Emsisoft New Malware Blog » Removal Help

Antivirus Smart Protection Rogue Removal Instructions

emsi — Wed, 25 Jan 2012 06:47:18 +0000

The Emsisoft malware research team has discovered a new outbreak of the Antivirus Smart Protection. Emsisoft Anti-Malware detects this malware as Rogue.Win32.AntivirusSmartProtection.

Antivirus Smart Protection is a rogue scanner application, another variant of Malware Protection Center and Internet Security Guard. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AllUsersProfile%\Application Data\5c678c\
%AllUsersProfile%\Application Data\5c678c\sqlite3.dll
%AllUsersProfile%\Application Data\5c678c\ASPSys\
%AllUsersProfile%\Application Data\5c678c\BackUp\
%AllUsersProfile%\Application Data\5c678c\Quarantine Items\
%AllUsersProfile%\Application Data\5c678c\582.mof
%AllUsersProfile%\Application Data\5c678c\AS9c5_8046.exe
%AllUsersProfile%\Application Data\5c678c\ASP.ico
%AllUsersProfile%\Application Data\5c678c\mozcrt19.dll
%AllUsersProfile%\Application Data\ASLNP\
%AllUsersProfile%\Application Data\ASLNP\ASUUDJRRJXP.cfg
%AppData%\Antivirus Smart Protection\
%AppData%\Antivirus Smart Protection\cookies.sqlite
%AppData%\Microsoft\Internet Explorer\Quick Launch\Antivirus Smart Protection.lnk
%UserProfile%\Desktop\Antivirus Smart Protection.lnk
%Temp%\scandsk211d_8046.exe
%UserProfile%\Start Menu\Antivirus Smart Protection.lnk
%UserProfile%\Start Menu\Programs\Antivirus Smart Protection.lnk

Create/modify registry entries:

HKEY_LOCAL_MACHINE\Software\Classes\AS9c5_8046.DocHostUIHandler
Default = Implements DocHostUIHandler
Clsid = {3F2BBC05-40DF-11D2-9455-00104BC936FF}

HKEY_LOCAL_MACHINE\Software\Classes\clsid\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
Default = Implements DocHostUIHandler
LocalServer32 = %AllUsersProfile%\Application Data\5c678c\AS9c5_8046.exe
ProgID = AS9c5_8046.DocHostUIHandler

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Anti-Virus Professional.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntispywarXP2009.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPro_2010.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxppro2009.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus_Pro.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cl.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\frmwrk32.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gav.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe \
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MalwareRemoval.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pav.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pc.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsAuxs.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsGui.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsTray.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PC_Antispyware2010.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdfndr.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PerAvir.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\qh.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quick Heal.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\QuickHealCleaner.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Save.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveArmor.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveDefense.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveKeep.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secure Veteran.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\secureveteran.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Security Center.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityFighter.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\securitysoldier.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smart.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartprotector.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smrtdefp.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SoftSafeness.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spywarexpguard.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrustWarrior.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsc.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\W3asbas.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winav.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windll32.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows Police Pro.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpdeluxe.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp_antispyware.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe\
Debugger = svchost.exe

HKEY_CURRENT_USER\software\3

HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\
ltTST = 7F3E0000

HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\Download\
CheckExeSignatures = no
RunInvalidSignatures = 01000000

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run\
Home Security Solutions = “%AllUsersProfile%\Application Data\5c678c\AS9c5_8046.exe” /s /d

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\RunOnce\
HSS = “%Temp%\scandsk211d_8046.exe” /cs:1

Screenshots:

To register and uninstall this rogue application, you can try one of the following serial number:

K7LY-R5GU-SI9D-EVFB
U2FD-S2LA-H4KA-UEPB

How to remove the infection of Antivirus Smart Protection (Rogue.Win32.AntivirusSmartProtection)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Malware Protection Center Rogue Removal Instructions

emsi — Tue, 24 Jan 2012 14:27:18 +0000

The Emsisoft malware research team has discovered a new outbreak of the Malware Protection Center. Emsisoft Anti-Malware detects this malware as Rogue.Win32.MalwareProtectionCenter.

Malware Protection Center is a rogue scanner application, another variant of Internet Security Guard. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AllUsersProfile%\Application Data\5c678c\
%AllUsersProfile%\Application Data\5c678c\sqlite3.dll
%AllUsersProfile%\Application Data\5c678c\BackUp\
%AllUsersProfile%\Application Data\5c678c\MPCSys\
%AllUsersProfile%\Application Data\5c678c\Quarantine Items\
%AllUsersProfile%\Application Data\5c678c\73.mof
%AllUsersProfile%\Application Data\5c678c\mozcrt19.dll
%AllUsersProfile%\Application Data\5c678c\MP5c6_8040.exe
%AllUsersProfile%\Application Data\5c678c\MPC.ico
%AllUsersProfile%\Application Data\MPJCENSJC\
%AllUsersProfile%\Application Data\MPJCENSJC\MPSJQIC.cfg
%AppData%\Malware Protection Center\
%AppData%\Malware Protection Center\cookies.sqlite
%AppData%\Malware Protection Center\Instructions.ini
%AppData%\Microsoft\Internet Explorer\Quick Launch\Malware Protection Center.lnk
%UserProfile%\Desktop\Malware Protection Center.lnk
%UserProfile%\Start Menu\Malware Protection Center.lnk
%UserProfile%\Start Menu\Programs\Malware Protection Center.lnk

Create/modify registry entries:

HKEY_LOCAL_MACHINE\Software\Classes\clsid\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\
Default = Implements DocHostUIHandler
LocalServer32 = %AllUsersProfile%\Application Data\5c678c\MP5c6_8040.exe
ProgID = MP5c6_8040.DocHostUIHandler
HKEY_LOCAL_MACHINE\Software\Classes\MP5c6_8040.DocHostUIHandler\
Default = Implements DocHostUIHandler
Clsid = {3F2BBC05-40DF-11D2-9455-00104BC936FF}

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Anti-Virus Professional.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntispywarXP2009.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPro_2010.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxppro2009.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus_Pro.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cl.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\frmwrk32.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gav.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe \
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MalwareRemoval.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pav.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pc.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsAuxs.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsGui.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsTray.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PC_Antispyware2010.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdfndr.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PerAvir.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\qh.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quick Heal.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\QuickHealCleaner.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Save.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveArmor.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveDefense.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveKeep.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secure Veteran.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\secureveteran.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Security Center.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityFighter.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\securitysoldier.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smart.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartprotector.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smrtdefp.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SoftSafeness.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spywarexpguard.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrustWarrior.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsc.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\W3asbas.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winav.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windll32.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows Police Pro.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpdeluxe.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp_antispyware.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe\
Debugger = svchost.exe

HKEY_CURRENT_USER\software\3

HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\
ltTST = 7F3E0000

HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\Download\
CheckExeSignatures = no
RunInvalidSignatures = 01000000

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run\
Malware Protection Center = “%AllUsersProfile%\Application Data\5c678c\MP5c6_8040.exe” /s /d

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\RunOnce\
MPC = “%Temp%\setup.exe” /cs:1

Screenshots:

To register and uninstall this rogue application, you can try one of the following serial number:

K7LY-R5GU-SI9D-EVFB 
K7LY-H4KA-SI9D-U2FD 
U2FD-S2LA-H4KA-UEPB

How to remove the infection of Malware Protection Center (Rogue.Win32.MalwareProtectionCenter)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Smart Protection 2012 Rogue Removal Instructions

emsi — Mon, 23 Jan 2012 13:52:18 +0000

The Emsisoft malware research team has discovered a new outbreak of the Smart Protection 2012. Emsisoft Anti-Malware detects this malware as Rogue.Win32.SmartProtection2012.

Smart Protection 2012 is a rogue application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AllUsersProfile%\Application Data\B7E85B320179A6C600266C1CD151FC4E\
%AllUsersProfile%\Application Data\B7E85B320179A6C600266C1CD151FC4E\B7E85B320179A6C600266C1CD151FC4E
%AllUsersProfile%\Application Data\B7E85B320179A6C600266C1CD151FC4E\B7E85B320179A6C600266C1CD151FC4E.exe
%UserProfile%\Desktop\Smart Protection 2012.lnk
%UserProfile%\Start Menu\Programs\Smart Protection 2012\
%UserProfile%\Start Menu\Programs\Smart Protection 2012\Smart Protection 2012.lnk

Create new registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\RunOnce\
B7E85B320179A6C600266C1CD151FC4E = %AllUsersProfile%\Application Data\B7E85B320179A6C600266C1CD151FC4E\B7E85B320179A6C600266C1CD151FC4E.exe

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Uninstall\Smart Protection 2012\
DisplayName = Smart Protection 2012
ShortcutPath = “%AllUsersProfile%\Application Data\B7E85B320179A6C600266C1CD151FC4E\B7E85B320179A6C600266C1CD151FC4E.exe” Uninstall
UninstallString = “%AllUsersProfile%\Application Data\B7E85B320179A6C600266C1CD151FC4E\B7E85B320179A6C600266C1CD151FC4E.exe” Uninstall
DisplayIcon = %AllUsersProfile%\Application Data\B7E85B320179A6C600266C1CD151FC4E\B7E85B320179A6C600266C1CD151FC4E.exe,0

Screenshots:

To register this rogue application, you can use any email and try the following serial number:

AA39754E-715219CE

How to remove the infection of Smart Protection 2012 (Rogue.Win32.SmartProtection2012)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Internet Security 2012 Rogue Removal Instructions

emsi — Mon, 23 Jan 2012 12:56:37 +0000

The Emsisoft malware research team has discovered a new outbreak of the Internet Security 2012. Emsisoft Anti-Malware detects this malware as Rogue.Win32.InternetSecurity2012.

Internet Security 2012 is a rogue application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AllUsersProfile%\Application Data\isecurity.exe
%AllUsersProfile%\Desktop\Internet Security 2012.lnk
%UserProfile%\Start Menu\Internet Security 2012.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Internet Security 2012 = %AllUsersProfile%\Desktop\Internet Security 2012.lnk

Screenshots:

To register this rogue application, you can use any email and try the following serial number:

Y86REW-T75FD5-U9VBF4A

How to remove the infection of Internet Security 2012 (Rogue.Win32.InternetSecurity2012)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Internet Security Guard Rogue Removal Instructions

emsi — Mon, 16 Jan 2012 13:19:44 +0000

The Emsisoft malware research team has discovered a new outbreak of the Internet Security Guard. Emsisoft Anti-Malware detects this malware as Rogue.Win32.InternetSecurityGuard.

Internet Security Guard is a rogue application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AllUsersProfile%\Application Data\5c678c\
%AllUsersProfile%\Application Data\5c678c\Quarantine Items\
%AllUsersProfile%\Application Data\5c678c\BackUp\
%AllUsersProfile%\Application Data\5c678c\ISGSys\
%AllUsersProfile%\Application Data\5c678c\5285.mof
%AllUsersProfile%\Application Data\5c678c\IS5c6_8027.exe
%AllUsersProfile%\Application Data\5c678c\ISG.ico
%AllUsersProfile%\Application Data\5c678c\mozcrt19.dll
%AllUsersProfile%\Application Data\5c678c\sqlite3.dll
%AllUsersProfile%\Application Data\ISVLVYG\
%AllUsersProfile%\Application Data\ISVLVYG\ISVJG.cfg
%AppData%\Internet Security Guard\
%AppData%\Internet Security Guard\Instructions.ini
%AppData%\Internet Security Guard\cookies.sqlite
%AppData%\Microsoft\Internet Explorer\Quick Launch\Internet Security Guard.lnk
%UserProfile%\Desktop\Internet Security Guard.lnk
%UserProfile%\Start Menu\Internet Security Guard.lnk
%UserProfile%\Start Menu\Programs\Internet Security Guard.lnk

Create/modify registry entries:

HKEY_LOCAL_MACHINE\software\Classes\clsid\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
(Default) = Implements DocHostUIHandler
LocalServer32 = %AllUsersProfile%\Application Data\5c678c\IS5c6_8027.exe
ProgID = IS5c6_8027.DocHostUIHandler

HKEY_LOCAL_MACHINE\software\Classes\IS5c6_8027.DocHostUIHandler
(Default) = Implements DocHostUIHandler
Clsid = {3F2BBC05-40DF-11D2-9455-00104BC936FF}

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Anti-Virus Professional.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntispywarXP2009.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPro_2010.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxppro2009.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus_Pro.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cl.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\frmwrk32.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gav.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe \
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MalwareRemoval.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pav.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pc.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsAuxs.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsGui.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsTray.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PC_Antispyware2010.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdfndr.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PerAvir.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\qh.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quick Heal.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\QuickHealCleaner.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Save.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveArmor.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveDefense.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveKeep.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secure Veteran.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\secureveteran.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Security Center.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityFighter.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\securitysoldier.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smart.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartprotector.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smrtdefp.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SoftSafeness.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spywarexpguard.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrustWarrior.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsc.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\W3asbas.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winav.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windll32.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows Police Pro.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpdeluxe.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp_antispyware.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe\
Debugger = svchost.exe

HKEY_CURRENT_USER\software\3

HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\
ltTST = 7F3E0000

HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\Download\
CheckExeSignatures = no
RunInvalidSignatures = 01000000

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run\
Home Security Solutions = “%AllUsersProfile%\Application Data\5c678c\IS5c6_8027.exe” /s /d

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\RunOnce\
HSS = “%Temp%\%malwarefile%.exe” /cs:1

Screenshots:

To register and uninstall this rogue application, you can try one of the following serial number:

K7LY-R5GU-SI9D-EVFB
K7LY-H4KA-SI9D-U2FD
U2FD-S2LA-H4KA-UEPB

How to remove the infection of Internet Security Guard (Rogue.Win32.InternetSecurityGuard)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

System Check Rogue Removal Instructions

emsi — Mon, 02 Jan 2012 06:46:47 +0000

The Emsisoft malware research team has discovered a new outbreak of the System Check rogue. Emsisoft Anti-Malware detects this malware as Rogue.Win32.SystemCheck.

System Check is a rogue application, another variant of System Fix, System Restore, Data Restore, Data Recovery, System Recovery, Master Utilities, PC Repair, HDD Repair and System Repair. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AllUsersProfile%\Application Data\[random].exe
%AllUsersProfile%\Application Data\[random].exe
%AllUsersProfile%\Application Data\~[random]
%AllUsersProfile%\Application Data\~[random]r
%AllUsersProfile%\Application Data\[random]
%AppData%\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
%UserProfile%\Desktop\System Check.lnk
%Temp%\3.tmp
%Temp%\smtmp\
%Temp%\smtmp\2\
%Temp%\smtmp\4\
%Temp%\smtmp\1\
%UserProfile%\Start Menu\Programs\System Check\
%UserProfile%\Start Menu\Programs\System Check\Uninstall System Check.lnk
%UserProfile%\Start Menu\Programs\System Check\System Check.lnk

Create/modify registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\policies\system\
DisableTaskMgr = 01000000

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run\
[random].exe = %AllUsersProfile%\Application Data\[random].exe

HKEY_CURRENT_USER\Control Panel\
nsreg = F82D014F

HKEY_CURRENT_USER\Control Panel\
bin = 43003A005C0044006F006…

HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\Download\
CheckExeSignatures = no

HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\Main\
Use FormSuggest = Yes

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Hidden = (empty)
ShowSuperHidden = (empty)
TaskbarGlomming = (empty)
TaskbarGlomLevel = 02000000
Start_ShowControlPanel = (empty)

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\
HidNoChangingWallPaperden = 01000000

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Policies\Associations\
LowRiskFileTypess = .zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi; .mpg;.mpeg;.mov;.mp3;.m3u;.wav;.scr;

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Policies\Attachments\
SaveZoneInformation = 01000000

HKEY_CURRENT_USER\softare\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDesktop = 01000000

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Policies\System\
DisableTaskMgr = 01000000

Screenshots:

To register and uninstall this rogue application, you can try the following serial number, and enter any email:

1203978628012489708290478989147

How to remove the infection of System Check (Rogue.Win32.SystemCheck)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Super AV Rogue Removal Instructions

emsi — Fri, 30 Dec 2011 08:30:20 +0000

The Emsisoft malware research team has discovered a new outbreak of the Super AV. Emsisoft Anti-Malware detects this malware as Rogue.Win32.SuperAV.

