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\supporter5.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\svc.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\svchostc.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\svchosts.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\svshost.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sweep95.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sweepnet.sweepsrv.sys.swnetsup.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\symlcnet.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\symlcsvc.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\symproxysvc.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\symtray.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\system.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\system32.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sysupd.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tapinstall.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taumon.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tbscan.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tc.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tca.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tcm.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tcore_ebook.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tds-3.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tds2-98.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tds2-nt.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\teekids.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tfak.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tfak5.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TFDTCTT8.DLL]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tgbob.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\titanin.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\titaninxp.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TPSrv.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\trickler.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\trjscan.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\trjsetup.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\trojantrap3.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrustWarrior.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tsadbot.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tsc.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tvmd.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tvtmd.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ua80.EXE]
"DisableHeapLookAside"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\udtapi.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\uiscan.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ums.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\undoboot.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\updat.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\upgrad.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\upgrepl.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\utpost.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vb40032.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbcmserv.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbcons.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbe6.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbust.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbwin9x.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbwinntw.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vcsetup.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vet32.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vet95.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vettray.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vfsetup.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vir-help.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\virusmdpersonalfirewall.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VisthAux.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VisthLic.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VisthUpd.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vnlan300.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vnpc3000.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vpc32.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vpc42.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vpfw30s.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vptray.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vscan40.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vscenu6.02d30.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsched.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsecomr.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vshwin32.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsisetup.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsmain.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsmon.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsserv.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsstat.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vswin9xe.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vswinntse.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vswinperse.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\w32dsm89.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\W3asbas.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\w9x.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\watchdog.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\webdav.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WebProxy.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\webscanx.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\webtrap.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wfindv32.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\whoswatchingme.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wimmun32.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\win-bugsfix.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\win32.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\win32us.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\winactive.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\winav.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\windll32.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\window.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\windows Police Pro.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\windows.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wininetd.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wininitx.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\winlogin.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\winmain.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\winppr32.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\winrecon.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\winservn.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\winss.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\winssk32.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\winssnotify.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WinSSUI.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\winstart.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\winstart001.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wintsk32.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\winupdate.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wkufind.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wnad.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wnt.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wpwin8.EXE]
"DisableHeapLookAside"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wradmin.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wrctrl.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wsbgate.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wscfxas.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wscfxav.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wscfxfw.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wsctool.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wupdater.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wupdt.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wyvernworksfirewall.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xlmlEN.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xpdeluxe.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xpf202en.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xp_antispyware.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xwsetup.EXE]
"ApplicationGoo"=hex:14,02,00,00,10,02,00,00,00,02,00,00,7c,03,34,00,00,00,56,\
00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,\
46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,00,00,01,00,09,00,26,00,00,\
00,01,00,09,00,26,00,3f,00,00,00,00,00,00,00,04,00,00,00,01,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,dc,02,00,00,01,00,53,00,74,00,72,00,69,00,6e,\
00,67,00,46,00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,b8,02,00,00,\
01,00,30,00,34,00,30,00,39,00,30,00,34,00,62,00,30,00,00,00,66,00,27,00,01,\
00,43,00,6f,00,6d,00,6d,00,65,00,6e,00,74,00,73,00,00,00,42,00,75,00,73,00,\
69,00,6e,00,65,00,73,00,73,00,20,00,49,00,6e,00,74,00,65,00,6c,00,6c,00,69,\
00,67,00,65,00,6e,00,63,00,65,00,20,00,6f,00,6e,00,20,00,45,00,76,00,65,00,\
72,00,79,00,20,00,44,00,65,00,73,00,6b,00,74,00,6f,00,70,00,00,00,00,00,48,\
00,14,00,01,00,43,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,\
65,00,00,00,00,00,43,00,6f,00,67,00,6e,00,6f,00,73,00,20,00,49,00,6e,00,63,\
00,6f,00,72,00,70,00,6f,00,72,00,61,00,74,00,65,00,64,00,00,00,60,00,1c,00,\
01,00,46,00,69,00,6c,00,65,00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,\
00,69,00,6f,00,6e,00,00,00,00,00,43,00,6f,00,67,00,6e,00,6f,00,73,00,20,00,\
47,00,65,00,6e,00,65,00,72,00,69,00,63,00,20,00,49,00,6e,00,73,00,74,00,61,\
00,6c,00,6c,00,61,00,74,00,69,00,6f,00,6e,00,00,00,38,00,0c,00,01,00,46,00,\
69,00,6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,00,00,31,\
00,2c,00,20,00,30,00,2c,00,20,00,33,00,38,00,2c,00,20,00,39,00,00,00,30,00,\
08,00,01,00,49,00,6e,00,74,00,65,00,72,00,6e,00,61,00,6c,00,4e,00,61,00,6d,\
00,65,00,00,00,01,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"
"GlobalFlag"="0x000010F0"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zapro.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zapsetup3001.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zatutor.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zonalm2601.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zonealarm.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\_avp32.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\_avpcc.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\_avpm.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\_INSTPGM.EXE]
"ApplicationGoo"=hex:14,02,00,00,10,02,00,00,00,02,00,00,a4,02,34,00,00,00,56,\
00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,\
46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,00,00,01,00,01,00,00,00,00,\
00,01,00,01,00,00,00,3f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,04,02,00,00,01,00,53,00,74,00,72,00,69,00,6e,\
00,67,00,46,00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,e0,01,00,00,\
01,00,30,00,34,00,30,00,39,00,30,00,34,00,45,00,34,00,00,00,20,00,00,00,01,\
00,43,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,\
00,00,58,00,18,00,01,00,46,00,69,00,6c,00,65,00,44,00,65,00,73,00,63,00,72,\
00,69,00,70,00,74,00,69,00,6f,00,6e,00,00,00,00,00,49,00,4e,00,53,00,54,00,\
41,00,4c,00,4c,00,20,00,4d,00,46,00,43,00,20,00,41,00,70,00,70,00,6c,00,69,\
00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,30,00,08,00,01,00,46,00,69,00,\
6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,00,00,31,00,2e,\
00,30,00,2e,00,30,00,30,00,31,00,00,00,30,00,08,00,01,00,49,00,6e,00,74,00,\
65,00,72,00,6e,00,61,00,6c,00,4e,00,61,00,6d,00,65,00,00,00,49,00,4e,00,53,\
00,54,00,41,00,4c,00,4c,00,00,00,24,00,00,00,01,00,4c,00,65,00,67,00,61,00,\
6c,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,00,74,00,00,00,28,00,00,\
00,01,00,4c,00,65,00,67,00,61,00,6c,00,54,00,72,00,61,00,64,00,65,00,6d,00,\
61,00,72,00,6b,00,73,00,00,00,00,00,40,00,0c,00,01,00,4f,00,72,00,69,00,67,\
00,69,00,6e,00,61,00,6c,00,46,00,69,00,6c,00,65,00,6e,00,61,00,6d,00,65,00,\
00,00,49,00,4e,00,53,00,54,00,41,00,4c,00,4c,00,2e,00,45,00,58,00,45,00,00,\
00,30,00,08,00,08,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\~1.exe]
"Debugger"="svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\~2.exe]
2. MBAM report
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6630
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
5/20/2011 4:56:12 PM
mbam-log-2011-05-20 (16-56-12).txt
Scan type: Full scan (C:\|)
Objects scanned: 209224
Time elapsed: 20 minute(s), 15 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 765
Registry Values Infected: 34
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 11
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{02F0243C-2E71-4a1a-A790-6C30888119D0} (PUP.Magoo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{02F0243C-2E71-4A1A-A790-6C30888119D0} (PUP.Magoo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{AEB04B5E-C981-47a9-B847-33EE4C92F6B9} (PUP.Magoo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEB04B5E-C981-47a9-B847-33EE4C92F6B9} (PUP.Magoo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{750fdf0e-2a26-11d1-a3ea-080036587f03} (Spyware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon9x.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti-trojan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Anti-Virus Professional.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntispywarXP2009.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirus.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPro_2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxppro2009.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus_Pro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ants.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apimonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aplica32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashAvast.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashBug.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashChest.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashCnsnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashMaiSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashPopWz.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashQuick.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimp2.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimpl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPck.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashWebSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswChLic.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRegSvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRunDll.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atro55en.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atupdater.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\au.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto-protect.nav80try.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autodown.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autotrace.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avciman.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ave32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgchk.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrvx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgdumpx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgiproxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnsx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgscanx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv9.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgsrmax.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgtray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkpop.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkservice.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwctl9.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avltmain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmailc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmcdlg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpdos32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpm.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avptc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsched32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsynmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avupgsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwinnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwsc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitor9x.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitornt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxquar.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\b.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\backweb.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bargains.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvcl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvwiz.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDInProcPatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdmcon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDMsnScan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDSurvey.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bd_professional.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\belt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidef.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidserver.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcpevalsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bisp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackice.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blink.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blss.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootconf.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootwarn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\borg2.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brasil.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bs120.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bspatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundle.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bvt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\c.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cavscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccevtmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccpxysvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cdp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfgwiz.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiaudit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpconfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfplogvw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95cf.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clean.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner3.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanIELow.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanpc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\click.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmesys.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmgrdian.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmon016.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\connectionmonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\control (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf9x206.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpfnt206.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\crashrep.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssconfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssupdat.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssurf.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwnb181.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwntdwmo.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\d.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\datemanager.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dcomx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defalert.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defscangui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deloeminfs.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deputy.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllcache.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllreg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\doors.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpf.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpfsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpps2.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\driverctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwatson.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dssagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95_0.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\efpeadm.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\emsw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\esafe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanhnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanv95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\espwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ethereal.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\etrustcipe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\evpn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exantivirus-cnet.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exe.avxw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\expert.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explore.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-agnt95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-stopw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fact.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fast.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fch32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fih32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\findviru.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firewall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixcfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixfp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win_trial.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frmwrk32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsaa.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530stbyb.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530wtbyb.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsgk32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsm32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsma32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsmb32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gator.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbmenu.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbpoll.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\generics.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gmt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guard.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guarddog.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hacktracersetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbinst.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\History.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotactio.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotpatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htlog.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htpatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hwpe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxdl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxiul.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamapp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamstats.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmasn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmavsp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icload95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icloadnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsupp95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsuppnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Identity.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idle.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedll.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedriver.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEShow.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iface.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ifw2000.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\inetlnfo.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infus.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[1].exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[2].exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[3].exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[4].exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[5].exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\intdel.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\intren.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iomon98.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\istsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jammer.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jdbgmrg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\JsRcGen.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavlite40eng.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpers40eng.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpf.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kazza.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\keenvalue.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-pf-213-en-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrl-421-en-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrp-421-en-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\killprocesssetup161.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldnetmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpromenu.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\licmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lnetinfo.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loader.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\localnet.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown2000.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lookout.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lordpe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luau.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lucomserver.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luinit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luspt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MalwareRemoval.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mapisvc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmnhdlr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmscsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcnasvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcproxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McSACore.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshell.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mctool.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsrte.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\md.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfin32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfw2en.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfweng3.02d30.exe (Security.Hijack) -> Quarantined and deleted successfully.