Super AV is a rogue application, this is another variant of Antivirii 2011. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%SystemDrive%\xhergjui.exe
%SystemRoot%\bgmgfhpi.exe

Create/modify registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run\
Security = %SystemRoot%\bgmgfhpi.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\
Debugger = %SystemDrive%\xhergjui.exe

Screenshots:

How to remove the infection of Super AV (Rogue.Win32.SuperAV)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Home Security Solutions Rogue Removal Instructions

emsi — Mon, 26 Dec 2011 05:27:44 +0000

The Emsisoft malware research team has discovered a new outbreak of the Home Security Solutions. Emsisoft Anti-Malware detects this malware as Rogue.Win32.HomeSecuritySolutions.

Home Security Solutions is a rogue application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AllUsersProfile%\Application Data\93d79\
%AllUsersProfile%\Application Data\93d79\Quarantine Items\
%AllUsersProfile%\Application Data\93d79\HSSSys\
%AllUsersProfile%\Application Data\93d79\HSS.ico
%AllUsersProfile%\Application Data\93d79\mozcrt19.dll
%AllUsersProfile%\Application Data\93d79\sqlite3.dll
%AllUsersProfile%\Application Data\93d79\HS147.exe
%AllUsersProfile%\Application Data\HSMGPBWS\
%AllUsersProfile%\Application Data\HSMGPBWS\HSVNAS.cfg
%AppData%\Home Security Solutions\
%AppData%\Home Security Solutions\Instructions.ini
%AppData%\Home Security Solutions\ScanDisk_.exe
%AppData%\Home Security Solutions\cookies.sqlite
%AppData%\Microsoft\Internet Explorer\Quick Launch\Home Security Solutions.lnk
%UserProfile%\Desktop\Home Security Solutions.lnk
%UserProfile%\Recent\tjd.sys
%UserProfile%\Recent\tjd.tmp
%UserProfile%\Recent\CLSV.exe
%UserProfile%\Recent\delfile.dll
%UserProfile%\Recent\dudl.tmp
%UserProfile%\Recent\eb.sys
%UserProfile%\Recent\energy.sys
%UserProfile%\Recent\exec.exe
%UserProfile%\Recent\exec.tmp
%UserProfile%\Recent\FW.drv
%UserProfile%\Recent\gid.tmp
%UserProfile%\Recent\hymt.sys
%UserProfile%\Recent\kernel32.drv
%UserProfile%\Recent\pal.exe
%UserProfile%\Recent\PE.tmp
%UserProfile%\Recent\SICKBOY.drv
%UserProfile%\Recent\std.dll
%UserProfile%\Start Menu\Home Security Solutions.lnk
%UserProfile%\Start Menu\Programs\Home Security Solutions.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\Classes\clsid\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
(Default) = Implements DocHostUIHandler
LocalServer32 = %AllUsersProfile%\Application Data\93d79\HS147.exe
ProgID = HS147.DocHostUIHandler

HKEY_LOCAL_MACHINE\software\Classes\HS147.DocHostUIHandler
(Default) = Implements DocHostUIHandler
Clsid = {3F2BBC05-40DF-11D2-9455-00104BC936FF}

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Anti-Virus Professional.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntispywarXP2009.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPro_2010.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxppro2009.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus_Pro.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cl.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\frmwrk32.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gav.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe \
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MalwareRemoval.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pav.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pc.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsAuxs.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsGui.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsTray.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PC_Antispyware2010.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdfndr.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PerAvir.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\qh.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quick Heal.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\QuickHealCleaner.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Save.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveArmor.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveDefense.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveKeep.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secure Veteran.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\secureveteran.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Security Center.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityFighter.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\securitysoldier.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smart.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartprotector.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smrtdefp.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SoftSafeness.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spywarexpguard.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrustWarrior.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsc.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\W3asbas.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winav.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windll32.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows Police Pro.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpdeluxe.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp_antispyware.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe\
Debugger = svchost.exe

HKEY_CURRENT_USER\software\3

HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\
ltTST = 7F3E0000

HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\Download\
CheckExeSignatures = no
RunInvalidSignatures = 01000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun = 01000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\
0 = msseces.exe
1 = MSASCui.exe
2 = ekrn.exe
3 = egui.exe
4 = avgnt.exe
5 = avcenter.exe
6 = avscan.exe
7 = avgfrw.exe
8 = avgui.exe
9 = avgtray.exe
10 = avgscanx.exe
11 = avgcfgex.exe
12 = avgemc.exe
13 = avgchsvx.exe
14 = avgcmgr.exe
15 = avgwdsvc.exe

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run\
Home Security Solutions = “%AllUsersProfile%\Application Data\93d79\HS147.exe” /s /d

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\RunOnce\
HSS = “%Temp%\scandsk211d_8016.exe” /cs:1

Screenshots:

To register and uninstall this rogue application, you can try one of the following serial number:

K7LY-R5GU-SI9D-EVFB
K7LY-H4KA-SI9D-U2FD
U2FD-S2LA-H4KA-UEPB

How to remove the infection of Home Security Solutions (Rogue.Win32.HomeSecuritySolutions)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Security Monitor 2012 Rogue Removal Instructions

emsi — Wed, 14 Dec 2011 13:45:10 +0000

The Emsisoft malware research team has discovered a new outbreak of the Security Monitor 2012. Emsisoft Anti-Malware detects this malware as Rogue.Win32.SecurityMonitor2012.

Security Monitor 2012 is a rogue application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Microsoft\Internet Explorer\Quick Launch\Security Monitor.lnk
%AppData%\Security Monitor\
%AppData%\Security Monitor\IcoHelp.ico
%AppData%\Security Monitor\IcoUninstall.ico
%AppData%\Security Monitor\Security Monitor.exe
%AppData%\Security Monitor\securityhelper.exe
%AppData%\Security Monitor\securitymanager.exe
%AppData%\Security Monitor\IcoActivate.ico
%UserProfile%\Desktop\Security Monitor.lnk
%Temp%\aqfitrlxi2.exe
%Temp%\backd-efq.exe
%Temp%\brdss.exe
%Temp%\bzqa43d.exe
%Temp%\cffd4.exe
%Temp%\cocksucker.exe
%Temp%\cosock.exe
%Temp%\cowceb.exe
%Temp%\cunifuc.exe
%Temp%\d20mes.exe
%Temp%\dc_3.exe
%Temp%\dd10x10.exe
%Temp%\ddoll3342.exe
%Temp%\destroyer.exe
%Temp%\dffuck.exe
%Temp%\dkfjd93.exe
%Temp%\ds7hw.exe
%Temp%\eelnvd13.exe
%Temp%\exppdf_w.exe
%Temp%\fadz43.exe
%Temp%\fe.exe
%Temp%\format.exe
%Temp%\g_dx234.exe
%Temp%\ggwwef9752.exe
%Temp%\gpupz2a.exe
%Temp%\hhbboll_2.exe
%Temp%\hiphop.exe
%Temp%\hodeme.exe
%Temp%\htfad4.exe
%Temp%\hvipws9.exe
%Temp%\jdhellwo3.exe
%Temp%\jkfuckfu.exe
%Temp%\jofcdks.exe
%Temp%\kjdh_gf_jjdhgd.exe
%Temp%\kjh102k3.exe
%Temp%\kn.a.exe
%Temp%\kock.exe
%Temp%\ljts-23.exe
%Temp%\lkhgg_ea.exe
%Temp%\lols.exe
%Temp%\ploper.exe
%Temp%\poertd.exe
%Temp%\ppddfcfux.exxe
%Temp%\protector2.exe
%Temp%\pswwg3c.exe
%Temp%\puzpup.exe
%Temp%\qwedvor.exe
%Temp%\qwklrvjhqlkj.exe
%Temp%\r0life.exe
%Temp%\rator.exe
%Temp%\rtfme.exe
%Temp%\safe.exe
%Temp%\snowif.exe
%Temp%\sycre.exe
%Temp%\timem.exe
%Temp%\tryh-blv.exe
%Temp%\w32-reno-c.exe
%Temp%\w32rim_mem.exe
%Temp%\warsddd_w.exe
%Temp%\wefgetn_00.exe
%Temp%\wined.exe
%Temp%\winifi.exe
%Temp%\wrcud12.exe
%Temp%\wrfwe_di.exe
%Temp%\wwautrsd.exe
%Temp%\wwwsssgen.exe
%Temp%\_2.tmp
%Temp%\1iowieoo.exe
%Temp%\02c9c3c35bdx5.exe
%Temp%\8gmsed-bd.exe
%Temp%\17dkf.exe
%Temp%\472a10e2ebxd9.exe
%Temp%\56493.exe
%Temp%\ae0965a7157cd.exe
%Temp%\al3erfa3.exe
%Temp%\alerfa.exe
%Temp%\alerfa2.exe
%Temp%\altedf.exe
%UserProfile%\Start Menu\Programs\Security Monitor.lnk
%UserProfile%\Start Menu\Programs\Security Monitor\
%UserProfile%\Start Menu\Programs\Security Monitor\Help Security Monitor.lnk
%UserProfile%\Start Menu\Programs\Security Monitor\How to Activate Security Monitor.lnk
%UserProfile%\Start Menu\Programs\Security Monitor\Security Monitor.lnk
%UserProfile%\Start Menu\Programs\Security Monitor\Activate Security Monitor.lnk

Create new registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run\
Security Monitor = “%AppData%\Security Monitor\Security Monitor.exe” /STARTUP
Security Monitor 2012 Security = %AppData%\Security Monitor\securitymanager.exe

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Uninstall\Security Monitor\
DisplayName = Security Monitor
UninstallString = “%AppData%\Security Monitor\securityhelper.exe” /UNINSTALL
DisplayIcon = “%AppData%\Security Monitor\securityhelper.exe”,1

HKEY_CURRENT_USER\software\Security Monitor\
(Default) = %AppData%\Security Monitor
BuyUrl = B65B17E3F9DA41446905D3BE0E550632B225D0DB132371E38F96D84D2B2F05B40CF125…
uninstaller = %AppData%\Security Monitor\securityhelper.exe
ADVid = 390
InstallDir = %AppData%\Security Monitor\
SoftID = Security Monitor
ScanSystemOnStartup = 01000000
AutomaticallyUpdates = 01000000
BackgroundScan = 01000000
BackgroundScanTimeout = 01000000
tb = DB070C0003000E000D00090015002202
InstNM =%AppData%\Security Monitor\Security Monitor.exe
LastTimeStamp = FD000000
LastUpdateDate = 2011/11/23

Screenshots:

How to remove the infection of Security Monitor 2012 (Rogue.Win32.SecurityMonitor2012)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

XP Antivirus 2012 (MultiFakeAV) Rogue Removal Instructions

emsi — Tue, 29 Nov 2011 13:51:44 +0000

The Emsisoft malware research team has discovered a new outbreak of the XP Antivirus 2012 (MultiFakeAV). Emsisoft Anti-Malware detects this malware as Rogue.Win32.MultiFakeAV.

XP Antivirus 2012 is a rogue application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase. This rogue scanner program able to change their name depend on the operating system, on Windows 7 for example, the name is “Win 7 Antispyware 2012“.

Create new files:

%AllUsersProfile%\Application Data\157850g1p046c522p184r5dtv4q8
%AppData%\157850g1p046c522p184r5dtv4q8
%Temp%\157850g1p046c522p184r5dtv4q8
%UserProfile%\Templates\157850g1p046c522p184r5dtv4q8
%UserProfile%\Local Settings\Application Data\%random%.exe

Create/modify new registry entries:

HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\
command = “%UserProfile%\Local Settings\Application Data\%random%.exe” -a “C:\Program Files\Mozilla Firefox\firefox.exe”

HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\
command = “%UserProfile%\Local Settings\Application Data\%random%.exe” -a “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode

HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\
command = “%UserProfile%\Local Settings\Application Data\%random%.exe” -a “C:\Program Files\Internet Explorer\iexplore.exe”

HKEY_CLASSES_ROOT\.exe
(Default) = exefile

HKEY_CLASSES_ROOT\.exe\
Content Type = application/x-msdownload
DefaultIcon = %1

HKEY_CLASSES_ROOT\.exe\shell\open\command
(Default) = “%UserProfile%\Local Settings\Application Data\%random%.exe” -a “%1″ %*
IsolatedCommand = “%1″ %*

HKEY_CLASSES_ROOT\.exe\shell\runas\command
(Default) = “%1″ %*
IsolatedCommand = “%1″ %*

HKEY_CLASSES_ROOT\exefile
(Default) = Application
Content Type = application/x-msdownload
DefaultIcon = %1

HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = “%UserProfile%\Local Settings\Application Data\%random%.exe” -a “%1″ %*
IsolatedCommand = “%1″ %*

HKEY_CLASSES_ROOT\exefile\shell\runas\command
(Default) = “%1″ %*
IsolatedCommand = “%1″ %*

Screenshots:

To register and uninstall this rogue application, you can try the following serial number:

3425-814615-3990

How to remove the infection of XP Antivirus 2012 (MultiFakeAV) (Rogue.Win32.MultiFakeAV)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Cloud AV 2012 Rogue Removal Instructions

emsi — Fri, 25 Nov 2011 06:54:00 +0000

The Emsisoft malware research team has discovered a new outbreak of the Cloud AV 2012. Emsisoft Anti-Malware detects this malware as Rogue.Win32.CloudAV2012.

Cloud AV 2011 is a rogue application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

The following is another variant of AV Protection 2011:

Create new files:

%ProgramFiles%\4DA54\
%ProgramFiles%\4DA54\lvvm.exe
%ProgramFiles%\LP\
%ProgramFiles%\LP\41F5\
%ProgramFiles%\LP\41F5\9.tmp
%ProgramFiles%\LP\41F5\18.tmp
%ProgramFiles%\LP\41F5\A.tmp
%ProgramFiles%\LP\41F5\C29.exe
%SystemRoot%\system32\Cloud AV 2012v121.exe
%AppData%\ahst.lni
%AppData%\dwme.exe
%AppData%\50C4D\
%AppData%\50C4D\57741.exe
%AppData%\50C4D\DA54.0C4
%AppData%\z8gTZqhYCkVlNx0\
%AppData%\DaQH6sWK7R9TqUe\
%AppData%\uS2ibF3pn5Q6W8R\
%AppData%\XZqjYCekIr\
%UserProfile%\Desktop\Cloud AV 2012.lnk
%Temp%\8.tmp
%Temp%\dwme.exe
%UserProfile%\Start Menu\Programs\Cloud AV 2012\
%UserProfile%\Start Menu\Programs\Cloud AV 2012\Cloud AV 2012.lnk

Create/modify registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run\
fgRZ9hYXwUeOtPy8234A = %SystemRoot%\system32\Cloud AV 2012v121.exe
pIBrzPNyx1v2b4m = %AppData%\dwme.exe
C29.exe = %ProgramFiles%\LP\41F5\C29.exe

HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\wscsvc\
Start = 0×00000003

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon\
Shell = explorer.exe,%AppData%\50C4D\57741.exe

Screenshots:

To register and uninstall this rogue application, you can try the following serial number:

9992665263

How to remove the infection of Cloud AV 2012 (Rogue.Win32.CloudAV2012)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

AV Protection 2011 Rogue Removal Instructions

emsi — Wed, 23 Nov 2011 16:48:57 +0000

The Emsisoft malware research team has discovered a new outbreak of the AV Protection 2011. Emsisoft Anti-Malware detects this malware as Rogue.Win32.AVProtection2011.

AV Protection 2011 is a rogue application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

The following is another variant of AV Protection 2011:

Create new files and folders:

%ProgramFiles%\4DA54\
%ProgramFiles%\4DA54\lvvm.exe
%ProgramFiles%\LP\
%ProgramFiles%\LP\41F5\
%ProgramFiles%\LP\41F5\17.tmp
%ProgramFiles%\LP\41F5\18.tmp
%ProgramFiles%\LP\41F5\19.tmp
%ProgramFiles%\LP\41F5\C29.exe
%SystemRoot%\system32\AV Protection 2011v121.exe
%AppData%\dwme.exe
%AppData%\ldr.ini
%AppData%\50C4D\
%AppData%\50C4D\DA54.0C4
%AppData%\50C4D\57741.exe
%AppData%\fJ6dEK8fR9YwUeO\
%AppData%\gkIVrlONtAuSiFp\
%AppData%\hP0ycS1iv3n4m6W\
%AppData%\XP0ucS1ib3n4Q6W\
%UserProfile%\Desktop\AV Protection 2011.lnk
%Temp%\dwme.exe
%Temp%\1A.tmp
%Temp%\16.tmp
%UserProfile%\Start Menu\Programs\AV Protection 2011\
%UserProfile%\Start Menu\Programs\AV Protection 2011\AV Protection 2011.lnk

Create/modify registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run\
jD2onF4pm5W7E8T8234A = %SystemRoot%\system32\AV Protection 2011v121.exe
AG5aQJ6dW8R9TwU = %AppData%\dwme.exe
C29.exe = %ProgramFiles%\LP\41F5\C29.exe

HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\wscsvc\
Start = 03000000

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon\
Shell = explorer.exe,%AppData%\50C4D\57741.exe

Screenshots:

To register and uninstall this rogue application, you can try the following serial number:

9992665263

How to remove the infection of AV Protection 2011 (Rogue.Win32.AVProtection2011)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

System Fix Rogue Removal Instructions

emsi — Tue, 15 Nov 2011 09:31:34 +0000

The Emsisoft malware research team has discovered a new outbreak of the System Fix rogue. Emsisoft Anti-Malware detects this malware as Rogue.Win32.SystemFix.

System Fix is a rogue application, another variant of System Restore, Data Restore, Data Recovery, System Recovery, Master Utilities, PC Repair, HDD Repair and System Repair. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AllUsersProfiles%\Application Data\[random]
%AllUsersProfiles%\Application Data\[random].exe
%AllUsersProfiles%\Application Data\[random].exe
%AllUsersProfiles%\Application Data\~[random]
%AllUsersProfiles%\Application Data\~[random]
%AllUsersProfiles%\Local Settings\Temp\37dbffa0005fc824.exe
%AppData%\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
%UserProfile%\Desktop\System Fix.lnk
%Temp%\36.tmp
%Temp%\ulN4aaevqp3o76.exe.tmp
%Temp%\smtmp\
%Temp%\smtmp\1\
%Temp%\smtmp\2\
%Temp%\smtmp\4\
%UserProfile%\Start Menu\Programs\System Fix\
%UserProfile%\Start Menu\Programs\System Fix\System Fix.lnk
%UserProfile%\Start Menu\Programs\System Fix\Uninstall System Fix.lnk

Create/modify registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
[random]: %AllUsersProfiles%\Local Settings\Temp\37dbffa0005fc824.exe

HKEY_CURRENT_USER\Control Panel\
nsreg: 0010C24E
bin: 43003A005C0044006F00630075006D006500…

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\
DisableTaskMgr: 0×00000001

HKEY_CURRENT_USER\Software\
75fa38b7-8b94-4995-ad32-52e938867954:
BD: 43 00 3A 00 5C 00 44 00 6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 73 00 20 00 61 00…

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\
Use FormSuggest: “Yes”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
WarnonBadCertRecving: 0×00000000
CertificateRevocation: 0×00000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\
NoChangingWallPaper: 0×00000001
HidNoChangingWallPaperden: 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDesktop: 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\
LowRiskFileTypes: “.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;
.mp3;.m3u;.wav;.scr;”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\
SaveZoneInformation: 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
%random%: “%AllUsersProfile%\Application Data\%random%.exe”

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\
CheckExeSignatures: “no”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Hidden: 0×00000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
ShowSuperHidden: 0×00000000

HTTP Requests:

ld2repgnifnmgfk.com
85.121.39.27
galaxyadvanta.com
pubidviseron.com
subishiphil.com

Screenshots:

To register and uninstall this rogue application, you can try the following serial number, and enter any email:

1203978628012489708290478989147

How to remove the infection of System Fix (Rogue.Win32.SystemFix)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

AV Security 2012 Adware Removal Instructions

emsi — Thu, 10 Nov 2011 13:05:24 +0000

The Emsisoft malware research team has discovered a new outbreak of the AV Security 2012. Emsisoft Anti-Malware detects this malware as Adware.Win32.AVSecurity2012.

AV Security 2012 is a rogue application. This is another variant of System Security 2011, AV Protection Online, Guard Online and Cloud Protection. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%SystemRoot%\system32\AV Security 2012v121.exe
%AppData%\ldr.ini
%AppData%\[random]\
%AppData%\[random]\
%AppData%\[random]\AV Security 2012.ico
%AppData%\[random]\
%UserProfile%\Desktop\AV Security 2012.lnk
%UserProfile%\Local Settings\Temp\B.tmp
%UserProfile%\Start Menu\Programs\AV Security 2012\
%UserProfile%\Start Menu\Programs\AV Security 2012\AV Security 2012.lnk

Create new registry entry:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run
“[random]=%SystemRoot%\system32\AV Security 2012v121.exe”

Screenshots:

To register and uninstall this rogue application, you can try the following serial number:

9992665263

How to remove the infection of AV Security 2012 (Adware.Win32.AVSecurity2012)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Privacy Protection Adware Removal Instructions

emsi — Mon, 07 Nov 2011 09:23:52 +0000

The Emsisoft malware research team has discovered a new outbreak of the Privacy Protection. Emsisoft Anti-Malware detects this malware as Adware.Win32.PrivacyProtection.

Privacy Protection is a rogue application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AllUsersProfiles%\Application Data\privacy.exe
%AllUsersProfiles%\Desktop\Privacy Protection.lnk
%Temp%\6C.tmp

Create new registry entries:

HKEY_CURRENT_USER\Software\EFF9375FC10561A906A809B93DD5038F
FRun=”0″
O`ld=”Qshw`bx!Qsnudbuhno”
Q`ui=”B;]Enbtldour!`oe!Rduuhofr]@mm!Trdsr]@qqmhb`uhno!E…”

HKEY_CURRENT_USER|\Software\Microsoft\Windows\CurrentVersion\Run
Privacy Protection = %AllUsersProfiles%\Application Data\privacy.exe

Screenshots:

How to remove the infection of Privacy Protection (Adware.Win32.PrivacyProtection)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

System Security 2011 Adware Removal Instructions

emsi — Mon, 24 Oct 2011 02:57:03 +0000

The Emsisoft malware research team has discovered a new outbreak of the System Security 2011. Emsisoft Anti-Malware detects this malware as Adware.Win32.SystemSecurity2011.

System Security 2011 is a rogue application. This is another variant of AV Protection Online, Guard Online and Cloud Protection. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%SystemRoot%\system32\[random].exe
%AppData%\ldr.ini
%AppData%\svhostu.exe
%AppData%\[random]\
%AppData%\[random]\
%AppData%\[random]\
%AppData%\[random]\System Security 2011.ico
%AppData%\[random]\
%UserProfile%\Desktop\System Security 2011.lnk
%UserProfile%\Local Settings\Temp\B.tmp
%UserProfile%\Local Settings\Temp\svhostu.exe
%UserProfile%\Start Menu\Programs\System Security 2011\
%UserProfile%\Start Menu\Programs\System Security 2011\System Security 2011.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run\
(String) [random] = %SystemRoot%\system32\[random].exe
(String) [random] = %AppData%\svhostu.exe

Screenshots:

To register and uninstall this rogue application, you can try the following serial number:

9992665263

How to remove the infection of System Security 2011 (Adware.Win32.SystemSecurity2011)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

AV Protection Online Adware Removal Instructions

emsi — Wed, 19 Oct 2011 16:54:07 +0000

The Emsisoft malware research team has discovered a new outbreak of the AV Protection Online. Emsisoft Anti-Malware detects this malware as Adware.Win32.AVProtectionOnline.

AV Protection Online is a rogue application. This is another variant of Guard Online and Cloud Protection. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%SystemRoot%\system32\[random].exe
%AppData%\[random]\
%AppData%\[random]\
%AppData%\[random]\
%AppData%\[random]\
%AppData%\[random]\AV Protection Online.ico
%AppData%\ldr.ini
%AppData%\svhostu.exe
%UserProfile%\Desktop\AV Protection Online.lnk
%UserProfile%\Local Settings\Temp\svhostu.exe
%UserProfile%\Local Settings\Temp\B.tmp
%UserProfile%\Start Menu\Programs\AV Protection Online\
%UserProfile%\Start Menu\Programs\AV Protection Online\AV Protection Online.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run\
(String) [random] = %SystemRoot%\system32\[random].exe
(String) [random] = %UserProfile%\Local Settings\Temp\svhostu.exe

Screenshots:

To register and uninstall this rogue application, you can try the following serial number:

9992665263

How to remove the infection of AV Protection Online (Adware.Win32.AVProtectionOnline)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Cloud Protection Adware Removal Instructions

emsi — Wed, 12 Oct 2011 15:29:01 +0000

The Emsisoft malware research team has discovered a new outbreak of the Cloud Protection. Emsisoft Anti-Malware detects this malware as Adware.Win32.CloudProtection.

Cloud Protection is a rogue application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%ProgramFiles%\Internet Explorer\BE.tmp
%SystemRoot%\system32\%random%.exe
%AppData%\svhostu.exe
%AppData%\ldr.ini
%AppData%\%random%\
%AppData%\%random%\
%AppData%\%random%\
%AppData%\%random%\Cloud Protection.ico
%AppData%\%random%\
%UserProfile%\Desktop\Cloud Protection.lnk
%UserProfile%\Local Settings\Temp\BF.tmp
%UserProfile%\Local Settings\Temp\C1.tmp
%UserProfile%\Local Settings\Temp\svhostu.exe
%UserProfile%\Start Menu\Programs\Cloud Protection\
%UserProfile%\Start Menu\Programs\Cloud Protection\Cloud Protection.lnk
%UserProfile%\Start Menu\Programs\Startup\crss.exe

Create new registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run
“%random%=C:\WINDOWS\system32\%random%.exe”
“%random%=%UserProfile%\Local Settings\Temp\svhostu.exe”

Screenshots:

To register and uninstall this rogue application, you can try the following serial number:

9992665263

How to remove the infection of Cloud Protection (Adware.Win32.CloudProtection)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Guard Online Adware Removal Instructions

emsi — Wed, 12 Oct 2011 09:07:51 +0000

The Emsisoft malware research team has discovered a new outbreak of the Guard Online. Emsisoft Anti-Malware detects this malware as Adware.Win32.GuardOnline.

Guard Online is a rogue application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%ProgramFiles%\Internet Explorer\5C.tmp
%SystemRoot%\system32\%random%.exe
%AppData%\ldr.ini
%AppData%\%random%\
%AppData%\%random%\
%AppData%\%random%\Guard Online .ico
%AppData%\%random%\
%UserProfile%\Desktop\Guard Online .lnk
%UserProfile%\Local Settings\Temp\DX5B.tmp
%UserProfile%\Local Settings\Temp\DX5B.tmp.exe
%UserProfile%\Local Settings\Temp\5D.tmp
%UserProfile%\Start Menu\Programs\Guard Online\
%UserProfile%\Start Menu\Programs\Startup\crss.exe

Create new registry entry:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run
“%random%=%SystemRoot%\system32\%random%.exe”

Screenshots:

To register and uninstall this rogue application, you can try the following serial number:

9992665263

How to remove the infection of Guard Online (Adware.Win32.GuardOnline)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

System Restore Adware Removal Instructions

emsi — Wed, 12 Oct 2011 08:54:26 +0000

The Emsisoft malware research team has discovered a new outbreak of the System Restore adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.SystemRestore.

System Restore is a rogue application, another variant of Data Restore, Data Recovery, System Recovery, Master Utilities, PC Repair, HDD Repair and System Repair. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AllUsersProfiles%\Application Data\~%random%r
%AllUsersProfiles%\Application Data\%random%.exe
%AllUsersProfiles%\Application Data\%random%.exe
%AllUsersProfiles%\Application Data\%random%
%AllUsersProfiles%\Application Data\~%random%
%UserProfile%\Desktop\System Restore.lnk
%UserProfile%\Local Settings\Temp\smtmp\
%UserProfile%\Local Settings\Temp\smtmp\1\
%UserProfile%\Local Settings\Temp\smtmp\2\
%UserProfile%\Local Settings\Temp\smtmp\4\
%UserProfile%\Start Menu\Programs\System Restore\
%UserProfile%\Start Menu\Programs\System Restore\System Restore.lnk
%UserProfile%\Start Menu\Programs\System Restore\Uninstall System Restore.lnk

Create/modify registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\
DisableTaskMgr: 0×00000001

HKEY_CURRENT_USER\Software\
75fa38b7-8b94-4995-ad32-52e938867954:
BD: 43 00 3A 00 5C 00 44 00 6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 73 00 20 00 61 00…

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\
Use FormSuggest: “Yes”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
WarnonBadCertRecving: 0×00000000
CertificateRevocation: 0×00000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\
NoChangingWallPaper: 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDesktop: 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\
LowRiskFileTypes: “.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;
.mp3;.m3u;.wav;.scr;”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\
SaveZoneInformation: 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
%random%: “%AllUsersProfile%\Application Data\%random%.exe”

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\
CheckExeSignatures: “no”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Hidden: 0×00000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
ShowSuperHidden: 0×00000000

Screenshots:

To register and uninstall this rogue application, you can try the following serial number, and enter any email:

1203978628012489708290478989147

How to remove the infection of System Restore (Adware.Win32.SystemRestore)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

AV Guard Online Adware Removal Instructions

emsi — Thu, 06 Oct 2011 06:09:56 +0000

The Emsisoft malware research team has discovered a new outbreak of the AV Guard Online. Emsisoft Anti-Malware detects this malware as Adware.Win32.AVGuardOnline.