2. MBAM report continued
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrtcl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrte.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mghtml.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\minilog.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmod.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\moolive.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfservice.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPFSrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpftray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrflux.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrt.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msapp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msbb.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msblast.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscache.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msccn32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscman.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msdm.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msdos.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msfwsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msiexec16.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mslaugh.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmgt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmsgri32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssmmc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssys.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msvxd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mu0311ad.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\n32scanw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navap.navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navdx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navlu32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navstub.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navwnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nc2000.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ncinst4.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndd32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neomonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neowatchlog.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netarmor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netd32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netinfo.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netscanpro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netspyhunter-1.2.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netutils.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisum.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nmain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\normist.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\norton_internet_secu_3.0_407.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notstart.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npf40_tw_98_nt_me_2k.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfmessenger.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nprotect.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npscheck.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npssvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsched32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nssys32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nstask32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntrtscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntxconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nupgrade.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvarch16.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvc95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvsvc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwinst4.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwservice.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwtool16.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAcat.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAhlp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAReg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oasrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaview.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OcHealthMon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ODSW.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ollydbg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OLT.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onsrvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\optimize.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ostronet.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\otfix.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostinstall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostproinstall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\padmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\panixk.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\patch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavcl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PavFnSvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavproxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavprsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsched.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsrv51.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccwin98.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcfwallicon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcip10117_0.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsAuxs.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsGui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsTray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PC_Antispyware2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdfndr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PerAvir.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\periscope.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\persfw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\perswf.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pf2.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfwadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pgmonitr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pingscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pop3trap.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\poproxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\popscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\portdetective.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\portmonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppinupdt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pptbc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppvstop.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prizesurfer.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prmt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prmvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procdump.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\processmonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexplorerv1.0.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\programauditor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\proport.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANCU.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANHost.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANToManager.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsCtrls.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsImSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PskSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pspf.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSUNMain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\purge.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qconsole.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qh.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qserver.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quick Heal.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QuickHealCleaner.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rapapp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7win.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav8win32eng.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rb32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rcsync.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\realmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\reged.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rrguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rscdwld.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rshell.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscn95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rulaunch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeweb.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sahagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Save.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveArmor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveDefense.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveKeep.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\savenow.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sbserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scam32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanpm.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scrscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secure Veteran.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\secureveteran.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Security Center.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityFighter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\securitysoldier.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\serv95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setloadorder.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setupvameeval.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup_flowprotector_us.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sgssfw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sh.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shellspyinstall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shield.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\showbehind.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\signcheck.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smart.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartprotector.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smrtdefp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sms.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smss32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snetcfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\soap.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sofi.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SoftSafeness.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sperm.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spf.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sphinx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolcv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spywarexpguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spyxx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\srexe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\srng.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ss3edit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ssgrate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ssg_4104.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\st2.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\start.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stcloader.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\supftrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\support.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\supporter5.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchostc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchosts.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svshost.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweep95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweepnet.sweepsrv.sys.swnetsup.exe (Security.Hijack) -> Quarantined and deleted successfully.
2. MBAM report continued
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symproxysvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symtray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\system.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\system32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sysupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taumon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tca.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcm.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds-3.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-98.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-nt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\teekids.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak5.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tgbob.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titanin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titaninxp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TPSrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trickler.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trojantrap3.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrustWarrior.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsadbot.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvmd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvtmd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\undoboot.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\updat.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upgrad.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utpost.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcmserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcons.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbust.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwin9x.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwinntw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vettray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vfsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\virusmdpersonalfirewall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthAux.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthLic.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthUpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnlan300.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnpc3000.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc42.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpfw30s.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vptray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscan40.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscenu6.02d30.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsched.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsecomr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vshwin32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsisetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswin9xe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinntse.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinperse.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\w32dsm89.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\W3asbas.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\w9x.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\watchdog.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webdav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WebProxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webtrap.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wfindv32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\whoswatchingme.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wimmun32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\win-bugsfix.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\win32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\win32us.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winactive.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windll32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\window.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows Police Pro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wininetd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wininitx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winlogin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winmain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winppr32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winrecon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winservn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winss.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winssk32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winssnotify.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WinSSUI.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart001.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintsk32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wkufind.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnad.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wradmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wrctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsbgate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxas.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxfw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsctool.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdater.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wyvernworksfirewall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpdeluxe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpf202en.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp_antispyware.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonalm2601.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpm.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe (Security.Hijack) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{750FDF0E-2A26-11D1-A3EA-080036587F03} (Spyware.Agent) -> Value: {750FDF0E-2A26-11D1-A3EA-080036587F03} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\0 (Security.Hijack) -> Value: 0 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\1 (Security.Hijack) -> Value: 1 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\2 (Security.Hijack) -> Value: 2 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\3 (Security.Hijack) -> Value: 3 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\4 (Security.Hijack) -> Value: 4 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\5 (Security.Hijack) -> Value: 5 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\6 (Security.Hijack) -> Value: 6 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\7 (Security.Hijack) -> Value: 7 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\8 (Security.Hijack) -> Value: 8 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\9 (Security.Hijack) -> Value: 9 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\10 (Security.Hijack) -> Value: 10 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\11 (Security.Hijack) -> Value: 11 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\12 (Security.Hijack) -> Value: 12 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\13 (Security.Hijack) -> Value: 13 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\14 (Security.Hijack) -> Value: 14 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\15 (Security.Hijack) -> Value: 15 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Personal Internet Security 2011 (Rogue.PersonalInternetSecurity) -> Value: Personal Internet Security 2011 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\0da83b50-2456-4866-a410-63f93f40654e_36 (Trojan.FakeAlert) -> Value: 0da83b50-2456-4866-a410-63f93f40654e_36 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Arrakis3.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdAgent.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdreinit.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdsubwiz.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdtkexec.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdwizreg.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\livesrv.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\seccenter.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uiscan.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upgrepl.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\documents and settings\debbi\application data\personal internet security 2011 (Rogue.PersonalInternetSecurity) -> Not selected for removal.
Files Infected:
c:\documents and settings\debbi\application data\Sun\Java\deployment\cache\6.0\41\602e1469-7af67039 (Spyware.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP693\A0077714.exe (Spyware.Agent) -> Not selected for removal.
c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP704\A0082124.exe (Rogue.PersonalInternetSecurity) -> Not selected for removal.
c:\WINDOWS\system32\fc10a.dll (Spyware.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\debbi\application data\microsoft\internet explorer\quick launch\personal internet security 2011.lnk (Rogue.PersonalInternetSecurity) -> Quarantined and deleted successfully.
c:\documents and settings\debbi\start menu\Programs\personal internet security 2011.lnk (Rogue.PersonalInternetSecurity) -> Quarantined and deleted successfully.
c:\documents and settings\debbi\start menu\personal internet security 2011.lnk (Rogue.PersonalInternetSecurity) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\0da83b50-2456-4866-a410-63f93f40654e_36.avi (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\0da83b50-2456-4866-a410-63f93f40654e_36.ico (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\debbi\Desktop\system defender.lnk (Rogue.SystemDefender) -> Quarantined and deleted successfully.
c:\documents and settings\debbi\application data\personal internet security 2011\instructions.ini (Rogue.PersonalInternetSecurity) -> Quarantined and deleted successfully.
***END***
Next time if they are so huge should I zip and attach?
Thank you!
JHawke
Jack&Jill
2011-05-22, 05:30
Hello jhawke :),
Next time if they are so huge should I zip and attach? You should :). Do you still have the RegQuery log? Please attach it and the MBAM log as well. Open MBAM and click on the Logs tab. Open the file at the bottom of the list and post back the contents. I will delete your earlier posts to make the thread more readable if we could get the attachments.
Please run DDS again and post back the logs.
--------------------
Please close all programs and do not run any others before and during the Rootkit Unhooker scan. Do not use the computer for anything else until after the scan is completed.
Please download Rootkit Unhooker and save it to your desktop. Click here. (http://www.kernelmode.info/ARKs/RKUnhookerLE.EXE)
Double click RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Ensure the following are checked (ticked):
Drivers
Stealth Code
Files
Code Hooks
Uncheck the rest, then click OK. An initial scan will be performed.
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK.
Wait until the scanner is done, then click on File at the pull down menu, followed by Save Report.
Save the report somewhere you can find it. Click Close to exit.
Copy the entire contents of the report and paste it in your next reply.
You may get a warning about parasite detection. Please click OK to continue.
--------------------
Please download TDSSKiller© from Kaspersky and save it to your desktop. Click here. (http://support.kaspersky.com/downloads/utils/tdsskiller.exe)
Alternatively, you may get the zip version (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and extract the file to the desktop.
Double click on TDSSKiller.exe to execute it.
Press Start scan to begin.
If anything is found, please change all the actions to Skip only.
Then click on Continue at the lower right corner.
You may be prompted to reboot your computer, please consent.
Once complete, a log will be produced at C:\. It will be named TDSSKiller.Version_Date_Time_log.txt, for example, C:\TDSSKiller.2.4.12.0_26.12.2010_23.12.11_log.txt.
Please post the contents of this log.
--------------------
Please post back:
1. the earlier RegQuery and MBAM results as attachments if still available
2. fresh DDS logs
3. Rootkit Unhooker result
4. TDSSKiller log
Hi Jack&Jill!