AV Guard Online is a rogue application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%SystemRoot%\system32\W1ivD3onFaHsJfL.exe
%SystemRoot%\system32\lvvm.exe
%AppData%\zA0uvS2ib3m5Q6EAV Guard Online.ico
%AppData%\conhost.exe
%AppData%\csrss.exe
%AppData%\E84E.1B6
%AppData%\ldr.ini
%AppData%\VwjUVelIBz0c\
%AppData%\zA0uvS2ib3m5Q6E\
%AppData%\nTZqjYCwkVzN\
%AppData%\Microsoft\csrss.exe
%UserProfile%\Desktop\AV Guard Online.lnk
%Temp%\4F.tmp
%Temp%\53.tmp
%Temp%\54.tmp
%Temp%\55.tmp
%UserProfile%\Start Menu\Programs\AV Guard Online\
%UserProfile%\Start Menu\Programs\AV Guard Online\AV Guard Online.lnk

Create/modify registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run
“gTZqjYCkIrOyAuS8234A=%SystemRoot%\system32\W1ivD3onFaHsJfL.exe”

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run
“conhost=%AppData%\Microsoft\csrss.exe”

HKEY_LOCAL_MACHINE\system\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings
“ProxyEnable=00000001″

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings
“ProxyEnable=00000001″

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings
“ProxyServer=http=127.0.0.1:53717″

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
“DefaultConnectionSettings=3C0000000B0000000…”

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
“SavedLegacySettings=3C0000006B0000000…”

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
“%RANDOM%=%AppData%\csrss.exe”

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Windows
“Load=%SystemRoot%\system32\lvvm.exe”

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
“Shell=explorer.exe,%AppData%\conhost.exe”

Screenshots:

To register and uninstall this rogue application, you can try the following serial number:

9992665263

How to remove the infection of AV Guard Online (Adware.Win32.AVGuardOnline)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Security Guard 2012 Adware Removal Instructions

emsi — Thu, 06 Oct 2011 05:50:54 +0000

The Emsisoft malware research team has discovered a new outbreak of the Security Guard 2012. Emsisoft Anti-Malware detects this malware as Adware.Win32.SecurityGuard2012.

Security Guard 2012 is a rogue application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%SystemRoot%\system32\s4aQH6dWKfLhXjC.exe
%AppData%\livD2onF4Security Guard 2012.ico
%AppData%\GUVrlOBtx0c1b3n\
%AppData%\iXwjUCelItPyA\
%AppData%\livD2onF4\
%AppData%\ldr.ini
%UserProfile%\Desktop\Security Guard 2012.lnk
%Temp%\16.tmp
%UserProfile%\Start Menu\Programs\Security Guard 2012\
%UserProfile%\Start Menu\Programs\Security Guard 2012\Security Guard 2012.lnk

Create new registry entry:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run
(String) OlIBrzPNyAuDoFp8234A = %SystemRoot%\system32\s4aQH6dWKfLhXjC.exe

Screenshots:

To register and uninstall this rogue application, you can try the following serial number:

9992665263

How to remove the infection of Security Guard 2012 (Adware.Win32.SecurityGuard2012)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Security Sphere 2012 Removal Instructions

emsi — Mon, 03 Oct 2011 12:04:48 +0000

The Emsisoft malware research team has discovered a new outbreak of the Security Sphere 2012. Emsisoft Anti-Malware detects this malware as Trojan.Win32.SecuritySphere.

Security Sphere 2012 is a rogue application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AllUsersProfiles%\Application Data\%random%\
%AllUsersProfiles%\Application Data\%random%\%random%
%AllUsersProfiles%\Application Data\%random%\%random%.exe

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\%random%
(String) “%AllUsersProfiles%\Application Data\%random%\%random%.exe”

Screenshots:

To register and uninstall this rogue application, you can try the following serial number:

8945315-6548431

How to remove the infection of Security Sphere 2012 (Trojan.Win32.SecuritySphere)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Data Restore Adware Removal Instructions

emsi — Mon, 03 Oct 2011 11:38:43 +0000

The Emsisoft malware research team has discovered a new outbreak of the Data Restore adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.DataRestore.

Data Restore is a rogue application, another variant of Data Recovery, System Recovery, Master Utilities, PC Repair, HDD Repair and System Repair. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AllUsersProfiles%\Application Data\~%random%r
%AllUsersProfiles%\Application Data\%random%.exe
%AllUsersProfiles%\Application Data\%random%.exe
%AllUsersProfiles%\Application Data\%random%
%AllUsersProfiles%\Application Data\~%random%
%UserProfile%\Desktop\Data Restore.lnk
%UserProfile%\Local Settings\Temp\smtmp\
%UserProfile%\Local Settings\Temp\smtmp\1\
%UserProfile%\Local Settings\Temp\smtmp\2\
%UserProfile%\Local Settings\Temp\smtmp\4\
%UserProfile%\Start Menu\Programs\Data Restore\
%UserProfile%\Start Menu\Programs\Data Restore\Data Restore.lnk
%UserProfile%\Start Menu\Programs\Data Restore\Uninstall Data Restore.lnk

Create/modify registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\
DisableTaskMgr: 0×00000001

HKEY_CURRENT_USER\Software\
75fa38b7-8b94-4995-ad32-52e938867954:
BD: 43 00 3A 00 5C 00 44 00 6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 73 00 20 00 61 00…

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\
Use FormSuggest: “Yes”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
WarnonBadCertRecving: 0×00000000
CertificateRevocation: 0×00000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\
NoChangingWallPaper: 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDesktop: 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\
LowRiskFileTypes: “.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;
.mp3;.m3u;.wav;.scr;”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\
SaveZoneInformation: 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
%random%: “%AllUsersProfile%\Application Data\%random%.exe”

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\
CheckExeSignatures: “no”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Hidden: 0×00000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
ShowSuperHidden: 0×00000000

Screenshots:

To register and uninstall this rogue application, you can try one of the following serial number, and enter any email:

1203978628012489708290478989147
8475082234984902023718742058948

How to remove the infection of Data Restore (Adware.Win32.DataRestore)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Total Protect Adware Removal Instructions

emsi — Fri, 23 Sep 2011 16:50:44 +0000

The Emsisoft malware research team has discovered a new outbreak of the Total Protect adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.TotalProtectAV.

Total Protect is a rogue application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new file:

%UserProfile%\Application Data\RtlDriver32.exe

Create new registry entry:

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run
(String) {56321-2157-3235-3211} = %UserProfile%\Application Data\RtlDriver32.exe

Screenshots:

How to remove the infection of Total Protect (Adware.Win32.TotalProtectAV)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Data Recovery Adware Removal Instructions

emsi — Thu, 15 Sep 2011 07:27:24 +0000

The Emsisoft malware research team has discovered a new outbreak of the Data Recovery adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.DataRecovery.

Data Recovery is a rogue application, another variant of System Recovery, Master Utilities, PC Repair, HDD Repair and System Repair. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AllUsersProfiles%\Application Data\~%random%r
%AllUsersProfiles%\Application Data\%random%.exe
%AllUsersProfiles%\Application Data\%random%.exe
%AllUsersProfiles%\Application Data\%random%
%AllUsersProfiles%\Application Data\~%random%
%UserProfile%\Desktop\Data Recovery.lnk
%UserProfile%\Local Settings\Temp\smtmp\
%UserProfile%\Local Settings\Temp\smtmp\1\
%UserProfile%\Local Settings\Temp\smtmp\2\
%UserProfile%\Local Settings\Temp\smtmp\4\
%UserProfile%\Start Menu\Programs\Data Recovery\
%UserProfile%\Start Menu\Programs\Data Recovery\Data Recovery.lnk
%UserProfile%\Start Menu\Programs\Data Recovery\Uninstall Data Recovery.lnk

Create/modify registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\
DisableTaskMgr: 0×00000001

HKEY_CURRENT_USER\Software\
75fa38b7-8b94-4995-ad32-52e938867954:
BD: 43 00 3A 00 5C 00 44 00 6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 73 00 20 00 61 00…

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\
Use FormSuggest: “Yes”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
WarnonBadCertRecving: 0×00000000
CertificateRevocation: 0×00000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\
NoChangingWallPaper: 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDesktop: 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\
LowRiskFileTypes: “.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;
.mp3;.m3u;.wav;.scr;”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\
SaveZoneInformation: 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
%random%: “%AllUsersProfile%\Application Data\%random%.exe”

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\
CheckExeSignatures: “no”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Hidden: 0×00000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
ShowSuperHidden: 0×00000000

Screenshots:

To register and uninstall this rogue application, you can try one of the following serial number, and enter any email:

1203978628012489708290478989147
8475082234984902023718742058948

How to remove the infection of Data Recovery (Adware.Win32.DataRecovery)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

OpenCloud Security Adware Removal Instructions

emsi — Mon, 05 Sep 2011 06:38:35 +0000

The Emsisoft malware research team has discovered a new outbreak of the OpenCloud Security adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.OpenCloudSecurity.

OpenCloud Security is a rogue application, another variant of OpenCloud Antivirus. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%UserProfile%\Application Data\OpenCloud Security\
%UserProfile%\Application Data\OpenCloud Security\OpenCloud Security.ico
%UserProfile%\Application Data\OpenCloud Security\wf.conf
%UserProfile%\Application Data\OpenCloud Security\OpenCloud Security.exe
%UserProfile%\Desktop\OpenCloud Security.lnk
%UserProfile%\Local Settings\Temp\1.tmp
%UserProfile%\Start Menu\Programs\OpenCloud Security\
%UserProfile%\Start Menu\Programs\OpenCloud Security\OpenCloud Security.lnk

Screenshots:

How to remove the infection of OpenCloud Security (Adware.Win32.OpenCloudSecurity)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

System Recovery Adware Removal Instructions

emsi — Mon, 05 Sep 2011 06:28:03 +0000

The Emsisoft malware research team has discovered a new outbreak of the System Recovery adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.SystemRecovery.

System Recovery is a rogue application, another variant of Master Utilities, PC Repair, HDD Repair and System Repair. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AllUsersProfiles%\Application Data\~%random%r
%AllUsersProfiles%\Application Data\%random%.exe
%AllUsersProfiles%\Application Data\%random%
%AllUsersProfiles%\Application Data\~%random%
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\System Recovery.lnk
%UserProfile%\Desktop\System Recovery.lnk
%UserProfile%\Local Settings\Temp\tmp1914.tmp
%UserProfile%\Start Menu\Programs\System Recovery\
%UserProfile%\Start Menu\Programs\System Recovery\System Recovery.lnk
%UserProfile%\Start Menu\Programs\System Recovery\Uninstall System Recovery.lnk

Create/modify registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\
DisableTaskMgr: 0×00000001

HKEY_CURRENT_USER\Software\
75fa38b7-8b94-4995-ad32-52e938867954:
BD: 43 00 3A 00 5C 00 44 00 6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 73 00 20 00 61 00…

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\
Use FormSuggest: “Yes”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
WarnonBadCertRecving: 0×00000000
CertificateRevocation: 0×00000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\
NoChangingWallPaper: 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\
LowRiskFileTypes: “/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\
SaveZoneInformation: 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
%random%: “%AllUsersProfile%\Application Data\%random%.exe”

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\
CheckExeSignatures: “no”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Hidden: 0×00000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
ShowSuperHidden: 0×00000000

Screenshots:

To register and uninstall this rogue application, you can try one of the following serial number, and enter any email:

1203978628012489708290478989147
8475082234984902023718742058948

How to remove the infection of System Recovery (Adware.Win32.SystemRecovery)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Master Utilities Adware Removal Instructions

emsi — Mon, 05 Sep 2011 06:21:37 +0000

The Emsisoft malware research team has discovered a new outbreak of the Master Utilities adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.MasterUtilities.

Master Utilities is a rogue application, another variant of PC Repair, HDD Repair and System Repair. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AllUsersProfiles%\Application Data\~%random%r
%AllUsersProfiles%\Application Data\%random%.exe
%AllUsersProfiles%\Application Data\%random%
%AllUsersProfiles%\Application Data\~%random%
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Master Utilities.lnk
%UserProfile%\Desktop\Master Utilities.lnk
%UserProfile%\Local Settings\Temp\tmp7CC8.tmp
%UserProfile%\Start Menu\Programs\Master Utilities\
%UserProfile%\Start Menu\Programs\Master Utilities\Master Utilities.lnk
%UserProfile%\Start Menu\Programs\Master Utilities\Uninstall Master Utilities.lnk

Create/modify registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\
DisableTaskMgr: 0×00000001

HKEY_CURRENT_USER\Software\
75fa38b7-8b94-4995-ad32-52e938867954:
BD: 43 00 3A 00 5C 00 44 00 6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 73 00 20 00 61 00…

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\
Use FormSuggest: “Yes”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
WarnonBadCertRecving: 0×00000000
CertificateRevocation: 0×00000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\
NoChangingWallPaper: 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\
LowRiskFileTypes: “/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\
SaveZoneInformation: 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
%random%: “%AllUsersProfile%\Application Data\%random%.exe”

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\
CheckExeSignatures: “no”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Hidden: 0×00000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
ShowSuperHidden: 0×00000000

Screenshots:

To register and uninstall this rogue application, you can try one of the following serial number, and enter any email:

1203978628012489708290478989147
8475082234984902023718742058948

How to remove the infection of Master Utilities (Adware.Win32.MasterUtilities)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

PC Repair Adware Removal Instructions

emsi — Mon, 29 Aug 2011 20:11:15 +0000

The Emsisoft malware research team has discovered a new outbreak of the PC Repair adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.PCRepair.

PC Repair is a rogue application, another variant of HDD Repair and System Repair. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AllUsersProfiles%\Application Data\~%random%r
%AllUsersProfiles%\Application Data\%random%.exe
%AllUsersProfiles%\Application Data\%random%
%AllUsersProfiles%\Application Data\~%random%
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Repair.lnk
%UserProfile%\Desktop\PC Repair.lnk
%UserProfile%\Local Settings\Temp\smtmp\
%UserProfile%\Local Settings\Temp\smtmp\4\
%UserProfile%\Local Settings\Temp\smtmp\1\
%UserProfile%\Local Settings\Temp\smtmp\2\
%UserProfile%\Start Menu\Programs\PC Repair\
%UserProfile%\Start Menu\Programs\PC Repair\PC Repair.lnk
%UserProfile%\Start Menu\Programs\PC Repair\Uninstall PC Repair.lnk

Create/modify registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\
DisableTaskMgr: 0×00000001

HKEY_CURRENT_USER\Software\
75fa38b7-8b94-4995-ad32-52e938867954:
BD: 43 00 3A 00 5C 00 44 00 6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 73 00 20 00 61 00…

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\
Use FormSuggest: “Yes”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
WarnonBadCertRecving: 0×00000000
CertificateRevocation: 0×00000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\
NoChangingWallPaper: 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\
LowRiskFileTypes: “/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\
SaveZoneInformation: 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
%random%: “%AllUsersProfile%\Application Data\%random%.exe”

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\
CheckExeSignatures: “no”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Hidden: 0×00000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
ShowSuperHidden: 0×00000000

Screenshots:

To register and uninstall this rogue application, you can try one of the following serial number, and enter any email:

1203978628012489708290478989147
8475082234984902023718742058948

How to remove the infection of PC Repair (Adware.Win32.PCRepair)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

OpenCloud Antivirus Adware Removal Instructions

emsi — Mon, 29 Aug 2011 20:04:00 +0000

The Emsisoft malware research team has discoverd a new outbreak of the OpenCloud Antivirus adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.OpenCloudAntivirus.