Hope your day went ok. I did save the RegQuery log, so here they are
1) RegQuery & MBAM - Attached
2) New DDS & attach logs -
3) Rootkit Unhooker Result
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xBF0E3000 C:\WINDOWS\System32\ati3duag.dll 2416640 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB92E0000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 1830912 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBF331000 C:\WINDOWS\System32\ativvaxx.dll 1089536 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xB9E1F000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB5994000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB5C48000 C:\WINDOWS\system32\drivers\Senfilt.sys 393216 bytes (Sensaura, Sensaura WDM 3D Audio Driver)
0xB9193000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB5A9F000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB2E97000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF055000 C:\WINDOWS\System32\ati2cqag.dll 294912 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBF09D000 C:\WINDOWS\System32\atikvmag.dll 286720 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 274432 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xB2943000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB5CCC000 C:\WINDOWS\system32\drivers\ADIHdAud.sys 249856 bytes (Analog Devices, Inc., High Definition Audio Function Driver)
0xB9156000 C:\WINDOWS\system32\DRIVERS\NWADIenum.sys 249856 bytes (Novatel Wireless Inc, NWADI Interface Bus Enumerator)
0xB91F1000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB2F3F000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9DF2000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB5A04000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB925D000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xB5A51000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB5A79000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB5CA8000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB92A8000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB9285000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB5A2F000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9EEB000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9DD8000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB327A000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 98304 bytes (Sonic Solutions, Drive Letter Access Component)
0xB5648000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB9EAC000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB9232000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB3292000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xB3264000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xB9EC3000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
0xB2B62000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB9249000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB92CC000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB5AF8000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9ED9000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB9221000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xBA2B8000 C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 65536 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.1 ethernet driver)
0xB8B3C000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA288000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA2A8000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xBA1A8000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA298000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB2BFF000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA198000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA2C8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA2E8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA1E8000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA278000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA2D8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB5924000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 40960 bytes (Sonic Solutions, Device Driver Manager)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA108000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA308000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA218000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA268000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA2F8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA1D8000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB272B000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA1C8000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA490000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA4A0000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBA418000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA3E8000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA478000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA3E0000 C:\DOCUME~1\debbi\LOCALS~1\Temp\mbr.sys 28672 bytes
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA470000 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS 24576 bytes (Sonic Solutions, Shared Driver Component)
0xBA420000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xBA440000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA448000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA480000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA488000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA430000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA338000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA438000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xBA428000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA410000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xBA370000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB3330000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xB9DA3000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA5A4000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB32E0000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA584000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB8A84000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBA578000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB949F000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xB9D9F000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA588000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xBA54C000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA5E4000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5BE000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Sonic Solutions, Shared Driver Component)
0xBA61C000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA600000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBA5E2000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5E6000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5E8000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5C2000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5DC000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA671000 atiide.sys 4096 bytes (ATI Technologies Inc., ATI SATA(IDE Mode) Controller Driver)
0xBA6FB000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA6BA000 C:\WINDOWS\System32\DLA\DLADResN.SYS 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA761000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA6AF000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
WARNING: Virus alike driver modification [bthpan.sys]
WARNING: Virus alike driver modification [adpu160m.sys]
WARNING: Virus alike driver modification [sffp_mmc.sys]
WARNING: Virus alike driver modification [hsfdpsp2.sys]
WARNING: Virus alike driver modification [atinrvxx.sys]
WARNING: Virus alike driver modification [mup.sys]
WARNING: Virus alike driver modification [NdisIP.sys]
WARNING: Virus alike driver modification [sffp_sd.sys]
WARNING: Virus alike driver modification [SLIP.sys]
WARNING: Virus alike driver modification [irenum.sys]
WARNING: Virus alike driver modification [wadv08nt.sys]
WARNING: Virus alike driver modification [Hdaudio.sys]
WARNING: Virus alike driver modification [ati1mdxx.sys]
WARNING: Virus alike driver modification [acpiec.sys]
WARNING: Virus alike driver modification [cpqdap01.sys]
WARNING: Virus alike driver modification [e100b325.sys]
WARNING: Virus alike driver modification [wadv07nt.sys]
WARNING: Virus alike driver modification [mdmxsdk.sys]
WARNING: Virus alike driver modification [wadv09nt.sys]
WARNING: Virus alike driver modification [PTDMWWAN.sys]
WARNING: Virus alike driver modification [sffdisk.sys]
WARNING: Virus alike driver modification [wadv11nt.sys]
WARNING: Virus alike driver modification [pcmcia.sys]
WARNING: Virus alike driver modification [amsint.sys]
WARNING: Virus alike driver modification [nikedrv.sys]
WARNING: Virus alike driver modification [rio8drv.sys]
WARNING: Virus alike driver modification [riodrv.sys]
WARNING: Virus alike driver modification [ws2ifsl.sys]
WARNING: Virus alike driver modification [tdpipe.sys]
WARNING: Virus alike driver modification [ati1pdxx.sys]
WARNING: Virus alike driver modification [fsvga.sys]
WARNING: Virus alike driver modification [usbvideo.sys]
WARNING: Virus alike driver modification [tunmp.sys]
WARNING: Virus alike driver modification [nwlnkflt.sys]
WARNING: Virus alike driver modification [ftdisk.sys]
WARNING: Virus alike driver modification [mtlmnt5.sys]
WARNING: Virus alike driver modification [mutohpen.sys]
WARNING: Virus alike driver modification [aha154x.sys]
WARNING: Virus alike driver modification [usb8023.sys]
WARNING: Virus alike driver modification [usb8023x.sys]
WARNING: Virus alike driver modification [slnt7554.sys]
WARNING: Virus alike driver modification [fltmgr.sys]
WARNING: Virus alike driver modification [slwdmsup.sys]
WARNING: Virus alike driver modification [PTDMWFLT.sys]
WARNING: Virus alike driver modification [recagent.sys]
WARNING: Virus alike driver modification [atinmdxx.sys]
WARNING: Virus alike driver modification [atinttxx.sys]
WARNING: Virus alike driver modification [cbidf2k.sys]
WARNING: Virus alike driver modification [rdpwd.sys]
WARNING: Virus alike driver modification [diskdump.sys]
WARNING: Virus alike driver modification [wacompen.sys]
WARNING: Virus alike driver modification [atinpdxx.sys]
WARNING: Virus alike driver modification [smclib.sys]
WARNING: Virus alike driver modification [dac960nt.sys]
WARNING: Virus alike driver modification [asc3550.sys]
WARNING: Virus alike driver modification [cpqarray.sys]
WARNING: Virus alike driver modification [tape.sys]
WARNING: Virus alike driver modification [usbscan.sys]
WARNING: Virus alike driver modification [StreamIP.sys]
WARNING: Virus alike driver modification [dmio.sys]
WARNING: Virus alike driver modification [usbintel.sys]
WARNING: Virus alike driver modification [ini910u.sys]
WARNING: Virus alike driver modification [PTDMMdm.sys]
WARNING: Virus alike driver modification [PTDMVsp.sys]
WARNING: Virus alike driver modification [symc810.sys]
WARNING: Virus alike driver modification [nwrdr.sys]
WARNING: Virus alike driver modification [s3gnbm.sys]
WARNING: Virus alike driver modification [bthenum.sys]
WARNING: Virus alike driver modification [CCDECODE.sys]
WARNING: Virus alike driver modification [mraid35x.sys]
WARNING: Virus alike driver modification [dac2w2k.sys]
WARNING: Virus alike driver modification [ntmtlfax.sys]
WARNING: Virus alike driver modification [ndis.sys]
WARNING: Virus alike driver modification [acpi.sys]
WARNING: Virus alike driver modification [nv4_mini.sys]
WARNING: Virus alike driver modification [rmcast.sys]
WARNING: Virus alike driver modification [hsfbs2s2.sys]
WARNING: Virus alike driver modification [tcpip6.sys]
WARNING: Virus alike driver modification [cinemst2.sys]
WARNING: Virus alike driver modification [bthport.sys]
WARNING: Virus alike driver modification [ati2mtaa.sys]
WARNING: Virus alike driver modification [OVCodek2.sys]
WARNING: Virus alike driver modification [atmuni.sys]
WARNING: Virus alike driver modification [slntamr.sys]
WARNING: Virus alike driver modification [mtxparhm.sys]
WARNING: Virus alike driver modification [dmload.sys]
WARNING: Virus alike driver modification [rootmdm.sys]
WARNING: Virus alike driver modification [smbali.sys]
WARNING: Virus alike driver modification [arp1394.sys]
WARNING: Virus alike driver modification [nic1394.sys]
WARNING: Virus alike driver modification [nwlnknb.sys]
WARNING: Virus alike driver modification [ati1rvxx.sys]
WARNING: Virus alike driver modification [mf.sys]
WARNING: Virus alike driver modification [udfs.sys]
WARNING: Virus alike driver modification [cmdide.sys]
WARNING: Virus alike driver modification [parvdm.sys]
WARNING: Virus alike driver modification [pci.sys]
WARNING: Virus alike driver modification [hsfcxts2.sys]
WARNING: Virus alike driver modification [bridge.sys]
WARNING: Virus alike driver modification [sr.sys]
WARNING: Virus alike driver modification [mskssrv.sys]
WARNING: Virus alike driver modification [cd20xrnt.sys]
WARNING: Virus alike driver modification [mcd.sys]
WARNING: Virus alike driver modification [sdbus.sys]
WARNING: Virus alike driver modification [NABTSFEC.sys]
WARNING: Virus alike driver modification [nwlnkipx.sys]
WARNING: Virus alike driver modification [DRVMCDB.SYS]
WARNING: Virus alike driver modification [mqac.sys]
WARNING: Virus alike driver modification [ksecdd.sys]
WARNING: Virus alike driver modification [slnthal.sys]
WARNING: Virus alike driver modification [scsiport.sys]
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0006ECEE, Type: Inline - RelativeJump 0x80545CEE-->80545CF5 [ntkrnlpa.exe]
[412]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[412]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[412]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[412]explorer.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->00000000 [shimeng.dll]
[412]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[412]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[412]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[412]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
oops, here is the dds log , and i zipped the TDSSKiller log which is attached
Thank you!
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by debbi at 0:33:52.67 on Sun 05/22/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1502.1129 [GMT -7:00]
.
AV: Personal Internet Security 2011 *Enabled/Updated* {C5710F20-D491-416C-81BD-384D5383CEFD}
FW: Personal Internet Security 2011 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\debbi\Desktop\computer fix\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.safer-networking.org/en/home/index.html
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070406
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\bearsh~1\mediabar\toolbar\bsdtxmltbpi.dll
BHO: Updater For Simppull Toolbar: {c4b8bab4-1667-11df-a242-ba9455d89593} - c:\program files\simppulltoolbar\auxi\simppulltoolbAu.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\bearsh~1\mediabar\toolbar\bsdtxmltbpi.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {54BA686E-738F-42FE-BADD-D8CB7CFBC07E} - No File
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
uPolicies-explorer: DisallowRun = 1 (0x1)
IE: &Search - http://tbedits.retrogamer.com/one-toolbaredits/menusearch.jhtml?s=100000494&p=RGxdm170YYus&si=1264000007FV5&a=ABA76228-9EFE-4526-87B6-83BC053993C3&n=2011041723
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: microsoft.com\*.update
Trusted Zone: windowsupdate.com\download
DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://tuserver:4343/officescan/console/ClientInstall/WinNTChk.cab
DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} - hxxps://tuserver:4343/officescan/console/ClientInstall/setupini.cab
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://tuserver:4343/officescan/console/ClientInstall/setup.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} - hxxps://tuserver:4343/officescan/console/ClientInstall/RemoveCtrl.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1304568629125
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\docume~1\debbi\locals~1\applic~1\skype\shared\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
IFEO: image file execution options - svchost.exe
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2007-4-6 3456]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2009-12-18 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-12-18 174720]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [2009-12-19 55056]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [2009-12-19 160912]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [2009-12-19 160912]
S3 PTDMWFLT;PTDMWWAN Filter Driver;c:\windows\system32\drivers\PTDMWFLT.sys [2009-12-19 13456]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [2009-12-19 118800]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]
S4 iComment Upgrade Service;iComment Upgrade Service;"c:\program files\icomment 2.1.22\upgradeservice.exe" --> c:\program files\icomment 2.1.22\UpgradeService.exe [?]
.
=============== Created Last 30 ================
.