OpenCloud Antivirus is a rogue security program, this is a new variant of Wireshark Antivirus, SysAntivirus (alias Sysinternals Antivirus), XJR Antivirus, AKM Antivirus 2010 Pro and RTS Antivirus 2010. The maker of this rogue give it name as Sysinternals Antivirus. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files:

%UserProfile%\Application Data\OpenCloud Antivirus\
%UserProfile%\Application Data\OpenCloud Antivirus\OpenCloud Antivirus.ico
%UserProfile%\Application Data\OpenCloud Antivirus\wf.conf
%UserProfile%\Application Data\OpenCloud Antivirus\OpenCloud Antivirus.exe
%UserProfile%\Desktop\OpenCloud Antivirus.lnk
%UserProfile%\Local Settings\Temp\1.tmp
%UserProfile%\Start Menu\Programs\OpenCloud Antivirus\
%UserProfile%\Start Menu\Programs\OpenCloud Antivirus\OpenCloud Antivirus.lnk

Screenshots:

How to remove the infection of OpenCloud Antivirus (Adware.Win32.OpenCloudAntivirus)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

HDD Repair Adware Removal Instructions

emsi — Fri, 26 Aug 2011 21:40:48 +0000

The Emsisoft malware research team has discovered a new outbreak of the HDD Repair adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.HDDRepair.

HDD Repair is a rogue application, another variant of System Repair. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AllUsersProfiles%\Application Data\~%random%r
%AllUsersProfiles%\Application Data\%random%.exe
%AllUsersProfiles%\Application Data\%random%
%AllUsersProfiles%\Application Data\~%random%
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\HDD Repair.lnk
%UserProfile%\Desktop\HDD Repair.lnk
%UserProfile%\Local Settings\Temp\smtmp\
%UserProfile%\Local Settings\Temp\smtmp\4\
%UserProfile%\Local Settings\Temp\smtmp\1\
%UserProfile%\Local Settings\Temp\smtmp\2\
%UserProfile%\Start Menu\Programs\HDD Repair\
%UserProfile%\Start Menu\Programs\HDD Repair\HDD Repair.lnk
%UserProfile%\Start Menu\Programs\HDD Repair\Uninstall HDD Repair.lnk

Create/modify registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\
DisableTaskMgr: 0×00000001

HKEY_CURRENT_USER\Software\
75fa38b7-8b94-4995-ad32-52e938867954:
BD: 43 00 3A 00 5C 00 44 00 6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 73 00 20 00 61 00…

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\
Use FormSuggest: “Yes”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
WarnonBadCertRecving: 0×00000000
CertificateRevocation: 0×00000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\
NoChangingWallPaper: 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\
LowRiskFileTypes: “/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\
SaveZoneInformation: 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
%random%: “%AllUsersProfile%\Application Data\%random%.exe”

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\
CheckExeSignatures: “no”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Hidden: 0×00000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
ShowSuperHidden: 0×00000000

Screenshots:

To register and uninstall this rogue application, you can try one of the following serial number, and enter any email:

1203978628012489708290478989147
8475082234984902023718742058948

How to remove the infection of HDD Repair (Adware.Win32.HDDRepair)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Home Safety Essentials Adware Removal Instructions

emsi — Fri, 19 Aug 2011 21:46:16 +0000

The Emsisoft malware research team has discovered a new outbreak of the Home Safety Essentials adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.HomeSafetyEssentials.

Home Safety Essentials is a rogue application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase. Home Safety Essentials will also create numerous harmless files on the infected computer, usually at Recent folder.

Create new files:

%AllUsersProfile%\Application Data\%random%\
%AllUsersProfile%\Application Data\%random%\Quarantine Items\
%AllUsersProfile%\Application Data\%random%\BackUp\
%AllUsersProfile%\Application Data\%random%\HSESys\
%AllUsersProfile%\Application Data\%random%\32.mof
%AllUsersProfile%\Application Data\%random%\HS73f_231.exe
%AllUsersProfile%\Application Data\%random%\HSE.ico
%AllUsersProfile%\Application Data\%random%\mozcrt19.dll
%AllUsersProfile%\Application Data\%random%\sqlite3.dll
%AllUsersProfile%\Application Data\HSKLURAFE\
%AllUsersProfile%\Application Data\HSKLURAFE\HSGRZHE.cfg
%UserProfile%\Application Data\Home Safety Essentials\
%UserProfile%\Application Data\Home Safety Essentials\cookies.sqlite
%UserProfile%\Application Data\Home Safety Essentials\Instructions.ini
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Home Safety Essentials.lnk
%UserProfile%\Desktop\Home Safety Essentials.lnk
%UserProfile%\Recent\SICKBOY.exe
%UserProfile%\Recent\sld.sys
%UserProfile%\Recent\SM.exe
%UserProfile%\Recent\std.sys
%UserProfile%\Recent\tjd.dll
%UserProfile%\Recent\tjd.exe
%UserProfile%\Recent\cb.tmp
%UserProfile%\Recent\CLSV.dll
%UserProfile%\Recent\delfile.sys
%UserProfile%\Recent\eb.tmp
%UserProfile%\Recent\energy.tmp
%UserProfile%\Recent\exec.drv
%UserProfile%\Recent\fix.drv
%UserProfile%\Recent\fix.sys
%UserProfile%\Recent\PE.exe
%UserProfile%\Recent\PE.sys
%UserProfile%\Recent\ppal.dll
%UserProfile%\Start Menu\Home Safety Essentials.lnk
%UserProfile%\Start Menu\Programs\Home Safety Essentials.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID\: “HS73f_231.DocHostUIHandler”
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32\: “%AllUsersProfile%\APPLIC~1\73f1ad\HS73F_~1.EXE”
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\: “Implements DocHostUIHandler”
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HS73f_231.DocHostUIHandler\Clsid\: “{3F2BBC05-40DF-11D2-9455-00104BC936FF}”
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HS73f_231.DocHostUIHandler\: “Implements DocHostUIHandler”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon9x.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti-trojan.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Anti-Virus Professional.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntispywarXP2009.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirus.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPro_2010.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxppro2009.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus_Pro.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ants.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apimonitor.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aplica32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arr.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Arrakis3.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashAvast.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashBug.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashChest.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashCnsnt.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashMaiSv.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashPopWz.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashQuick.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimp2.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimpl.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPcc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPck.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashWebSv.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswChLic.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRegSvr.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRunDll.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atguard.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atro55en.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atupdater.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atwatch.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\au.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aupdate.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto-protect.nav80try.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autodown.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autotrace.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoupdate.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avciman.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ave32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcc32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgchk.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcmgr.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrvx.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgctrl.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgdumpx.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgiproxy.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnsx.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsx.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgscanx.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv9.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgsrmax.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgtray.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgui.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgupd.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgw.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkpop.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkserv.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkservice.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwctl9.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avltmain.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmailc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmcdlg.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnt.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpcc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpdos32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpm.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avptc32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpupd.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsched32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsynmgr.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avupgsvc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin95.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwinnt.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwsc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupsrv.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitor9x.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitornt.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxquar.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\b.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\backweb.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bargains.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvcl.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvwiz.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDInProcPatch.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdmcon.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDMsnScan.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdreinit.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdsubwiz.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDSurvey.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdtkexec.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdwizreg.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bd_professional.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\belt.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidef.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidserver.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcp.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcpevalsetup.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bisp.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackd.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackice.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blink.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blss.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootconf.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootwarn.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\borg2.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brasil.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brw.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bs120.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bspatch.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundle.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bvt.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\c.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cavscan.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccevtmgr.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccpxysvc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cdp.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfd.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfgwiz.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiadmin.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiaudit.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpconfg.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfplogvw.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cl.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95cf.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clean.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner3.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanIELow.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanpc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\click.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmesys.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmgrdian.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmon016.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\connectionmonitor.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\control\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpd.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf9x206.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpfnt206.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\crashrep.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssconfg.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssupdat.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssurf.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctrl.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cv.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwnb181.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwntdwmo.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\d.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\datemanager.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dcomx.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defalert.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defscangui.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defwatch.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deloeminfs.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deputy.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllcache.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllreg.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\doors.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpf.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpfsetup.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpps2.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\driverctrl.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwatson.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dssagent.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95_0.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\efpeadm.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\emsw.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ent.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\esafe.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanhnt.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanv95.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\espwatch.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ethereal.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\etrustcipe.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\evpn.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exantivirus-cnet.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exe.avxw.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\expert.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explore.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-agnt95.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot95.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-stopw.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fact.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fast.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fch32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fih32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\findviru.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firewall.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixcfg.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixfp.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win_trial.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frmwrk32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frw.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsaa.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530stbyb.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530wtbyb.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav95.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsgk32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsm32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsma32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsmb32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gator.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gav.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbmenu.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbpoll.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\generics.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gmt.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guard.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guarddog.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hacktracersetup.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbinst.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbsrv.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\History.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotactio.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotpatch.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htlog.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htpatch.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hwpe.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxdl.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxiul.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamapp.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamserv.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamstats.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmasn.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmavsp.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icload95.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icloadnt.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmon.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsupp95.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsuppnt.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Identity.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idle.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedll.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedriver.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEShow.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iface.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ifw2000.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\inetlnfo.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infus.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infwin.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe \Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[1].exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[2].exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[3].exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[4].exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[5].exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\intdel.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\intren.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iomon98.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\istsvc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jammer.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jdbgmrg.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\JsRcGen.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavlite40eng.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpers40eng.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpf.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kazza.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\keenvalue.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-pf-213-en-win.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrl-421-en-win.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrp-421-en-win.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\killprocesssetup161.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldnetmon.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpro.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpromenu.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldscan.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\licmgr.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\livesrv.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lnetinfo.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loader.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\localnet.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown2000.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lookout.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lordpe.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsetup.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luall.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luau.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lucomserver.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luinit.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luspt.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MalwareRemoval.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mapisvc32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcagent.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmnhdlr.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmscsvc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcnasvc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcproxy.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McSACore.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshell.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mctool.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcupdate.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsrte.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\md.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfin32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfw2en.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfweng3.02d30.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrtcl.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrte.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mghtml.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgui.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\minilog.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmod.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monitor.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\moolive.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfagent.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfservice.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPFSrv.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpftray.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrflux.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrt.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msapp.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msbb.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msblast.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscache.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msccn32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscman.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msdm.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msdos.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msfwsvc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msiexec16.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mslaugh.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmgt.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmsgri32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssmmc32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssys.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msvxd.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mu0311ad.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mwatch.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\n32scanw.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nav.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navap.navapsvc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navdx.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navlu32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navnt.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navstub.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navwnt.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nc2000.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ncinst4.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndd32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neomonitor.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neowatchlog.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netarmor.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netd32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netinfo.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netmon.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netscanpro.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netspyhunter-1.2.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netutils.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisserv.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisum.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nmain.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\normist.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\norton_internet_secu_3.0_407.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notstart.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npf40_tw_98_nt_me_2k.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfmessenger.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nprotect.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npscheck.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npssvc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsched32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nssys32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nstask32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsupdate.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nt.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntrtscan.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntxconfig.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nui.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nupgrade.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvarch16.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvc95.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvsvc32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwinst4.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwservice.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwtool16.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAcat.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAhlp.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAReg.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oasrv.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaui.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaview.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OcHealthMon.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ODSW.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ollydbg.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OLT.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onsrvr.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\optimize.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ostronet.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\otfix.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostinstall.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostproinstall.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\padmin.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\panixk.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\patch.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pav.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavcl.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PavFnSvr.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavproxy.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavprsrv.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsched.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsrv51.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavw.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccwin98.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcfwallicon.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcip10117_0.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcscan.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsAuxs.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsGui.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsTray.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PC_Antispyware2010.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdfndr.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdsetup.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PerAvir.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\periscope.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\persfw.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\perswf.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pf2.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfwadmin.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pgmonitr.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pingscan.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pop3trap.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\poproxy.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\popscan.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\portdetective.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\portmonitor.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerscan.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppinupdt.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pptbc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppvstop.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prizesurfer.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prmt.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prmvr.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procdump.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\processmonitor.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexplorerv1.0.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\programauditor.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\proport.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectx.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANCU.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANHost.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANToManager.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsCtrls.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsImSvc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PskSvc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pspf.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSUNMain.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\purge.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qconsole.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qh.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qserver.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quick Heal.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QuickHealCleaner.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rapapp.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7win.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav8win32eng.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ray.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rb32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rcsync.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\realmon.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\reged.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rrguard.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rscdwld.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rshell.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscan.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscn95.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rulaunch.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeweb.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sahagent.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Save.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveArmor.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveDefense.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveKeep.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\savenow.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sbserv.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scam32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan95.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanpm.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scrscan.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\seccenter.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secure Veteran.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\secureveteran.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Security Center.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityFighter.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\securitysoldier.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\serv95.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setloadorder.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setupvameeval.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup_flowprotector_us.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sgssfw32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sh.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shellspyinstall.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shield.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shn.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\showbehind.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\signcheck.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smart.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartprotector.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smrtdefp.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sms.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smss32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snetcfg.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\soap.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sofi.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SoftSafeness.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sperm.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spf.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sphinx.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolcv.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spywarexpguard.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spyxx.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\srexe.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\srng.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ss3edit.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ssgrate.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ssg_4104.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\st2.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\start.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stcloader.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\supftrl.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\support.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\supporter5.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchostc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchosts.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svshost.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweep95.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweepnet.sweepsrv.sys.swnetsup.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symproxysvc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symtray.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\system.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\system32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sysupd.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taumon.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbscan.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tca.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcm.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds-3.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-98.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-nt.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\teekids.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak5.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tgbob.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titanin.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titaninxp.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TPSrv.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trickler.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjscan.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjsetup.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trojantrap3.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrustWarrior.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsadbot.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvmd.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvtmd.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uiscan.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\undoboot.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\updat.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upgrad.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upgrepl.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utpost.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcmserv.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcons.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbust.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwin9x.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwinntw.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcsetup.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet95.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vettray.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vfsetup.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\virusmdpersonalfirewall.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthAux.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthLic.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthUpd.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnlan300.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnpc3000.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc42.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpfw30s.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vptray.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscan40.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscenu6.02d30.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsched.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsecomr.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vshwin32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsisetup.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmain.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmon.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswin9xe.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinntse.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinperse.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\w32dsm89.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\W3asbas.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\w9x.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\watchdog.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webdav.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WebProxy.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webtrap.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wfindv32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\whoswatchingme.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wimmun32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\win-bugsfix.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\win32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\win32us.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winactive.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winav.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windll32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\window.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows Police Pro.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wininetd.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wininitx.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winlogin.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winmain.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winppr32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winrecon.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winservn.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winss.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winssk32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winssnotify.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WinSSUI.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart001.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintsk32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupdate.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wkufind.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnad.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnt.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wradmin.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wrctrl.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsbgate.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxas.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxav.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxfw.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsctool.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdater.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wyvernworksfirewall.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpdeluxe.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpf202en.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp_antispyware.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutor.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonalm2601.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpm.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe\Debugger: “svchost.exe”
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\URL: “http://findgala.com/?&uid=231&q={searchTerms}”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\URL: “http://findgala.com/?&uid=231&q={searchTerms}”
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes\URL: “http://findgala.com/?&uid=231&q={searchTerms}”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\URL: “http://findgala.com/?&uid=231&q={searchTerms}”
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes\URL: “http://findgala.com/?&uid=231&q={searchTerms}”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IIL: 0×00000000
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\ltHI: 0×00000000
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\ltTST: 0x0000F36B
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PRS: “http://127.0.0.1:27777/?inj=%ORIGINAL%”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\RunInvalidSignatures: 0×00000001
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\MSCompatibilityMode: 0×00000000
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\URL: “http://findgala.com/?&uid=231&q={searchTerms}”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun: 0×00000001
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\0: “msseces.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\1: “MSASCui.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\2: “ekrn.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\3: “egui.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\4: “avgnt.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\5: “avcenter.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\6: “avscan.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\7: “avgfrw.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\8: “avgui.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\9: “avgtray.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\10: “avgscanx.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\11: “avgcfgex.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\12: “avgemc.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\13: “avgchsvx.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\14: “avgcmgr.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\15: “avgwdsvc.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Home Safety Essentials: “”%AllUsersProfile%\Application Data\73f1ad\HS73f_231.exe” /s /d”

Screenshots:

How to remove the infection of Home Safety Essentials (Adware.Win32.HomeSafetyEssentials)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

System Repair Adware Removal Instructions

emsi — Fri, 19 Aug 2011 21:02:33 +0000

The Emsisoft malware research team has discovered a new outbreak of the System Repair adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.SystemRepair.

System Repair is a rogue application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AllUsersProfiles%\Application Data\~%random%r
%AllUsersProfiles%\Application Data\%random%.exe
%AllUsersProfiles%\Application Data\%random%
%AllUsersProfiles%\Application Data\~%random%
%UserProfile%\Desktop\System Repair.lnk
%UserProfile%\Local Settings\Temp\smtmp\
%UserProfile%\Local Settings\Temp\smtmp\4\
%UserProfile%\Local Settings\Temp\smtmp\1\
%UserProfile%\Local Settings\Temp\smtmp\2\
%UserProfile%\Start Menu\Programs\System Repair\
%UserProfile%\Start Menu\Programs\System Repair\System Repair.lnk
%UserProfile%\Start Menu\Programs\System Repair\Uninstall System Repair.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\
DisableTaskMgr: 0×00000001

HKEY_CURRENT_USER\Software\
75fa38b7-8b94-4995-ad32-52e938867954:
BD: 43 00 3A 00 5C 00 44 00 6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 73 00 20 00 61 00…

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\
Use FormSuggest: “Yes”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
WarnonBadCertRecving: 0×00000000
CertificateRevocation: 0×00000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\
NoChangingWallPaper: 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\
LowRiskFileTypes: “/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\
SaveZoneInformation: 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
%random%: “%AllUsersProfile%\Application Data\%random%.exe”

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\
CheckExeSignatures: “no”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Hidden: 0×00000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
ShowSuperHidden: 0×00000000

Screenshots:

To register and uninstall this rogue application, you can try one of the following serial number, and enter any email:

1203978628012489708290478989147
8475082234984902023718742058948

How to remove the infection of System Repair (Adware.Win32.SystemRepair)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Security Protection Adware Removal Instructions

emsi — Fri, 19 Aug 2011 14:54:33 +0000

The Emsisoft malware research team has discovered a new outbreak of the Security Protection adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.SecurityProtection.

Security Protection is a rogue application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Security Protection: “%path%\defender.exe”

Screenshots:

How to remove the infection of Security Protection (Adware.Win32.SecurityProtection)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

XP Home Security 2012 Adware Removal Instructions

emsi — Fri, 19 Aug 2011 12:56:12 +0000

The Emsisoft malware research team has discovered a new outbreak of the XP Home Security 2012 adware. Emsisoft Anti-Malware detects this malware as Trojan.Win32.MultiFakeAV.

XP Home Security 2012 is a rogue application. This rogue scanner able to change their name automatically depend on the Operating System, such as Win 7 Security 2012, XP Security 2012, etc. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AllUsersProfile%\Application Data\58c6oqb2mq8eoqvwqxnno
%UserProfile%\Local Settings\Application Data\nqe.exe
%UserProfile%\Local Settings\Application Data\58c6oqb2mq8eoqvwqxnno
%UserProfile%\Local Settings\Temp\58c6oqb2mq8eoqvwqxnno
%UserProfile%\Templates\58c6oqb2mq8eoqvwqxnno

Create/modify new registry entries:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
(DWORD) EnableFirewall = 0×00000000 (0)
(DWORD) DoNotAllowExceptions = 0×00000000 (0)
(DWORD) DisableNotifications = 0×00000001 (1)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
(DWORD) DoNotAllowExceptions = 0×00000000 (0)
(DWORD) DisableNotifications = 0×00000001 (1)

HKEY_CURRENT_USER\software\Clients\StartMenuInternet
(String) (Default) = IEXPLORE.EXE

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run
(String) 2260413329 = %UserProfile%\Local Settings\Application Data\nqe.exe

HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
(String) (Default) = “%UserProfile%\Local Settings\Application Data\nqe.exe” -a “C:\Program Files\Mozilla Firefox\firefox.exe”

HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command
(String) (Default) = “%UserProfile%\Local Settings\Application Data\nqe.exe” -a “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode

HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
(String) (Default) = “%UserProfile%\Local Settings\Application Data\nqe.exe” -a “C:\Program Files\Internet Explorer\iexplore.exe”

HKEY_LOCAL_MACHINE\software\microsoft\Security Center
(DWORD) AntiVirusDisableNotify = 0×00000001 (1)
(DWORD) AntiVirusOverride = 0×00000001 (1)
(DWORD) FirewallDisableNotify = 0×00000001 (1)
(DWORD) FirewallOverride = 0×00000001 (1)
(DWORD) UpdatesDisableNotify = 0×00000001 (1)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess
(DWORD) Start = 0×00000004 (4)

Screenshots:

How to remove the infection of XP Home Security 2012 (Trojan.Win32.MultiFakeAV)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Wolfram Antivirus Adware Removal Instructions

emsi — Sat, 13 Aug 2011 16:53:11 +0000

The Emsisoft malware research team has discovered a new outbreak of the Wolfram Antivirus adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WolframAntivirus.

Wolfram Antivirus is a rogue application, this is another variant of BlueFlare Antivirus A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%UserProfile%\Application Data\Wolfram Antivirus\
%UserProfile%\Application Data\Wolfram Antivirus\csrss.exe
%UserProfile%\Application Data\Wolfram Antivirus\wf.conf
%UserProfile%\Application Data\Wolfram Antivirus\Wolfram Antivirus.exe
%UserProfile%\Application Data\Wolfram Antivirus\Wolfram Antivirus.ico
%UserProfile%\Desktop\Wolfram Antivirus.lnk
%UserProfile%\Local Settings\Temp\1.tmp
%UserProfile%\Start Menu\Programs\Startup\csrss.exe
%UserProfile%\Start Menu\Programs\Wolfram Antivirus\Wolfram Antivirus.lnk

Screenshots:

How to remove the infection of Wolfram Antivirus (Adware.Win32.WolframAntivirus)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Zentom System Guard Adware Removal Instructions

emsi — Fri, 05 Aug 2011 12:57:39 +0000

The Emsisoft malware research team has discovered a new outbreak of the Zentom System Guard adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.ZentomSystemGuard.

Zentom System Guard is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%UserProfile%\Application Data\8E833AF3E1E0916F560FF368E03665CE\enemies-names.txt
%UserProfile%\Application Data\8E833AF3E1E0916F560FF368E03665CE\hookdll.dll
%UserProfile%\Application Data\8E833AF3E1E0916F560FF368E03665CE\local.ini
%UserProfile%\Application Data\8E833AF3E1E0916F560FF368E03665CE\lsrslt.ini
%UserProfile%\Application Data\8E833AF3E1E0916F560FF368E03665CE\onslik700patch.exe
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Zentom System Guard.lnk
%UserProfile%\Desktop\Zentom System Guard.lnk
%UserProfile%\Start Menu\Zentom System Guard.lnk
%UserProfile%\Start Menu\Programs\Startup\Zentom System Guard.lnk
%UserProfile%\Start Menu\Programs\Zentom System Guard\Uninstall.lnk
%UserProfile%\Start Menu\Programs\Zentom System Guard\Zentom System Guard.lnk

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run
(String) onslik700patch.exe = “%UserProfile%\Application Data\8E833AF3E1E0916F560FF368E03665CE\onslik700patch.exe”

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Uninstall\Zentom System Guard
(String) DisplayIcon = %UserProfile%\Application Data\8E833AF3E1E0916F560FF368E03665CE\onslik700patch.exe,0
(String) DisplayName = Zentom System Guard
(String) UninstallString = %UserProfile%\Application Data\8E833AF3E1E0916F560FF368E03665CE\onslik700patch.exe /uninstall
(String) InstallLocation = %UserProfile%\Application Data\8E833AF3E1E0916F560FF368E03665CE\
(DWORD) NoModify = 0×00000001 (1)
(DWORD) NoRepair = 0×00000001 (1)

HKEY_CURRENT_USER\software\ZentomSystemGuard\Zentom System Guard
(String) datarl1 = KRoA…
(String) datarl2 = KRoA…
(String) datarlA = KRoA…
(String) install_time = 8/4/2011 8:48:44 PM
(String) database_version = 257
(String) virus_signatures = 62731
(String) inst = ok
(String) coid = NjE4…
(String) affid = 7070010200
(String) nsaftscann = 1
(String) nsa = 1
(String) nsaftscanunp = 1

Screenshots:

How to remove the infection of Zentom System Guard (Adware.Win32.ZentomSystemGuard)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

BlueFlare Antivirus Adware Removal Instructions

emsi — Fri, 05 Aug 2011 12:47:04 +0000

The Emsisoft malware research team has discovered a new outbreak of the BlueFlare Antivirus adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.BlueFlareAntivirus.

BlueFlare Antivirus is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%UserProfile%\Application Data\BlueFlare Antivirus\BlueFlare Antivirus.exe
%UserProfile%\Application Data\BlueFlare Antivirus\BlueFlare Antivirus.ico
%UserProfile%\Application Data\BlueFlare Antivirus\csrss.exe
%UserProfile%\Application Data\BlueFlare Antivirus\ms.conf
%UserProfile%\Desktop\BlueFlare Antivirus.lnk
%UserProfile%\Local Settings\Temp\1.tmp
%UserProfile%\Start Menu\Programs\BlueFlare Antivirus\BlueFlare Antivirus.lnk
%UserProfile%\Start Menu\Programs\Startup\csrss.exe

Screenshots:

How to remove the infection of BlueFlare Antivirus (Adware.Win32.BlueFlareAntivirus)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Armour Master Adware Removal Instructions

emsi — Sun, 24 Jul 2011 02:55:07 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Armour Master adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsArmourMaster.