2011-05-20 21:43:43 -------- d-----w- c:\docume~1\debbi\applic~1\Malwarebytes
2011-05-20 21:43:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-20 21:43:38 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-05-20 21:43:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-20 21:43:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-16 01:04:44 -------- d-----w- c:\windows\system32\LogFiles
2011-04-28 01:02:54 -------- d-----w- c:\docume~1\debbi\applic~1\simppulltoolbar
2011-04-24 08:06:36 -------- d-----w- c:\docume~1\debbi\applic~1\bsbandmltbpi
2011-04-24 08:00:07 -------- d-----w- c:\docume~1\debbi\applic~1\mediabarbs
2011-04-24 08:00:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\52DE
2011-04-24 07:59:50 -------- d-----w- c:\docume~1\debbi\locals~1\applic~1\BearShare
2011-04-24 07:59:01 -------- d-----w- c:\program files\BearShare Applications
2011-04-24 07:38:54 -------- d-----w- c:\docume~1\alluse~1\applic~1\Fighters
2011-04-24 05:27:46 -------- d-----w- c:\docume~1\debbi\applic~1\com.w3i.plyt
2011-04-24 04:34:12 -------- d-----w- c:\docume~1\debbi\locals~1\applic~1\PackageAware
2011-04-24 04:33:03 -------- d-----w- c:\program files\common files\Symantec Shared
2011-04-24 04:26:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\EmailNotifier
2011-04-24 04:25:59 -------- d-----w- c:\program files\simppulltoolbar
2011-04-24 04:04:12 -------- d-----w- c:\docume~1\debbi\applic~1\ooVoo Details
2011-04-24 04:00:16 -------- d-----w- c:\docume~1\alluse~1\applic~1\WeCareReminder
2011-04-24 03:59:14 -------- d-----w- c:\program files\Yahoo!
2011-04-22 19:47:06 -------- d-----w- c:\docume~1\debbi\applic~1\iComment
2011-04-22 19:47:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\iComment
2011-04-22 19:47:05 -------- d-----w- c:\docume~1\debbi\applic~1\Sammsoft
2011-04-22 19:47:05 -------- d-----w- c:\docume~1\debbi\applic~1\Rubar-Toolbar
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 0:34:25.28 ===============
Jack&Jill
2011-05-23, 17:53
Hello jhawke :),
Hope your day went ok. Thanks. Hope yours are always getting better as well.
Please use RegQuery again to check this key:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer
I need to look at it before we clean up the rest of the malware.
Hey there!
Here is the requested RegQuery log
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"DisallowRun"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\DisallowRun]
Jack&Jill
2011-05-24, 08:02
Hello jhawke :),
Please download ERUNT© by Lars Hederer from one of the links below and save it to your desktop.
Link 1 (http://aumha.org/downloads/erunt-setup.exe)
Link 2 (http://download.cnet.com/ERUNT/3000-2242_4-49213.html)
Link 3 (http://majorgeeks.com/Erunt_d1267.html)
Backup your registry with ERUNT
Double click on erunt-setup.exe and run the installation setup.
Follow the setup instructions until you reach Select Additional Tasks, uncheck (untick) Create NTREGOPT desktop icon.
Continue until you get prompted to run ERUNT at startup. Choose No.
Next, make sure Launch ERUNT is checked (ticked) and click Finish.
Click OK when ERUNT is launched, and accept all default setting. ERUNT will then backup the registry.
--------------------
Please download OTM© by Old Timer from one of the links below and save it to your desktop.
Link 1 (http://oldtimer.geekstogo.com/OTM.exe)
Link 2 (http://www.itxassociates.com/OT-Tools/OTM.exe)
Double click OTM.exe to run it.
Copy and paste the following text into the white box under Paste Instructions for Items to be Moved:
:files
c:\documents and settings\debbi\application data\personal internet security 2011
c:\documents and settings\all users\application data\6ece77
:reg
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options]
"Debugger"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[-HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}]
[-HKEY_CLASSES_ROOT\CLSID\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}]
[-HKEY_CLASSES_ROOT\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{54BA686E-738F-42FE-BADD-D8CB7CFBC07E}]
[-HKEY_CLASSES_ROOT\CLSID\{54BA686E-738F-42FE-BADD-D8CB7CFBC07E}]
:commands
[CREATERESTOREPOINT]
[resethosts]
[emptytemp]
Click the red MoveIt! button.
Copy everything in the Results window (under the green bar) and paste it in your next reply.
The results can also be found in C:\_OTM\MovedFiles folder, the log file being named MMDDYYYY_HHMMSS.log, where MMDDYYYY_HHMMSS represent the date and time the fix was performed.
--------------------
Please post back:
1. the OTM result
2. how is your computer now?
Jack&Jill
2011-05-26, 09:17
Hello jhawke :),
I usually close the topic after 3 days without any reply, and it has already been 2 days since my last post. Do you still need help? Any problems following my instructions? Need more time?
If I do not get any response within the next 24 hours, this topic will be closed.
hi, yes i still need help, i'm still working on your last fix.
Thank you for your patience: Srry, i've been really busy with some other stuff and couldn't get back to this. "how is your computer now?" ....Well, it doesn't seem to be re-directing from search engines. the ctl/alt/delete works. but I still can't get windows updates to work here is the message when I try to run the microsoft windows update but I can't find the error number anywhere or a solution from microsoft website, do you have any ideas?:
[Error number: 0x80070424]
The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem.
here is the OTM result. It did make me reboot before it let me copy the log.
All processes killed
========== FILES ==========
c:\documents and settings\debbi\application data\Personal Internet Security 2011 folder moved successfully.
c:\documents and settings\all users\application data\6ece77\Quarantine Items folder moved successfully.
c:\documents and settings\all users\application data\6ece77\PISSys folder moved successfully.
c:\documents and settings\all users\application data\6ece77 folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\\DisallowRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\\Debugger deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{54BA686E-738F-42FE-BADD-D8CB7CFBC07E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54BA686E-738F-42FE-BADD-D8CB7CFBC07E}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{54BA686E-738F-42FE-BADD-D8CB7CFBC07E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54BA686E-738F-42FE-BADD-D8CB7CFBC07E}\ not found.
========== COMMANDS ==========
Restore point Set: OTM Restore Point (0)
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 32768 bytes
User: All Users
User: debbi
->Temp folder emptied: 55931 bytes
->Temporary Internet Files folder emptied: 46240005 bytes
->Java cache emptied: 52322336 bytes
->Flash cache emptied: 24265 bytes
User: Default User
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: J
->Temp folder emptied: 17369 bytes
->Temporary Internet Files folder emptied: 7977757 bytes
->Flash cache emptied: 564 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49554 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 589020 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 392177 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1613 bytes
Total Files Cleaned = 103.00 mb
OTM by OldTimer - Version 3.1.18.0 log created on 05262011_094616
Files moved on Reboot...
Registry entries deleted on Reboot...
Jack&Jill
2011-05-27, 10:29
Hello jhawke :),
Thank you for your patience: Srry, i've been really busy with some other stuff and couldn't get back to this. Not a problem. Just thought to remind you in case notification fails.
Please use your computer for a few days and get back to me if there are any more problems. I will be giving some security recommendations after that. In the meanwhile, please proceed the steps below.
--------------------
I do not see any Antivirus (AV) installed on your machine after we have cleared the corporate version and malware. AV is a very critical part of your system to keep the it safe and clean. Without it, a computer can easily get infected. Please download and install an AV from one of the links below:
Avast (http://www.avast.com/eng/download-avast-home.html)
Avira (http://download.cnet.com/Avira-AntiVir-Personal-Free-Antivirus/3000-2239_4-10322935.html?part=dl-10322935&subj=dl&tag=button&cdlPid=11012914)
Microsoft Security Essentials (http://www.microsoft.com/security_essentials/)
You should only select one of these three, and keep only one installed.
--------------------
To fix Windows Update, please visit the following Microsoft support page and click on the Fix It button.
How do I reset Windows Update components? (http://support.microsoft.com/kb/971058)
--------------------
Your Java Runtime Environment is outdated. Older versions have security vulnerabilities that can be exploited.
Please update JRE to the latest.
It is important that you uninstall any previous versions by using Add/Remove Programs in your Control Panel before installing a newer version. Please uninstall:
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 14
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
Go to the Java SE download page. Click here. (http://www.oracle.com/technetwork/java/javase/downloads/index.html)
Look for Java SE 6 Update 25. Click the Download JRE button to the right.
Click on Accept License Agreement after reading Oracle Binary Code License Agreement for the Java SE Platform Products.
From a list of files for download, click on the link which says jre-6u25-windows-i586.exe besides Windows x86 Offline and save the file to your desktop.
Close any programs you may have running, especially your web browser.
Then, from your desktop, double click on the download to install the newest version. Reboot your computer.
--------------------
Your Adobe Reader is outdated. Older versions have security vulnerabilities that can be exploited.
Please update your Adobe Reader to the latest.
It is important that you uninstall any previous versions by using Add/Remove Programs in your Control Panel before installing a newer version. Please uninstall:
Adobe Reader 9.4.4
Go to the Adobe download page. Click here. (http://get.adobe.com/reader/)
If your OS is not the same as stated, click on Different language or operating system? link.
Under the Select an operating system title, click on Select an OS... box and choose the OS that you have.
Change the language if you want by clicking on English below the Select a language title.
Press Continue.
Uncheck (untick) Free McAfee Security Scan (optional).
Click the Download now button after selecting the latest version.
Allow if prompted and save the file to a convenient location.
Run the downloaded file to continue with the installation.
If your OS is the same, uncheck (untick) Free McAfee Security Scan (optional).
Click Download to proceed. Allow if prompted and save the file to a convenient location.
Run the downloaded file to continue with the installation.
--------------------
Do an online scan with ESET Online Scanner.
Please be patient as scanning will take quite some time. If you have problem running the scan, you might want to disable any real time protection that you have.
Click here (http://www.eset.com/onlinescan/) to go to ESET Online Scanner page.
Click on Run ESET Online Scanner. A new window will open.
For FireFox user, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
After reading through the Terms of Use, check YES, I accept the Terms of Use and click Start to begin scan.
You will be prompted to install an ActiveX Control from ESET. Please install.
At the Computer scan settings section, uncheck (untick) Remove found threats. <-- Important, do not remove anything yet.
Then, check Scan archives.
Now, click on Advanced settings and make sure all these are checked:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology
Click on Scan to proceed.
When done, the scan result will be shown. Look for C:\Program Files\ESET\ESET Online Scanner\log.txt and open the file.
Post the contents in your reply.
If the contents of log.txt do not reflect what is shown in the result window, click on List of found threats, then Export to text file..., save a file and post that instead.
--------------------
Please post back:
1. any more problems?
2. is the Windows Update problem resolved?
3. the ESET online scan result
Jack&Jill
2011-05-30, 17:12
Hello jhawke :),
How is the computer now? Hope you get the chance to use it and please complete all the steps that I have outlined earlier. If you need to be away for a while, please let me know your timing. Basically we are not done yet, so I will keep this topic open for another 3 days. If I do not any response by then, it will be closed.
Hi Jack&Jill!
Thank you!
The computer seems to be better, although I haven't played on it too much, but I definately don't get sent to other places when searching. But can now use automatic microsoft updates. When I downloaded the adobe reader, it wanted me to download a google toolbar. I have been not downloading tool bars, are they safe? Do I need to download one?