Windows Armour Master is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings
(DWORD) WarnOnHTTPSToHTTPRedirect = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Internet Settings
(DWORD) WarnOnHTTPSToHTTPRedirect = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\a.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aAvgApi.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AAWTray.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\About.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ackwin32.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Ad-Aware.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\adaware.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\advxdwin.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AdwarePrj.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\agent.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\agentsvr.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\agentw.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\alertsvc.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\alevir.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\alogserv.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AlphaAV
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AlphaAV.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AluSchedulerSvc.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\amon9x.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\anti-trojan.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Anti-Virus Professional.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntispywarXP2009.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\antivirus.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusPlus
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusPlus.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusPro_2010.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusXP
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusXP.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\antivirusxppro2009.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntiVirus_Pro.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ants.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\apimonitor.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aplica32.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\apvxdwin.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\arr.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashAvast.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashBug.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashChest.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashCnsnt.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashDisp.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashLogV.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashMaiSv.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashPopWz.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashQuick.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashServ.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashSimp2.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashSimpl.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashSkPcc.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashSkPck.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashUpd.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashWebSv.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aswChLic.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aswRegSvr.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aswRunDll.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aswUpdSv.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atcon.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atguard.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atro55en.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atupdater.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atwatch.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\au.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aupdate.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\auto-protect.nav80try.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\autodown.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\autotrace.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\autoupdate.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\av360.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avadmin.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AVCare.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avcenter.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avciman.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avconfig.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avconsol.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ave32.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AVENGINE.EXE
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgcc32.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgchk.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgcmgr.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgcsrvx.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgctrl.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgdumpx.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgemc.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgiproxy.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgnsx.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgnt.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgrsx.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgscanx.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgserv.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgserv9.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgsrmax.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgtray.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgui.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgupd.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgw.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgwdsvc.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avkpop.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avkserv.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avkservice.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avkwctl9.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avltmain.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avmailc.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avmcdlg.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avnotify.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avnt.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avp32.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avpcc.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avpdos32.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avpm.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avptc32.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avpupd.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avsched32.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avsynmgr.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avupgsvc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AVWEBGRD.EXE
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwin.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwin95.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwinnt.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwsc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwupd.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwupd32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwupsrv.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avxmonitor9x.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avxmonitornt.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avxquar.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\b.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\backweb.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bargains.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdfvcl.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdfvwiz.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\BDInProcPatch.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdmcon.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\BDMsnScan.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\BDSurvey.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bd_professional.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\beagle.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\belt.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bidef.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bidserver.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bipcp.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bipcpevalsetup.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bisp.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\blackd.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\blackice.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\blink.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\blss.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bootconf.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bootwarn.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\borg2.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bpc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\brasil.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\brastk.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\brw.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bs120.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bspatch.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bundle.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bvt.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\c.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cavscan.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ccapp.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ccevtmgr.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ccpxysvc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ccSvcHst.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cdp.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfd.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfgwiz.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfiadmin.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfiaudit.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfinet.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfinet32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfp.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfpconfg.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfplogvw.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfpupdat.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Cl.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\claw95.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\claw95cf.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\clean.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cleaner.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cleaner3.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cleanIELow.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cleanpc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\click.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmd32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmdagent.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmesys.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmgrdian.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmon016.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\connectionmonitor.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\control
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cpd.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cpf9x206.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cpfnt206.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\crashrep.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\csc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cssconfg.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cssupdat.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cssurf.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ctrl.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cv.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cwnb181.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cwntdwmo.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\d.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\datemanager.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dcomx.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\defalert.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\defscangui.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\defwatch.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\deloeminfs.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\deputy.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\divx.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dllcache.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dllreg.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\doors.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dop.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dpf.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dpfsetup.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dpps2.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\driverctrl.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\drwatson.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\drweb32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\drwebupw.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dssagent.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dvp95.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dvp95_0.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ecengine.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\efpeadm.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\emsw.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ent.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\esafe.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\escanhnt.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\escanv95.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\espwatch.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ethereal.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\etrustcipe.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\evpn.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\exantivirus-cnet.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\exe.avxw.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\expert.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\explore.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\f-agnt95.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\f-prot.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\f-prot95.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\f-stopw.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fact.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fameh32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fast.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fch32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fih32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\findviru.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\firewall.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fixcfg.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fixfp.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fnrb32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fp-win.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fp-win_trial.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fprot.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\frmwrk32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\frw.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsaa.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav530stbyb.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav530wtbyb.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav95.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsgk32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsm32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsma32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsmb32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gator.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gav.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gbmenu.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gbn976rl.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gbpoll.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\generics.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gmt.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\guard.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\guarddog.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\guardgui.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hacktracersetup.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hbinst.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hbsrv.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\History.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\homeav2010.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hotactio.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hotpatch.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\htlog.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\htpatch.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hwpe.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hxdl.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hxiul.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iamapp.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iamserv.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iamstats.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ibmasn.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ibmavsp.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icload95.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icloadnt.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icmon.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icsupp95.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icsuppnt.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Identity.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\idle.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iedll.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iedriver.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\IEShow.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iface.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ifw2000.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\inetlnfo.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\infus.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\infwin.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\init.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\init32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\install[1].exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\install[2].exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\install[3].exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\install[4].exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\install[5].exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\intdel.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\intren.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iomon98.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\istsvc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\jammer.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\jdbgmrg.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\jedi.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\JsRcGen.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kavlite40eng.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kavpers40eng.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kavpf.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kazza.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\keenvalue.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kerio-pf-213-en-win.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kerio-wrl-421-en-win.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kerio-wrp-421-en-win.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\killprocesssetup161.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ldnetmon.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ldpro.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ldpromenu.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ldscan.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\licmgr.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lnetinfo.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\loader.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\localnet.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lockdown.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lockdown2000.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lookout.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lordpe.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lsetup.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\luall.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\luau.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lucomserver.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\luinit.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\luspt.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\MalwareRemoval.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mapisvc32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcagent.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcmnhdlr.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcmscsvc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcnasvc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcproxy.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\McSACore.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcshell.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcshield.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcsysmon.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mctool.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcupdate.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcvsrte.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcvsshld.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\md.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mfin32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mfw2en.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mfweng3.02d30.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mgavrtcl.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mgavrte.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mghtml.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mgui.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\minilog.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mmod.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\monitor.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\moolive.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mostat.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mpfagent.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mpfservice.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\MPFSrv.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mpftray.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mrflux.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mrt.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msa.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msapp.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msbb.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msblast.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mscache.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msccn32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mscman.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msconfig
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msdm.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msdos.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msiexec16.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mslaugh.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmgt.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmsgri32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mssmmc32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mssys.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msvxd.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mu0311ad.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mwatch.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\n32scanw.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nav.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navap.navapsvc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navapsvc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navapw32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navdx.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navlu32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navnt.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navstub.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navw32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navwnt.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nc2000.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ncinst4.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ndd32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\neomonitor.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\neowatchlog.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netarmor.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netd32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netinfo.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netmon.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netscanpro.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netspyhunter-1.2.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netutils.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nisserv.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nisum.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nmain.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nod32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\normist.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\norton_internet_secu_3.0_407.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\notstart.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\npf40_tw_98_nt_me_2k.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\npfmessenger.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nprotect.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\npscheck.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\npssvc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nsched32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nssys32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nstask32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nsupdate.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nt.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ntrtscan.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ntvdm.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ntxconfig.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nui.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nupgrade.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nvarch16.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nvc95.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nvsvc32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nwinst4.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nwservice.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nwtool16.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\OAcat.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\OAhlp.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\OAReg.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\oasrv.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\oaui.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\oaview.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ODSW.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ollydbg.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\onsrvr.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\optimize.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ostronet.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\otfix.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\outpost.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\outpostinstall.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\outpostproinstall.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ozn695m5.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\padmin.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\panixk.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\patch.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pav.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavcl.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PavFnSvr.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavproxy.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavprsrv.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavsched.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavsrv51.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavw.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pccwin98.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pcfwallicon.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pcip10117_0.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pcscan.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsAuxs.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsGui.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsSvc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsTray.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PC_Antispyware2010.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pdfndr.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pdsetup.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PerAvir.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\periscope.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\persfw.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\personalguard
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\personalguard.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\perswf.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pf2.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pfwadmin.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pgmonitr.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pingscan.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\platin.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pop3trap.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\poproxy.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\popscan.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\portdetective.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\portmonitor.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\powerscan.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ppinupdt.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pptbc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ppvstop.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\prizesurfer.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\prmt.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\prmvr.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\procdump.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\processmonitor.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\procexplorerv1.0.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\programauditor.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\proport.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\protector.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\protectx.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PSANCU.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PSANHost.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PSANToManager.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PsCtrls.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PsImSvc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PskSvc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pspf.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PSUNMain.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\purge.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\qconsole.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\qh.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\qserver.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Quick Heal.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\QuickHealCleaner.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rapapp.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rav7.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rav7win.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rav8win32eng.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ray.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rb32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rcsync.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\realmon.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\reged.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\regedt32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rescue.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rescue32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rrguard.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rscdwld.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rshell.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rtvscan.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rtvscn95.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rulaunch.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rwg
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rwg.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SafetyKeeper.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\safeweb.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sahagent.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Save.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SaveArmor.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SaveDefense.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SaveKeep.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\savenow.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sbserv.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scam32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scan32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scan95.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scanpm.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scrscan.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Secure Veteran.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\secureveteran.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Security Center.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SecurityFighter.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\securitysoldier.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\serv95.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\setloadorder.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\setupvameeval.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\setup_flowprotector_us.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sgssfw32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sh.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\shellspyinstall.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\shield.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\shn.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\showbehind.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\signcheck.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smart.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smartprotector.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smrtdefp.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sms.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smss32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\snetcfg.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\soap.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sofi.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SoftSafeness.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sperm.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spf.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sphinx.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spoler.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spoolcv.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spoolsv32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spywarexpguard.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spyxx.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\srexe.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\srng.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ss3edit.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ssgrate.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ssg_4104.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\st2.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\start.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\stcloader.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\supftrl.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\support.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\supporter5.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\svc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\svchostc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\svchosts.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\svshost.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sweep95.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sweepnet.sweepsrv.sys.swnetsup.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\symlcsvc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\symproxysvc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\symtray.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\system.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\system32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sysupd.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tapinstall.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\taumon.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tbscan.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tca.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tcm.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tds-3.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tds2-98.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tds2-nt.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\teekids.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tfak.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tfak5.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tgbob.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\titanin.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\titaninxp.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\TPSrv.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\trickler.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\trjscan.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\trjsetup.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\trojantrap3.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\TrustWarrior.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tsadbot.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tsc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tvmd.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tvtmd.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\undoboot.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\updat.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\upgrad.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\utpost.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbcmserv.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbcons.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbust.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbwin9x.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbwinntw.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vcsetup.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vet32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vet95.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vettray.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vfsetup.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vir-help.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\virusmdpersonalfirewall.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\VisthAux.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\VisthLic.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\VisthUpd.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vnlan300.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vnpc3000.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vpc32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vpc42.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vpfw30s.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vptray.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vscan40.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vscenu6.02d30.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsched.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsecomr.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vshwin32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsisetup.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsmain.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsmon.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsstat.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vswin9xe.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vswinntse.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vswinperse.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\w32dsm89.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\W3asbas.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\w9x.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\watchdog.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\webdav.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\WebProxy.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\webscanx.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\webtrap.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wfindv32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\whoswatchingme.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wimmun32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\win-bugsfix.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\win32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\win32us.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winactive.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winav.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\windll32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\window.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\windows Police Pro.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\windows.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wininetd.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wininitx.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winlogin.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winmain.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winppr32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winrecon.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winservn.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winssk32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winstart.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winstart001.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wintsk32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winupdate.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wkufind.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wnad.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wnt.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wradmin.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wrctrl.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wsbgate.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wscfxas.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wscfxav.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wscfxfw.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wsctool.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wupdater.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wupdt.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wyvernworksfirewall.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\xpdeluxe.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\xpf202en.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\xp_antispyware.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zapro.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zapsetup3001.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zatutor.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zonalm2601.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zonealarm.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\_avp32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\_avpcc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\_avpm.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\~1.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\~2.exe
(SZ)Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Armour Master (Adware.Win32.WindowsArmourMaster)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Armature Master Adware Removal Instructions

emsi — Sun, 24 Jul 2011 02:35:45 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Armature Master adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsArmatureMaster.

Windows Armature Master is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings
(DWORD) WarnOnHTTPSToHTTPRedirect = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Internet Settings
(DWORD) WarnOnHTTPSToHTTPRedirect = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\a.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aAvgApi.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AAWTray.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\About.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ackwin32.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Ad-Aware.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\adaware.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\advxdwin.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AdwarePrj.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\agent.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\agentsvr.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\agentw.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\alertsvc.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\alevir.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\alogserv.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AlphaAV
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AlphaAV.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AluSchedulerSvc.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\amon9x.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\anti-trojan.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Anti-Virus Professional.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntispywarXP2009.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\antivirus.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusPlus
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusPlus.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusPro_2010.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusXP
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusXP.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\antivirusxppro2009.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntiVirus_Pro.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ants.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\apimonitor.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aplica32.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\apvxdwin.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\arr.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashAvast.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashBug.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashChest.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashCnsnt.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashDisp.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashLogV.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashMaiSv.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashPopWz.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashQuick.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashServ.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashSimp2.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashSimpl.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashSkPcc.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashSkPck.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashUpd.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashWebSv.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aswChLic.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aswRegSvr.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aswRunDll.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aswUpdSv.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atcon.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atguard.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atro55en.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atupdater.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atwatch.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\au.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aupdate.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\auto-protect.nav80try.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\autodown.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\autotrace.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\autoupdate.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\av360.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avadmin.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AVCare.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avcenter.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avciman.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avconfig.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avconsol.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ave32.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AVENGINE.EXE
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgcc32.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgchk.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgcmgr.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgcsrvx.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgctrl.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgdumpx.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgemc.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgiproxy.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgnsx.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgnt.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgrsx.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgscanx.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgserv.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgserv9.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgsrmax.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgtray.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgui.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgupd.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgw.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgwdsvc.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avkpop.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avkserv.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avkservice.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avkwctl9.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avltmain.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avmailc.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avmcdlg.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avnotify.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avnt.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avp32.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avpcc.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avpdos32.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avpm.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avptc32.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avpupd.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avsched32.exe
(SZ) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avsynmgr.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avupgsvc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AVWEBGRD.EXE
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwin.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwin95.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwinnt.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwsc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwupd.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwupd32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwupsrv.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avxmonitor9x.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avxmonitornt.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avxquar.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\b.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\backweb.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bargains.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdfvcl.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdfvwiz.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\BDInProcPatch.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdmcon.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\BDMsnScan.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\BDSurvey.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bd_professional.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\beagle.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\belt.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bidef.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bidserver.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bipcp.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bipcpevalsetup.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bisp.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\blackd.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\blackice.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\blink.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\blss.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bootconf.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bootwarn.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\borg2.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bpc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\brasil.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\brastk.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\brw.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bs120.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bspatch.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bundle.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bvt.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\c.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cavscan.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ccapp.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ccevtmgr.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ccpxysvc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ccSvcHst.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cdp.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfd.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfgwiz.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfiadmin.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfiaudit.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfinet.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfinet32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfp.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfpconfg.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfplogvw.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfpupdat.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Cl.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\claw95.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\claw95cf.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\clean.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cleaner.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cleaner3.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cleanIELow.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cleanpc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\click.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmd32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmdagent.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmesys.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmgrdian.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmon016.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\connectionmonitor.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\control
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cpd.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cpf9x206.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cpfnt206.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\crashrep.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\csc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cssconfg.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cssupdat.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cssurf.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ctrl.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cv.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cwnb181.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cwntdwmo.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\d.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\datemanager.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dcomx.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\defalert.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\defscangui.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\defwatch.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\deloeminfs.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\deputy.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\divx.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dllcache.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dllreg.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\doors.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dop.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dpf.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dpfsetup.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dpps2.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\driverctrl.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\drwatson.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\drweb32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\drwebupw.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dssagent.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dvp95.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dvp95_0.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ecengine.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\efpeadm.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\emsw.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ent.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\esafe.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\escanhnt.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\escanv95.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\espwatch.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ethereal.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\etrustcipe.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\evpn.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\exantivirus-cnet.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\exe.avxw.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\expert.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\explore.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\f-agnt95.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\f-prot.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\f-prot95.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\f-stopw.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fact.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fameh32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fast.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fch32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fih32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\findviru.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\firewall.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fixcfg.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fixfp.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fnrb32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fp-win.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fp-win_trial.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fprot.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\frmwrk32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\frw.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsaa.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav530stbyb.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav530wtbyb.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav95.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsgk32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsm32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsma32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsmb32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gator.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gav.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gbmenu.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gbn976rl.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gbpoll.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\generics.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gmt.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\guard.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\guarddog.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\guardgui.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hacktracersetup.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hbinst.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hbsrv.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\History.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\homeav2010.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hotactio.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hotpatch.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\htlog.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\htpatch.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hwpe.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hxdl.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hxiul.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iamapp.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iamserv.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iamstats.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ibmasn.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ibmavsp.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icload95.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icloadnt.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icmon.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icsupp95.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icsuppnt.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Identity.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\idle.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iedll.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iedriver.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\IEShow.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iface.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ifw2000.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\inetlnfo.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\infus.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\infwin.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\init.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\init32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\install[1].exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\install[2].exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\install[3].exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\install[4].exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\install[5].exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\intdel.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\intren.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iomon98.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\istsvc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\jammer.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\jdbgmrg.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\jedi.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\JsRcGen.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kavlite40eng.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kavpers40eng.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kavpf.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kazza.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\keenvalue.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kerio-pf-213-en-win.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kerio-wrl-421-en-win.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kerio-wrp-421-en-win.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\killprocesssetup161.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ldnetmon.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ldpro.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ldpromenu.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ldscan.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\licmgr.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lnetinfo.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\loader.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\localnet.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lockdown.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lockdown2000.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lookout.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lordpe.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lsetup.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\luall.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\luau.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lucomserver.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\luinit.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\luspt.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\MalwareRemoval.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mapisvc32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcagent.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcmnhdlr.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcmscsvc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcnasvc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcproxy.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\McSACore.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcshell.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcshield.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcsysmon.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mctool.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcupdate.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcvsrte.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcvsshld.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\md.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mfin32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mfw2en.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mfweng3.02d30.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mgavrtcl.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mgavrte.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mghtml.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mgui.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\minilog.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mmod.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\monitor.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\moolive.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mostat.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mpfagent.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mpfservice.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\MPFSrv.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mpftray.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mrflux.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mrt.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msa.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msapp.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msbb.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msblast.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mscache.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msccn32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mscman.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msconfig
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msdm.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msdos.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msiexec16.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mslaugh.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmgt.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmsgri32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mssmmc32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mssys.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msvxd.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mu0311ad.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mwatch.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\n32scanw.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nav.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navap.navapsvc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navapsvc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navapw32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navdx.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navlu32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navnt.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navstub.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navw32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navwnt.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nc2000.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ncinst4.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ndd32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\neomonitor.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\neowatchlog.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netarmor.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netd32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netinfo.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netmon.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netscanpro.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netspyhunter-1.2.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netutils.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nisserv.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nisum.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nmain.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nod32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\normist.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\norton_internet_secu_3.0_407.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\notstart.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\npf40_tw_98_nt_me_2k.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\npfmessenger.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nprotect.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\npscheck.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\npssvc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nsched32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nssys32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nstask32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nsupdate.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nt.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ntrtscan.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ntvdm.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ntxconfig.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nui.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nupgrade.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nvarch16.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nvc95.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nvsvc32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nwinst4.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nwservice.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nwtool16.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\OAcat.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\OAhlp.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\OAReg.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\oasrv.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\oaui.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\oaview.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ODSW.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ollydbg.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\onsrvr.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\optimize.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ostronet.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\otfix.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\outpost.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\outpostinstall.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\outpostproinstall.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ozn695m5.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\padmin.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\panixk.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\patch.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pav.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavcl.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PavFnSvr.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavproxy.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavprsrv.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavsched.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavsrv51.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavw.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pccwin98.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pcfwallicon.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pcip10117_0.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pcscan.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsAuxs.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsGui.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsSvc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsTray.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PC_Antispyware2010.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pdfndr.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pdsetup.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PerAvir.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\periscope.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\persfw.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\personalguard
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\personalguard.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\perswf.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pf2.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pfwadmin.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pgmonitr.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pingscan.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\platin.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pop3trap.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\poproxy.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\popscan.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\portdetective.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\portmonitor.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\powerscan.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ppinupdt.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pptbc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ppvstop.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\prizesurfer.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\prmt.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\prmvr.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\procdump.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\processmonitor.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\procexplorerv1.0.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\programauditor.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\proport.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\protector.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\protectx.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PSANCU.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PSANHost.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PSANToManager.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PsCtrls.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PsImSvc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PskSvc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pspf.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PSUNMain.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\purge.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\qconsole.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\qh.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\qserver.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Quick Heal.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\QuickHealCleaner.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rapapp.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rav7.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rav7win.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rav8win32eng.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ray.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rb32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rcsync.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\realmon.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\reged.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\regedt32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rescue.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rescue32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rrguard.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rscdwld.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rshell.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rtvscan.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rtvscn95.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rulaunch.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rwg
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rwg.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SafetyKeeper.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\safeweb.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sahagent.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Save.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SaveArmor.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SaveDefense.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SaveKeep.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\savenow.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sbserv.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scam32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scan32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scan95.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scanpm.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scrscan.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Secure Veteran.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\secureveteran.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Security Center.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SecurityFighter.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\securitysoldier.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\serv95.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\setloadorder.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\setupvameeval.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\setup_flowprotector_us.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sgssfw32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sh.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\shellspyinstall.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\shield.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\shn.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\showbehind.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\signcheck.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smart.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smartprotector.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smrtdefp.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sms.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smss32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\snetcfg.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\soap.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sofi.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SoftSafeness.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sperm.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spf.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sphinx.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spoler.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spoolcv.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spoolsv32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spywarexpguard.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spyxx.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\srexe.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\srng.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ss3edit.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ssgrate.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ssg_4104.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\st2.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\start.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\stcloader.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\supftrl.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\support.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\supporter5.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\svc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\svchostc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\svchosts.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\svshost.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sweep95.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sweepnet.sweepsrv.sys.swnetsup.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\symlcsvc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\symproxysvc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\symtray.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\system.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\system32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sysupd.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tapinstall.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\taumon.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tbscan.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tca.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tcm.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tds-3.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tds2-98.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tds2-nt.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\teekids.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tfak.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tfak5.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tgbob.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\titanin.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\titaninxp.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\TPSrv.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\trickler.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\trjscan.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\trjsetup.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\trojantrap3.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\TrustWarrior.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tsadbot.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tsc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tvmd.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tvtmd.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\undoboot.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\updat.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\upgrad.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\utpost.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbcmserv.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbcons.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbust.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbwin9x.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbwinntw.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vcsetup.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vet32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vet95.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vettray.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vfsetup.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vir-help.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\virusmdpersonalfirewall.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\VisthAux.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\VisthLic.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\VisthUpd.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vnlan300.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vnpc3000.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vpc32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vpc42.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vpfw30s.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vptray.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vscan40.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vscenu6.02d30.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsched.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsecomr.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vshwin32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsisetup.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsmain.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsmon.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsstat.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vswin9xe.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vswinntse.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vswinperse.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\w32dsm89.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\W3asbas.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\w9x.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\watchdog.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\webdav.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\WebProxy.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\webscanx.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\webtrap.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wfindv32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\whoswatchingme.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wimmun32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\win-bugsfix.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\win32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\win32us.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winactive.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winav.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\windll32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\window.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\windows Police Pro.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\windows.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wininetd.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wininitx.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winlogin.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winmain.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winppr32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winrecon.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winservn.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winssk32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winstart.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winstart001.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wintsk32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winupdate.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wkufind.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wnad.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wnt.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wradmin.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wrctrl.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wsbgate.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wscfxas.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wscfxav.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wscfxfw.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wsctool.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wupdater.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wupdt.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wyvernworksfirewall.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\xpdeluxe.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\xpf202en.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\xp_antispyware.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zapro.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zapsetup3001.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zatutor.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zonalm2601.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zonealarm.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\_avp32.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\_avpcc.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\_avpm.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\~1.exe
(SZ)Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\~2.exe
(SZ)Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Armature Master (Adware.Win32.WindowsArmatureMaster)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Debugging Agent Adware Removal Instructions