When I downloaded Java, i did receive this error message upon reboot.
#
# A fatal error has been detected by the Java Runtime Environment:
#
# EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x00000000, pid=544, tid=2668
#
# JRE version: 6.0_25-b06
# Java VM: Java HotSpot(TM) Client VM (20.0-b11 mixed mode, sharing windows-x86 )
# Problematic frame:
# C 0x00000000
#
# If you would like to submit a bug report, please visit:
# http://java.sun.com/webapps/bugreport/crash.jsp
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#
--------------- T H R E A D ---------------
Current thread (0x00dbf000): JavaThread "AWT-Windows" daemon [_thread_in_native, id=2668, stack(0x009b0000,0x00ab0000)]
siginfo: ExceptionCode=0xc0000005, reading address 0x00000000
Registers:
EAX=0x00d92018, EBX=0x00000001, ECX=0x00cd66d8, EDX=0x00000004
ESP=0x00aafae0, EBP=0x00aafb0c, ESI=0x00dbf128, EDI=0x00cd66d8
EIP=0x00000000, EFLAGS=0x00010293
Top of Stack: (sp=0x00aafae0)
0x00aafae0: 6d09c720 00aafb74 6d09c1e0 00000000
0x00aafaf0: 00000000 00000001 00dbf128 00aafae4
0x00aafb00: 00aafb90 6d0c0038 00000001 00aafb38
0x00aafb10: 7e418734 00030206 0000981a 00cd66d8
0x00aafb20: 00000000 6d09c1e0 dcbaabcd 00000000
0x00aafb30: 00aafb74 6d09c1e0 00aafba0 7e418816
0x00aafb40: 6d09c1e0 00030206 0000981a 00cd66d8
0x00aafb50: 00000000 00aafc34 00aafc2c 005d7b38
Instructions: (pc=0x00000000)
0xffffffe0:
Register to memory mapping:
EAX=0x00d92018 is an unknown value
EBX=0x00000001 is an unknown value
ECX=0x00cd66d8 is an unknown value
EDX=0x00000004 is an unknown value
ESP=0x00aafae0 is pointing into the stack for thread: 0x00dbf000
EBP=0x00aafb0c is pointing into the stack for thread: 0x00dbf000
ESI=0x00dbf128 is an unknown value
EDI=0x00cd66d8 is an unknown value
Stack: [0x009b0000,0x00ab0000], sp=0x00aafae0, free space=1022k
Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
j sun.awt.windows.WToolkit.eventLoop()V+0
j sun.awt.windows.WToolkit.run()V+52
v ~StubRoutines::call_stub
--------------- P R O C E S S ---------------
Java Threads: ( => current thread )
0x03ed0400 JavaThread "InvalQueue-com.pogo.ui2.awt.ac[GameHostApplet-BorderedDialog-stdc.game.over.dlog,0,0,425x376,invalid]-GameHostApplet-BorderedDialog-stdc.game.over.dlog" daemon [_thread_blocked, id=1424, stack(0x05370000,0x053c0000)]
0x00d8ec00 JavaThread "Direct Clip" daemon [_thread_blocked, id=1920, stack(0x043c0000,0x04410000)]
0x04121400 JavaThread "Direct Clip" daemon [_thread_blocked, id=3144, stack(0x05e40000,0x05e90000)]
0x0564b400 JavaThread "TickTimer" daemon [_thread_blocked, id=1036, stack(0x04f60000,0x04fb0000)]
0x032c3400 JavaThread "AsynchRasterManager" daemon [_thread_blocked, id=972, stack(0x055a0000,0x055f0000)]
0x03fe7c00 JavaThread "ITimer" daemon [_thread_blocked, id=988, stack(0x05550000,0x055a0000)]
0x0413c400 JavaThread "ScrollBar" daemon [_thread_blocked, id=3008, stack(0x05280000,0x052d0000)]
0x03dc0800 JavaThread "TextField" daemon [_thread_blocked, id=2912, stack(0x05230000,0x05280000)]
0x04018000 JavaThread "ScrollBar" daemon [_thread_blocked, id=2132, stack(0x051e0000,0x05230000)]
0x0341f800 JavaThread "ScrollBar" daemon [_thread_blocked, id=2032, stack(0x05190000,0x051e0000)]
0x03458c00 JavaThread "ScrollBar" daemon [_thread_blocked, id=512, stack(0x05140000,0x05190000)]
0x040a1400 JavaThread "ScrollBar" daemon [_thread_blocked, id=420, stack(0x050f0000,0x05140000)]
0x040a1c00 JavaThread "ScrollBar" daemon [_thread_blocked, id=1144, stack(0x050a0000,0x050f0000)]
0x03278400 JavaThread "TickTimer" daemon [_thread_blocked, id=3432, stack(0x05050000,0x050a0000)]
0x0327d000 JavaThread "ScrollBar" daemon [_thread_blocked, id=2684, stack(0x05000000,0x05050000)]
0x03f53400 JavaThread "BadgeStorage" daemon [_thread_blocked, id=3452, stack(0x04fb0000,0x05000000)]
0x00d5a000 JavaThread "SocketConnection" daemon [_thread_in_native, id=3384, stack(0x04f10000,0x04f60000)]
0x0328a000 JavaThread "Image Animator 3" daemon [_thread_blocked, id=3388, stack(0x044b0000,0x04500000)]
0x0335ac00 JavaThread "Applet-EventThread" daemon [_thread_blocked, id=3652, stack(0x04460000,0x044b0000)]
0x00d92800 JavaThread "Direct Clip" daemon [_thread_blocked, id=1680, stack(0x04a60000,0x04ab0000)]
0x03f2d400 JavaThread "AsynchRasterManager.avatar" daemon [_thread_blocked, id=3764, stack(0x048c0000,0x04910000)]
0x033c3800 JavaThread "Thread-37" daemon [_thread_blocked, id=1428, stack(0x04820000,0x04870000)]
0x03e51800 JavaThread "Thread-36" daemon [_thread_blocked, id=3792, stack(0x047d0000,0x04820000)]
0x03388800 JavaThread "Thread-35" daemon [_thread_blocked, id=3796, stack(0x04780000,0x047d0000)]
0x03d49400 JavaThread "Java Sound Event Dispatcher" daemon [_thread_blocked, id=3656, stack(0x04730000,0x04780000)]
0x00cda800 JavaThread "D3D Screen Updater" daemon [_thread_blocked, id=3644, stack(0x04320000,0x04370000)]
0x00cda000 JavaThread "thread applet-com.pogo.game.client2.shell.ShellApplet-7" [_thread_blocked, id=2696, stack(0x04230000,0x04280000)]
0x03d97400 JavaThread "thread applet-com.pogo.game.client2.shell.ShellApplet-6" [_thread_blocked, id=2688, stack(0x04190000,0x041e0000)]
0x03356000 JavaThread "thread applet-com.pogo.game.client2.shell.ShellApplet-5" [_thread_blocked, id=1940, stack(0x03cf0000,0x03d40000)]
0x032bd800 JavaThread "thread applet-com.pogo.game.client2.shell.ShellApplet-4" [_thread_blocked, id=3648, stack(0x03b40000,0x03b90000)]
0x00cd5c00 JavaThread "thread applet-com.pogo.game.client2.tumbee2.Tumbee2Applet-3" [_thread_in_native, id=3616, stack(0x03650000,0x036a0000)]
0x00db8000 JavaThread "AWT-EventQueue-4" [_thread_in_native, id=3620, stack(0x042d0000,0x04320000)]
0x03d40800 JavaThread "AWT-Shutdown" [_thread_blocked, id=3624, stack(0x04280000,0x042d0000)]
0x032bd400 JavaThread "Applet 6 LiveConnect Worker Thread" [_thread_blocked, id=3640, stack(0x04140000,0x04190000)]
0x0346f000 JavaThread "Applet 5 LiveConnect Worker Thread" [_thread_blocked, id=3584, stack(0x03c90000,0x03ce0000)]
0x00dbd800 JavaThread "Applet 4 LiveConnect Worker Thread" [_thread_blocked, id=3612, stack(0x03830000,0x03880000)]
0x032cc800 JavaThread "Applet 3 LiveConnect Worker Thread" [_thread_blocked, id=3608, stack(0x035b0000,0x03600000)]
0x032d5400 JavaThread "Browser Side Object Cleanup Thread" [_thread_blocked, id=2692, stack(0x03af0000,0x03b40000)]
0x032cb400 JavaThread "Windows Tray Icon Thread" [_thread_in_native, id=1164, stack(0x037e0000,0x03830000)]
0x032c8c00 JavaThread "CacheCleanUpThread" daemon [_thread_blocked, id=2480, stack(0x03790000,0x037e0000)]
0x032a4400 JavaThread "CacheMemoryCleanUpThread" daemon [_thread_blocked, id=1168, stack(0x03740000,0x03790000)]
0x0329c000 JavaThread "SysExecutionTheadCreator" daemon [_thread_blocked, id=2328, stack(0x034c0000,0x03510000)]
0x03298800 JavaThread "Java Plug-In Heartbeat Thread" [_thread_blocked, id=796, stack(0x036a0000,0x036f0000)]
=>0x00dbf000 JavaThread "AWT-Windows" daemon [_thread_in_native, id=2668, stack(0x009b0000,0x00ab0000)]
0x00d4e800 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=2564, stack(0x03560000,0x035b0000)]
0x00d7e400 JavaThread "Java Plug-In Pipe Worker Thread (Client-Side)" daemon [_thread_in_native, id=2560, stack(0x03510000,0x03560000)]
0x00db8800 JavaThread "Timer-0" [_thread_blocked, id=2352, stack(0x03470000,0x034c0000)]
0x00d47800 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=2592, stack(0x031e0000,0x03230000)]
0x00d33000 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=2796, stack(0x00fa0000,0x00ff0000)]
0x00d2ec00 JavaThread "C1 CompilerThread0" daemon [_thread_blocked, id=2808, stack(0x00f50000,0x00fa0000)]
0x00d2b800 JavaThread "Attach Listener" daemon [_thread_blocked, id=2800, stack(0x00f00000,0x00f50000)]
0x00d2a400 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=2804, stack(0x00eb0000,0x00f00000)]
0x00d23800 JavaThread "Finalizer" daemon [_thread_blocked, id=2768, stack(0x00e60000,0x00eb0000)]
0x00d22000 JavaThread "Reference Handler" daemon [_thread_blocked, id=2772, stack(0x00e10000,0x00e60000)]
0x008d8000 JavaThread "main" [_thread_blocked, id=2792, stack(0x00960000,0x009b0000)]
Other Threads:
0x00cdc000 VMThread [stack: 0x00dc0000,0x00e10000] [id=2780]
0x00d3e000 WatcherThread [stack: 0x00ff0000,0x01040000] [id=2840]
VM state:not at safepoint (normal execution)
VM Mutex/Monitor currently owned by a thread: None
Heap
def new generation total 39296K, used 23357K [0x2a9e0000, 0x2d480000, 0x2d480000)
eden space 34944K, 64% used [0x2a9e0000, 0x2bfbdb98, 0x2cc00000)
from space 4352K, 22% used [0x2cc00000, 0x2ccf1b78, 0x2d040000)
to space 4352K, 0% used [0x2d040000, 0x2d040000, 0x2d480000)
tenured generation total 87424K, used 60655K [0x2d480000, 0x329e0000, 0x329e0000)
the space 87424K, 69% used [0x2d480000, 0x30fbbd68, 0x30fbbe00, 0x329e0000)
compacting perm gen total 12288K, used 5668K [0x329e0000, 0x335e0000, 0x369e0000)
the space 12288K, 46% used [0x329e0000, 0x32f69028, 0x32f69200, 0x335e0000)
ro space 10240K, 51% used [0x369e0000, 0x36f0dc00, 0x36f0dc00, 0x373e0000)
rw space 12288K, 55% used [0x373e0000, 0x37a7c300, 0x37a7c400, 0x37fe0000)
Code Cache [0x010d0000, 0x01460000, 0x030d0000)
total_blobs=2023 nmethods=1762 adapters=195 free_code_cache=29820736 largest_free_block=256
Dynamic libraries:
0x00400000 - 0x00424000 C:\Program Files\Java\jre6\bin\java.exe
0x7c900000 - 0x7c9b2000 C:\WINDOWS\system32\ntdll.dll
0x7c800000 - 0x7c8f6000 C:\WINDOWS\system32\kernel32.dll
0x64d00000 - 0x64d34000 C:\Program Files\AVAST Software\Avast\snxhk.dll
0x77dd0000 - 0x77e6b000 C:\WINDOWS\system32\ADVAPI32.dll
0x77e70000 - 0x77f03000 C:\WINDOWS\system32\RPCRT4.dll
0x77fe0000 - 0x77ff1000 C:\WINDOWS\system32\Secur32.dll
0x5cb70000 - 0x5cb96000 C:\WINDOWS\system32\ShimEng.dll
0x71590000 - 0x71609000 C:\WINDOWS\AppPatch\AcLayers.DLL
0x7e410000 - 0x7e4a1000 C:\WINDOWS\system32\USER32.dll
0x77f10000 - 0x77f59000 C:\WINDOWS\system32\GDI32.dll
0x7c9c0000 - 0x7d1d7000 C:\WINDOWS\system32\SHELL32.dll
0x77c10000 - 0x77c68000 C:\WINDOWS\system32\msvcrt.dll
0x77f60000 - 0x77fd6000 C:\WINDOWS\system32\SHLWAPI.dll
0x774e0000 - 0x7761e000 C:\WINDOWS\system32\ole32.dll
0x769c0000 - 0x76a74000 C:\WINDOWS\system32\USERENV.dll
0x73000000 - 0x73026000 C:\WINDOWS\system32\WINSPOOL.DRV
0x773d0000 - 0x774d3000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
0x7c340000 - 0x7c396000 C:\Program Files\Java\jre6\bin\msvcr71.dll
0x6d7f0000 - 0x6da9f000 C:\Program Files\Java\jre6\bin\client\jvm.dll
0x76b40000 - 0x76b6d000 C:\WINDOWS\system32\WINMM.dll
0x6d7a0000 - 0x6d7ac000 C:\Program Files\Java\jre6\bin\verify.dll
0x6d320000 - 0x6d33f000 C:\Program Files\Java\jre6\bin\java.dll
0x6d000000 - 0x6d14b000 C:\Program Files\Java\jre6\bin\awt.dll
0x76390000 - 0x763ad000 C:\WINDOWS\system32\IMM32.dll
0x5ad70000 - 0x5ada8000 C:\WINDOWS\SYSTEM32\uxtheme.dll
0x76bf0000 - 0x76bfb000 C:\WINDOWS\system32\PSAPI.DLL
0x4fdd0000 - 0x4ff76000 C:\WINDOWS\system32\d3d9.dll
0x00b20000 - 0x00b26000 C:\WINDOWS\system32\d3d8thk.dll
0x77c00000 - 0x77c08000 C:\WINDOWS\system32\VERSION.dll
0x6d7e0000 - 0x6d7ef000 C:\Program Files\Java\jre6\bin\zip.dll
0x6d420000 - 0x6d426000 C:\Program Files\Java\jre6\bin\jp2native.dll
0x6d1d0000 - 0x6d1e3000 C:\Program Files\Java\jre6\bin\deploy.dll
0x77a80000 - 0x77b15000 C:\WINDOWS\system32\CRYPT32.dll
0x77b20000 - 0x77b32000 C:\WINDOWS\system32\MSASN1.dll
0x77120000 - 0x771ab000 C:\WINDOWS\system32\OLEAUT32.dll
0x3d930000 - 0x3da16000 C:\WINDOWS\system32\WININET.dll
0x01040000 - 0x01049000 C:\WINDOWS\system32\Normaliz.dll
0x78130000 - 0x78263000 C:\WINDOWS\system32\urlmon.dll
0x3dfd0000 - 0x3e1b9000 C:\WINDOWS\system32\iertutil.dll
0x6d6a0000 - 0x6d6e6000 C:\Program Files\Java\jre6\bin\regutils.dll
0x6d600000 - 0x6d613000 C:\Program Files\Java\jre6\bin\net.dll
0x71ab0000 - 0x71ac7000 C:\WINDOWS\system32\WS2_32.dll
0x71aa0000 - 0x71aa8000 C:\WINDOWS\system32\WS2HELP.dll
0x6d620000 - 0x6d629000 C:\Program Files\Java\jre6\bin\nio.dll
0x6d230000 - 0x6d27f000 C:\Program Files\Java\jre6\bin\fontmanager.dll
0x71a50000 - 0x71a8f000 C:\WINDOWS\System32\mswsock.dll
0x76f20000 - 0x76f47000 C:\WINDOWS\system32\DNSAPI.dll
0x76d60000 - 0x76d79000 C:\WINDOWS\system32\iphlpapi.dll
0x76fb0000 - 0x76fb8000 C:\WINDOWS\System32\winrnr.dll
0x76f60000 - 0x76f8c000 C:\WINDOWS\system32\WLDAP32.dll
0x76fc0000 - 0x76fc6000 C:\WINDOWS\system32\rasadhlp.dll
0x662b0000 - 0x66308000 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 - 0x71a98000 C:\WINDOWS\System32\wshtcpip.dll
0x68000000 - 0x68036000 C:\WINDOWS\system32\rsaenh.dll
0x5b860000 - 0x5b8b5000 C:\WINDOWS\system32\netapi32.dll
0x6d790000 - 0x6d79f000 C:\Program Files\Java\jre6\bin\unpack.dll
0x6d510000 - 0x6d534000 C:\Program Files\Java\jre6\bin\jsound.dll
0x6d540000 - 0x6d548000 C:\Program Files\Java\jre6\bin\jsoundds.dll
0x73f10000 - 0x73f6c000 C:\WINDOWS\system32\DSOUND.dll
0x76c30000 - 0x76c5e000 C:\WINDOWS\system32\WINTRUST.dll
0x76c90000 - 0x76cb8000 C:\WINDOWS\system32\IMAGEHLP.dll
0x72d20000 - 0x72d29000 C:\WINDOWS\system32\wdmaud.drv
0x72d10000 - 0x72d18000 C:\WINDOWS\system32\msacm32.drv
0x77be0000 - 0x77bf5000 C:\WINDOWS\system32\MSACM32.dll
0x77bd0000 - 0x77bd7000 C:\WINDOWS\system32\midimap.dll
0x73ee0000 - 0x73ee4000 C:\WINDOWS\system32\KsUser.dll
0x6d1a0000 - 0x6d1c3000 C:\Program Files\Java\jre6\bin\dcpr.dll
0x6d440000 - 0x6d465000 C:\Program Files\Java\jre6\bin\jpeg.dll
VM Arguments:
jvm_args: -D__jvm_launched=461766507 -Xbootclasspath/a:C:\PROGRA~1\Java\jre6\lib\deploy.jar;C:\PROGRA~1\Java\jre6\lib\javaws.jar;C:\PROGRA~1\Java\jre6\lib\plugin.jar -Dsun.awt.warmup=true -Xmx128m
java_command: sun.plugin2.main.client.PluginMain write_pipe_name=jpi2_pid408_pipe3,read_pipe_name=jpi2_pid408_pipe2
Launcher Type: SUN_STANDARD
Environment Variables:
PATH=C:\PROGRAM FILES\COMMON FILES\PERVASIVE SOFTWARE SHARED\PVSWCORE;C:\PVSW\\BIN;C:\WINDOWS\SYSTEM32;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM;C:\PROGRAM FILES\QUICKTIME\QTSYSTEM\;
USERNAME=debbi
OS=Windows_NT
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 5, GenuineIntel
--------------- S Y S T E M ---------------
OS: Windows XP Build 2600 Service Pack 3
CPU:total 2 (1 cores per cpu, 2 threads per core) family 15 model 6 stepping 5, cmov, cx8, fxsr, mmx, sse, sse2, sse3, ht
Memory: 4k page, physical 1537948k(817492k free), swap 2122272k(1523472k free)
vm_info: Java HotSpot(TM) Client VM (20.0-b11) for windows-x86 JRE (1.6.0_25-b06), built on Apr 14 2011 01:04:32 by "java_re" with MS VC++ 7.1 (VS2003)
time: Mon May 30 16:06:50 2011
elapsed time: 425 seconds
Here is the ESET log:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6522
# api_version=3.0.2
# EOSSerial=5edb3353b452e248bcc21caea756e552
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-05-31 12:22:00
# local_time=2011-05-30 05:22:00 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=49157
# found=88
# cleaned=0
# scan_time=1950
C:\Documents and Settings\All Users\Application Data\Fighters\SLOW-PCfighter\InstallCache\{C3F5F5A2-6DC3-43D1-9811-B9713A0C67E6}\SLOW-PCfighter.msi a variant of Win32/SlowPCfighter application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172823.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172828.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172829.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172830.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172831.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172832.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172833.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172834.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172835.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172836.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172837.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183727.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183730.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183731.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183732.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183733.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183734.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183735.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183737.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183738.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183755.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183756.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183757.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183758.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183759.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183800.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183801.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193203.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193208.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193209.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193210.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193211.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193212.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193220.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193221.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193222.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193245.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193246.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193247.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193248.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193249.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193250.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193251.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193313.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193316.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193317.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193318.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193319.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193320.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193321.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193335.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211411.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211438.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211440.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211441.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211443.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211444.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211447.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211448.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211450.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211451.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211509.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211511.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211515.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211517.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180806.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180809.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180810.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180811.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180812.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180813.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180826.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180829.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180830.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180831.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180832.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180833.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213435.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213439.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213440.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213441.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213442.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213443.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213444.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213445.backup Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTM\MovedFiles\05262011_094616\c_documents and settings\all users\application data\6ece77\886.mof Win32/RogueAV.A trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTM\MovedFiles\05262011_094616\C_WINDOWS\System32\drivers\etc\hosts Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I
Jack&Jill
2011-05-31, 16:46
Hello jhawke :),
When I downloaded the adobe reader, it wanted me to download a google toolbar. I would skip the toolbar and install the latest Adobe Reader.
There are signs of a few toolbars with debatable status on your computer that I would remove or uninstall:
MediaBar
Simppull Toolbar
Rubar-Toolbar
--------------------
Websites in the Trusted Zone allow for lower security settings for the browser. We may add websites that we know are safe into it, but there are risks of these websites getting hacked or exploited.
As those sites would still work without being in the Trusted Zone, better that we prevent against this risk.
Clear Trusted Zones for Internet Explorer
Open Internet Explorer.
Go to the pull down menu and click on Tools > Internet Options.
An options window will appear. Select the Security tab.
Click on Trusted Sites, represented by the tick icon.
Click the Sites button and remove all the websites listed.
Close the window and click OK to exit the options window.
--------------------
Please backup the registry with ERUNT again.
Rerun OTM
Double click OTM.exe to run it.
Copy and paste the following text into the white box under Paste Instructions for Items to be Moved:
:files
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172823.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172828.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172829.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172830.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172831.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172832.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172833.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172834.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172835.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172836.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172837.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183727.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183730.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183731.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183732.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183733.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183734.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183735.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183737.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183738.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183755.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183756.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183757.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183758.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183759.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183800.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183801.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193203.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193208.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193209.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193210.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193211.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193212.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193220.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193221.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193222.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193245.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193246.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193247.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193248.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193249.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193250.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193251.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193313.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193316.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193317.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193318.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193319.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193320.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193321.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193335.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211411.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211438.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211440.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211441.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211443.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211444.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211447.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211448.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211450.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211451.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211509.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211511.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211515.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211517.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180806.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180809.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180810.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180811.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180812.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180813.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180826.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180829.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180830.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180831.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180832.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180833.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213435.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213439.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213440.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213441.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213442.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213443.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213444.backup
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213445.backup
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00134F72-5284-44F7-95A8-52A619F70751}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{08D75BB0-D2B5-11D1-88FC-0080C859833B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{08D75BC1-D2B5-11D1-88FC-0080C859833B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5EFE8CB1-D095-11D1-88FC-0080C859833B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6A060448-60F9-11D5-A6CD-0002B31F7455}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search]
:commands
[CREATERESTOREPOINT]
[emptytemp]
Click the red MoveIt! button.
Copy everything in the Results window (under the green bar) and paste it in your next reply.
The results can also be found in C:\_OTM\MovedFiles folder, the log file being named MMDDYYYY_HHMMSS.log, where MMDDYYYY_HHMMSS represent the date and time the fix was performed.
--------------------
For the Java issue, it is the first time I come across such an occurence. From the looks of it, there seems to be some conflict or something similar that caused this error.
Please rerun DDS and post back the logs to see if I can get some hints there. It may be beyond my scope and expertise, but I will take a look first. Then, I could point you to some techs who may be able to help.
--------------------
Please post back:
1. OTM log
2. fresh DDS logs
Hi there!
you said: There are signs of a few toolbars with debatable status on your computer that I would remove or uninstall:
MediaBar
Simppull Toolbar
Rubar-ToolbarI finally was able to delete the folder simppull when I was in safe-mode. The other two toolbars I couldn't find to remove. They do not show up on add/remove programs. Any Ideas?:red:
Cleared the trusted sites
Here is the OTM Log
All processes killed
========== FILES ==========
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172823.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172828.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172829.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172830.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172831.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172832.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172833.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172834.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172835.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172836.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110204-172837.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183727.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183730.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183731.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183732.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183733.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183734.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183735.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183737.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183738.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183755.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183756.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183757.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183758.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183759.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183800.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-183801.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193203.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193208.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193209.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193210.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193211.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193212.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193220.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193221.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193222.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193245.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193246.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193247.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193248.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193249.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193250.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193251.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193313.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193316.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193317.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193318.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193319.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193320.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193321.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-193335.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211411.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211438.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211440.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211441.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211443.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211444.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211447.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211448.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211450.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211451.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211509.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211511.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211515.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110427-211517.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180806.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180809.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180810.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180811.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180812.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180813.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180826.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180829.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180830.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180831.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180832.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110428-180833.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213435.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213439.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213440.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213441.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213442.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213443.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213444.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110515-213445.backup moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00134F72-5284-44F7-95A8-52A619F70751}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00134F72-5284-44F7-95A8-52A619F70751}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{08D75BB0-D2B5-11D1-88FC-0080C859833B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08D75BB0-D2B5-11D1-88FC-0080C859833B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{08D75BC1-D2B5-11D1-88FC-0080C859833B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08D75BC1-D2B5-11D1-88FC-0080C859833B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5EFE8CB1-D095-11D1-88FC-0080C859833B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5EFE8CB1-D095-11D1-88FC-0080C859833B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6A060448-60F9-11D5-A6CD-0002B31F7455}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A060448-60F9-11D5-A6CD-0002B31F7455}\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ deleted successfully.
========== COMMANDS ==========
Restore point Set: OTM Restore Point (0)
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: All Users
User: debbi
->Temp folder emptied: 1314423 bytes
->Temporary Internet Files folder emptied: 64167948 bytes
->Java cache emptied: 11768145 bytes
->Flash cache emptied: 1140 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
User: J
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16867 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 74.00 mb
OTM by OldTimer - Version 3.1.18.0 log created on 05312011_183510
Files moved on Reboot...
Registry entries deleted on Reboot...
DDS LOG
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by debbi at 18:39:36.10 on Tue 05/31/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1502.1014 [GMT -7:00]
.
AV: Personal Internet Security 2011 *Enabled/Updated* {C5710F20-D491-416C-81BD-384D5383CEFD}
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Personal Internet Security 2011 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\notepad.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\debbi\Desktop\computer fix\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.safer-networking.org/en/home/index.html
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070406
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\bearsh~1\mediabar\toolbar\bsdtxmltbpi.dll
BHO: Updater For Simppull Toolbar: {c4b8bab4-1667-11df-a242-ba9455d89593} - c:\program files\simppulltoolbar\auxi\simppulltoolbAu.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\bearsh~1\mediabar\toolbar\bsdtxmltbpi.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {54BA686E-738F-42FE-BADD-D8CB7CFBC07E} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1304568629125
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\docume~1\debbi\locals~1\applic~1\skype\shared\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
.
============= SERVICES / DRIVERS ===============
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2007-4-6 3456]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-5-31 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-5-31 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-5-31 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-5-31 61960]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-30 136176]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2009-12-18 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-12-18 174720]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [2009-12-19 55056]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [2009-12-19 160912]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [2009-12-19 160912]
S3 PTDMWFLT;PTDMWWAN Filter Driver;c:\windows\system32\drivers\PTDMWFLT.sys [2009-12-19 13456]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [2009-12-19 118800]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]
S4 iComment Upgrade Service;iComment Upgrade Service;"c:\program files\icomment 2.1.22\upgradeservice.exe" --> c:\program files\icomment 2.1.22\UpgradeService.exe [?]
.
=============== Created Last 30 ================
.
2011-06-01 01:05:59 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-01 01:05:58 -------- d-----w- c:\program files\Avira
2011-06-01 01:05:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2011-05-31 19:24:46 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-05-31 19:24:46 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-05-30 23:31:06 -------- d-----w- c:\program files\ESET
2011-05-30 22:51:26 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-30 22:51:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-30 22:27:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVAST Software
2011-05-26 16:46:16 -------- d-----w- C:\_OTM
2011-05-20 21:43:43 -------- d-----w- c:\docume~1\debbi\applic~1\Malwarebytes
2011-05-20 21:43:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-20 21:43:38 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-05-20 21:43:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-20 21:43:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-16 01:04:44 -------- d-----w- c:\windows\system32\LogFiles
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 18:40:23.60 ===============
Jack&Jill
2011-06-01, 11:19
Hello jhawke :),
From your logs, it appears Java installed correctly. Are you still experiencing issues with it?
Please uninstall these programs with debatable status as well:
SearchAssist
URL Assistant
If they are stubborn, please use Revo Uninstalller (http://www.revouninstaller.com/revo_uninstaller_free_download.html).
The earlier programs that you said you have already uninstalled could also be removed with Revo Uninstaller:
Sage BusinessWorks
Sage Components
--------------------
Please download ComboFix from one of the links below and save it to your desktop.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/sUBs/ComboFix.exe)
Do not mouse click on ComboFix while it is running. That may cause it to stall. ComboFix is a powerful tool and must not be used without supervision.
Run ComboFix
Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running ComboFix. They will interfere and may cause unexpected results.
If you need help to disable your protection programs see here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) and here (http://www.bleepingcomputer.com/forums/topic114351.html).
Open Notepad. Copy and paste the following text into it:
SecCenter::
FW: Personal Internet Security 2011 *Enabled*
Folder::
c:\program files\simppulltoolbar
c:\program files\BearShare Applications
Save it as CFScript.txt at the desktop. Make sure the Save as type: is All Files (*.*).
Go to Start > Run.... Copy and paste the following text into the white box:
"%userprofile%\desktop\ComboFix.exe" "%userprofile%\desktop\CFScript.txt"
Click OK. ComboFix will now run a scan on your system.
As part of its process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. You will be asked to install it if it is not present in your computer. Click Yes to proceed.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, click on Yes to continue scanning for malware.
When finished, a log will be produced as C:\ComboFix.txt. Please post this log in your next reply.
If you lose Internet connection after running ComboFix, right click on the network icon at the system tray and select Repair, or you can reboot the computer.
Enable back your security softwares as soon as you completed the ComboFix steps.
A detailed step by step tutorial to run ComboFix can be found here (http://www.bleepingcomputer.com/combofix/how-to-use-combofix) if you need help.
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use. Do not mouse click on ComboFix while it is running. That may cause it to stall.
--------------------
Please post back:
1. Java status
2. ComboFix log
Hi Jack&Jill
Java: After uninstalling Pervasive(which was part of SageBusiness Works) with Revo Uninstaller, I am not getting the error message log from java.
SearchAssist & URL Assistant uninstalled thru control panel/add-remove programs
I couldn't find Sage BusinessWorks or Sage Components as installed program(s) on Revo Uninstaller, but I did do the clean of the deleted files, so I am hoping that those are now gone. If not. What Am I doing wrong? How do I find them to remove them? I am attaching the DDS log just in case.
Thank you!
Here is the Combofix log:
ComboFix 11-06-03.02 - debbi 06/03/2011 10:00:08.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1502.1086 [GMT -7:00]
Running from: c:\documents and settings\debbi\desktop\ComboFix.exe
Command switches used :: c:\documents and settings\debbi\desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\xowfxqmeRqGxcf98viP9pvTDXVkU_.mkv
c:\program files\INSTALL.LOG
.
.
((((((((((((((((((((((((( Files Created from 2011-05-03 to 2011-06-03 )))))))))))))))))))))))))))))))
.
.
2011-06-03 05:22 . 2011-06-03 05:22 -------- d-----w- c:\documents and settings\debbi\Local Settings\Application Data\VS Revo Group
2011-06-03 05:22 . 2009-12-30 18:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-06-03 04:57 . 2011-06-03 05:22 -------- d-----w- c:\program files\VS Revo Group
2011-06-01 03:52 . 2011-06-01 03:52 -------- d-----w- c:\documents and settings\debbi\Application Data\Avira
2011-06-01 02:11 . 2011-06-01 02:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-06-01 02:08 . 2011-06-01 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Big Fish Games
2011-06-01 02:08 . 2011-06-01 02:08 -------- d-----w- c:\program files\bfgclient
2011-06-01 02:08 . 2011-06-01 02:09 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2011-06-01 01:19 . 2011-06-01 01:19 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-06-01 01:05 . 2011-04-02 00:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-01 01:05 . 2011-04-02 00:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-01 01:05 . 2010-06-17 22:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-06-01 01:05 . 2010-06-17 22:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-06-01 01:05 . 2011-06-01 01:05 -------- d-----w- c:\program files\Avira
2011-06-01 01:05 . 2011-06-01 01:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-05-31 19:24 . 2009-08-07 02:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-05-30 23:31 . 2011-05-30 23:31 -------- d-----w- c:\program files\ESET
2011-05-30 22:59 . 2011-05-30 22:59 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-05-30 22:51 . 2011-05-30 22:51 -------- d-----w- c:\program files\Common Files\Java
2011-05-30 22:51 . 2011-05-30 22:51 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-30 22:51 . 2011-05-30 22:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-30 22:27 . 2011-06-01 00:59 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-05-26 16:46 . 2011-05-26 16:46 -------- d-----w- C:\_OTM
2011-05-26 16:43 . 2011-05-26 16:44 -------- d-----w- c:\program files\ERUNT
2011-05-20 21:43 . 2011-05-20 21:43 -------- d-----w- c:\documents and settings\debbi\Application Data\Malwarebytes
2011-05-20 21:43 . 2011-05-20 21:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-20 21:43 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-20 21:43 . 2011-05-20 21:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-20 21:43 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-16 01:04 . 2011-05-16 01:04 -------- d-----w- c:\windows\system32\LogFiles
2011-05-05 05:14 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2011-05-05 03:59 . 2011-05-05 03:59 -------- d-sh--w- c:\documents and settings\J\IECompatCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2004-08-11 22:12 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 18:09 63712 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2006-08-29 02:57 395776 ----a-w- c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 21:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 22:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2006-05-01 07:07 843776 -c--a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NtmsSvc"=3 (0x3)
"gusvc"=2 (0x2)
"gupdate"=2 (0x2)
"Fax"=2 (0x2)
"YahooAUService"=2 (0x2)
"tmlisten"=2 (0x2)
"Retrogamer_2zService"=2 (0x2)
"OfcPfwSvc"=2 (0x2)
"ntrtscan"=2 (0x2)
"iComment Upgrade Service"=3 (0x3)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\debbi\\Local Settings\\Application Data\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\debbi\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [4/6/2007 8:46 PM 3456]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/31/2011 6:06 PM 136360]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/30/2011 4:14 PM 136176]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [12/18/2009 12:13 PM 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [12/18/2009 12:12 PM 174720]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [12/19/2009 3:07 PM 55056]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [12/19/2009 3:07 PM 160912]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [12/19/2009 3:07 PM 160912]
S3 PTDMWFLT;PTDMWWAN Filter Driver;c:\windows\system32\drivers\PTDMWFLT.sys [12/19/2009 3:07 PM 13456]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [12/19/2009 3:07 PM 118800]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [6/2/2011 10:22 PM 27064]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [5/25/2009 3:43 PM 32408]
S4 iComment Upgrade Service;iComment Upgrade Service;"c:\program files\iComment 2.1.22\UpgradeService.exe" --> c:\program files\iComment 2.1.22\UpgradeService.exe [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]
.
2011-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-30 23:14]
.
2011-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-30 23:14]
.
2011-06-03 c:\windows\Tasks\User_Feed_Synchronization-{2009D32A-3C7D-4CF2-ACF1-8EF740FCBEC3}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.safer-networking.org/en/home/index.html
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
BHO-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll
BHO-{C4B8BAB4-1667-11DF-A242-BA9455D89593} - c:\program files\simppulltoolbar\auxi\simppulltoolbAu.dll
Toolbar-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll
Toolbar-10 - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-DATAMNGR - c:\progra~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
MSConfigStartUp-iComment update runner - c:\program files\iComment 2.1.22\UpdateRunner.exe
MSConfigStartUp-Microsoft Default Manager - c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe
MSConfigStartUp-OfficeScanNT Monitor - c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-AOLAntivirus - c:\program files\mcafee.com\antivirus\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-03 10:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(652)
c:\windows\SYSTEM32\Ati2evxx.dll
.
Completion time: 2011-06-03 10:05:59
ComboFix-quarantined-files.txt 2011-06-03 17:05
.
Pre-Run: 65,461,886,976 bytes free
Post-Run: 65,432,424,448 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 66809CDFCD7A51A6745879EF2BF41E7C
[B]DDS LOG
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by debbi at 17:44:17.09 on Fri 06/03/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1502.995 [GMT -7:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\debbi\Desktop\computer fix\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.safer-networking.org/en/home/index.html
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1304568629125
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\docume~1\debbi\locals~1\applic~1\skype\shared\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
.
============= SERVICES / DRIVERS ===============
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2007-4-6 3456]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-5-31 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-5-31 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-5-31 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-5-31 61960]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-30 136176]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2009-12-18 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-12-18 174720]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [2009-12-19 55056]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [2009-12-19 160912]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [2009-12-19 160912]
S3 PTDMWFLT;PTDMWWAN Filter Driver;c:\windows\system32\drivers\PTDMWFLT.sys [2009-12-19 13456]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [2009-12-19 118800]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-6-2 27064]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]
S4 iComment Upgrade Service;iComment Upgrade Service;"c:\program files\icomment 2.1.22\upgradeservice.exe" --> c:\program files\icomment 2.1.22\UpgradeService.exe [?]
.
=============== Created Last 30 ================
.
2011-06-03 16:50:11 -------- d-sha-r- C:\cmdcons
2011-06-03 16:45:19 98816 ----a-w- c:\windows\sed.exe
2011-06-03 16:45:19 518144 ----a-w- c:\windows\SWREG.exe
2011-06-03 16:45:19 256512 ----a-w- c:\windows\PEV.exe
2011-06-03 16:45:19 208896 ----a-w- c:\windows\MBR.exe
2011-06-03 05:22:23 -------- d-----w- c:\docume~1\debbi\locals~1\applic~1\VS Revo Group
2011-06-03 05:22:18 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-06-03 04:57:16 -------- d-----w- c:\program files\VS Revo Group
2011-06-01 03:52:19 -------- d-----w- c:\docume~1\debbi\applic~1\Avira
2011-06-01 02:08:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\Big Fish Games
2011-06-01 02:08:48 -------- d-----w- c:\program files\bfgclient
2011-06-01 02:08:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\BigFishGamesCache
2011-06-01 01:05:59 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-01 01:05:58 -------- d-----w- c:\program files\Avira
2011-06-01 01:05:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2011-05-31 19:24:46 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-05-31 19:24:46 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-05-30 23:31:06 -------- d-----w- c:\program files\ESET
2011-05-30 22:51:26 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-30 22:51:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-30 22:27:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVAST Software
2011-05-26 16:46:16 -------- d-----w- C:\_OTM
2011-05-20 21:43:43 -------- d-----w- c:\docume~1\debbi\applic~1\Malwarebytes
2011-05-20 21:43:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-20 21:43:38 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-05-20 21:43:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-20 21:43:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-16 01:04:44 -------- d-----w- c:\windows\system32\LogFiles
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
============= FINISH: 17:44:36.57 ===============
Jack&Jill
2011-06-04, 06:44
Hello jhawke :),
I couldn't find Sage BusinessWorks or Sage Components as installed program(s) on Revo Uninstaller, but I did do the clean of the deleted files, so I am hoping that those are now gone. If not. What Am I doing wrong? How do I find them to remove them? Don't worry too much about it. If they are no longer there, most likely they have already been removed.
--------------------
Congratulations, you are All Clear to go. Glad to hear everything is good and running :). If you have any more problems, please let me know.
Now we need to clear out the programs we have been using to clean up your computer. They are not suitable for general malware removal and could cause damage if used inappropriately.
Go to Start > Run.... Copy and paste the following text into the white box:
ComboFix /uninstall
Click OK.
Run OTM by double clicking on OTM.exe. Click on CleanUp, proceed to reboot if prompted.
Delete the RegQuery, Rootkit Unhooker and TDSSKiller files on your desktop.
Delete any logs on the desktop.
Some tips to help you stay clean and safe:
1. Keep your Windows up to date. Enable Automatic Updates for Windows XP (http://www.bleepingcomputer.com/tutorials/tutorial35.html) to always update the latest security patches from Microsoft, or you can download from the Microsoft website. Otherwise, your computer will be vulnerable to new exploits or malwares.
2. Update your Antivirus program regularly, it is a must for constant protection against viruses. Please keep only one AV installed.
3. Install Malwarebytes' Anti-Malware if you haven't and use it occasionally. It is a new and powerful anti-malware tool (http://www.malwarebytes.org/mbam.php), totally free but for real-time protection you will have to pay a small one-time fee.
4. Install WinPatrol, a great protection program (http://www.winpatrol.com/) that helps you monitor for unwanted files or applications. If you install WinPatrol, do not install Spybot in case you are still considering reinstalling it.
5. Use a hosts file to block the access of bad sites from your computer. Get yourself a MVPS Hosts (http://www.mvps.org/winhelp2002/hosts.htm) for this purpose.
6. Install Web of Trust (WOT). WOT (http://www.mywot.com/) keeps you from dangerous websites with warnings and blockings.
7. Protect your computer from removable or USB drive infections with Panda USB Vaccine (http://www.pandasecurity.com/homeusers/downloads/usbvaccine/), an effective method to prevent malware from spreading.
8. Keep all your softwares updated. Visit Secunia Software Inspector (http://secunia.com/software_inspector/) to find out if any updates required.
9. Also look up:
Computer Security - a short guide to staying safer online (http://www.malwareremoval.com/forum/viewtopic.php?f=4&t=54766)
PC Safety and Security - What Do I Need? By Glaswegian (http://www.techsupportforum.com/security-center/general-computer-security/525915-pc-safety-security-what-do-i-need.html)
How to prevent malware: By miekiemoes (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)
So how did I get infected in the first place? By Tony Klein (http://forums.spybot.info/showthread.php?t=279)
Microsoft Online Safety (http://www.microsoft.com/protect/default.aspx)
Stay safe.
Jack&Jill
2011-06-07, 07:31
As your problems appear to have been resolved, this topic is now closed.
We are glad to be of help. If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site, please read :
Your donation helps in improving Spybot-S&D! (http://www.safer-networking.org/en/donate/index.html)