emsi — Sun, 24 Jul 2011 02:09:19 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Debugging Agent adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsDebuggingAgent.

Windows Debugging Agent is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings
(DWORD) WarnOnHTTPSToHTTPRedirect = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Internet Settings
(DWORD) WarnOnHTTPSToHTTPRedirect = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Debugging Agent (Adware.Win32.WindowsDebuggingAgent)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Accurate Protector Adware Removal Instructions

emsi — Sun, 24 Jul 2011 01:58:17 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Accurate Protector adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsAccurateProtector.

Windows Accurate Protector is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings
(DWORD) WarnOnHTTPSToHTTPRedirect = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Internet Settings
(DWORD) WarnOnHTTPSToHTTPRedirect = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Accurate Protector (Adware.Win32.WindowsAccurateProtector)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Security Shield Adware Removal Instructions

emsi — Sun, 24 Jul 2011 01:48:06 +0000

The Emsisoft malware research team has discoverd a new outbreak of the Security Shield adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.SecurityShield.

Security Shield is a rogue application, this is another variant of Security Tool or Security Shield with different color scheme. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%UserProfile%\Local Settings\Application Data\%random%.exe
%UserProfile%\Start Menu\Programs\Security Shield.lnk

Screenshots:

How to remove the infection of Security Shield (Adware.Win32.SecurityShield)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Vulnerabilities Rescuer Adware Removal Instructions

emsi — Sat, 09 Jul 2011 08:46:58 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Vulnerabilities Rescuer adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsVulnerabilitiesRescuer.

Windows Vulnerabilities Rescuer is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Vulnerabilities Rescuer (Adware.Win32.WindowsVulnerabilitiesRescuer)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Test Master Adware Removal Instructions

emsi — Sat, 09 Jul 2011 08:36:44 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Test Master adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsTestMaster.

Windows Test Master is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Test Master (Adware.Win32.WindowsTestMaster)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Salvor Tool Adware Removal Instructions

emsi — Sat, 09 Jul 2011 08:28:54 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Salvor Tool adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsSalvorTool.

Windows Salvor Tool is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Salvor Tool (Adware.Win32.WindowsSalvorTool)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Proofness Guarantor Adware Removal Instructions

emsi — Fri, 08 Jul 2011 19:31:13 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Proofness Guarantor adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsProofnessGuarantor.

Windows Proofness Guarantor is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Proofness Guarantor (Adware.Win32.WindowsProofnessGuarantor)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Debugging Center Adware Removal Instructions

emsi — Fri, 08 Jul 2011 19:20:24 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Debugging Center adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsDebuggingCenter.

Windows Debugging Center is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Debugging Center (Adware.Win32.WindowsDebuggingCenter)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Inviolability System Adware Removal Instructions

emsi — Tue, 05 Jul 2011 09:52:24 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Inviolability System adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsInviolabilitySystem.

Windows Inviolability System is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Inviolability System (Adware.Win32.WindowsInviolabilitySystem)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows AV Component Adware Removal Instructions

emsi — Tue, 05 Jul 2011 09:45:16 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows AV Component adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsAVComponent.

Windows AV Component is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows AV Component (Adware.Win32.WindowsAVComponent)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Antivirus System Adware Removal Instructions

emsi — Tue, 05 Jul 2011 09:36:23 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Antivirus System adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsAntivirusSystem.

Windows Antivirus System is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Antivirus System (Adware.Win32.WindowsAntivirusSystem)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Antispy Network Adware Removal Instructions

emsi — Tue, 05 Jul 2011 09:25:48 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Antispy Network adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsAntispyNetwork.

Windows Antispy Network is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Antispy Network (Adware.Win32.WindowsAntispyNetwork)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Antidanger Center Adware Removal Instructions

emsi — Tue, 28 Jun 2011 16:16:52 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Antidanger Center adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsAntidangerCenter.

Windows Antidanger Center is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Antidanger Center (Adware.Win32.WindowsAntidangerCenter)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Accelerating Utility Adware Removal Instructions

emsi — Thu, 23 Jun 2011 12:05:58 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Accelerating Utility adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsAcceleratingUtility.

Windows Accelerating Utility is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Accelerating Utility (Adware.Win32.WindowsAcceleratingUtility)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

System Smart Security Adware Removal Instructions

emsi — Sat, 11 Jun 2011 05:09:45 +0000

The Emsisoft malware research team has discoverd a new outbreak of the System Smart Security adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.SystemSmartSecurity.

System Smart Security is a rogue security software that show false warning messages and show misleading scan results, this is another variant from Smart Engine, Smart Security, My Security Shield, Security Master AV, My Security Engine, or CleanUP Antivirus. It will start automatically when your computer starts. The installer will also create numerous harmless files on your computer, usually at Recent folder, that are used to impersonate malware files. Once the program is running it will scan your computer and then display these files as infections, but will not allow you to remove them until you purchase the program.

Create new files:

%AllUsersProfile%\Application Data\73f1ad\
%AllUsersProfile%\Application Data\73f1ad\SS73f_2121.exe
%AllUsersProfile%\Application Data\73f1ad\SSS.ico
%AllUsersProfile%\Application Data\73f1ad\Quarantine Items\
%AllUsersProfile%\Application Data\73f1ad\SSSSys\
%AllUsersProfile%\Application Data\SSXPJHOS\
%AllUsersProfile%\Application Data\SSXPJHOS\SSGRCS.cfg
%UserProfile%\Desktop\System Smart Security.lnk
%UserProfile%\Recent\exec.exe
%UserProfile%\Recent\fix.exe
%UserProfile%\Recent\kernel32.exe
%UserProfile%\Recent\PE.dll
%UserProfile%\Recent\PE.drv
%UserProfile%\Recent\runddl.exe
%UserProfile%\Recent\SICKBOY.drv
%UserProfile%\Recent\sld.drv
%UserProfile%\Recent\tjd.dll
%UserProfile%\Recent\tjd.sys
%UserProfile%\Recent\ANTIGEN.dll
%UserProfile%\Recent\ANTIGEN.drv
%UserProfile%\Recent\cid.drv
%UserProfile%\Recent\ddv.drv
%UserProfile%\Start Menu\System Smart Security.lnk
%UserProfile%\Start Menu\Programs\System Smart Security.lnk

Create/modify registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID\: “SS73f_2121.DocHostUIHandler”
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32\: “C:\DOCUME~1\ALLUSE~1\APPLIC~1\73f1ad\SS73F_~1.EXE”
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\: “Implements DocHostUIHandler”
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SS73f_2121.DocHostUIHandler\Clsid\: “{3F2BBC05-40DF-11D2-9455-00104BC936FF}”
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SS73f_2121.DocHostUIHandler\: “Implements DocHostUIHandler”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon9x.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti-trojan.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Anti-Virus Professional.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntispywarXP2009.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirus.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPro_2010.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxppro2009.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus_Pro.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ants.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apimonitor.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aplica32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arr.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Arrakis3.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashAvast.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashBug.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashChest.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashCnsnt.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashMaiSv.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashPopWz.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashQuick.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimp2.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimpl.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPcc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPck.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashWebSv.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswChLic.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRegSvr.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRunDll.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atguard.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atro55en.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atupdater.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atwatch.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\au.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aupdate.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto-protect.nav80try.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autodown.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autotrace.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoupdate.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avciman.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ave32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcc32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgchk.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcmgr.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrvx.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgctrl.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgdumpx.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgiproxy.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnsx.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsx.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgscanx.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv9.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgsrmax.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgtray.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgui.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgupd.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgw.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkpop.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkserv.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkservice.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwctl9.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avltmain.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmailc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmcdlg.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnt.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpcc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpdos32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpm.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avptc32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpupd.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsched32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsynmgr.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avupgsvc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin95.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwinnt.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwsc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupsrv.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitor9x.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitornt.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxquar.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\b.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\backweb.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bargains.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvcl.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvwiz.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDInProcPatch.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdmcon.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDMsnScan.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdreinit.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdsubwiz.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDSurvey.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdtkexec.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdwizreg.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bd_professional.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\belt.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidef.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidserver.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcp.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcpevalsetup.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bisp.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackd.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackice.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blink.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blss.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootconf.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootwarn.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\borg2.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brasil.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brw.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bs120.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bspatch.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundle.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bvt.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\c.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cavscan.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccevtmgr.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccpxysvc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cdp.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfd.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfgwiz.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiadmin.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiaudit.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpconfg.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfplogvw.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cl.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95cf.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clean.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner3.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanIELow.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanpc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\click.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmesys.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmgrdian.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmon016.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\connectionmonitor.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\control\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpd.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf9x206.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpfnt206.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\crashrep.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssconfg.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssupdat.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssurf.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctrl.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cv.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwnb181.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwntdwmo.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\d.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\datemanager.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dcomx.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defalert.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defscangui.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defwatch.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deloeminfs.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deputy.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllcache.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllreg.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\doors.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpf.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpfsetup.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpps2.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\driverctrl.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwatson.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dssagent.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95_0.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\efpeadm.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\emsw.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ent.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\esafe.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanhnt.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanv95.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\espwatch.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ethereal.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\etrustcipe.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\evpn.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exantivirus-cnet.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exe.avxw.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\expert.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explore.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-agnt95.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot95.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-stopw.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fact.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fast.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fch32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fih32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\findviru.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firewall.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixcfg.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixfp.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win_trial.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frmwrk32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frw.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsaa.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530stbyb.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530wtbyb.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav95.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsgk32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsm32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsma32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsmb32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gator.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gav.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbmenu.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbpoll.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\generics.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gmt.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guard.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guarddog.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hacktracersetup.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbinst.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbsrv.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\History.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotactio.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotpatch.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htlog.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htpatch.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hwpe.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxdl.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxiul.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamapp.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamserv.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamstats.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmasn.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmavsp.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icload95.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icloadnt.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmon.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsupp95.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsuppnt.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Identity.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idle.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedll.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedriver.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEShow.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iface.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ifw2000.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\inetlnfo.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infus.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infwin.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe \Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[1].exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[2].exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[3].exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[4].exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[5].exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\intdel.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\intren.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iomon98.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\istsvc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jammer.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jdbgmrg.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\JsRcGen.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavlite40eng.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpers40eng.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpf.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kazza.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\keenvalue.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-pf-213-en-win.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrl-421-en-win.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrp-421-en-win.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\killprocesssetup161.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldnetmon.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpro.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpromenu.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldscan.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\licmgr.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\livesrv.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lnetinfo.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loader.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\localnet.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown2000.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lookout.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lordpe.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsetup.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luall.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luau.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lucomserver.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luinit.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luspt.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MalwareRemoval.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mapisvc32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcagent.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmnhdlr.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmscsvc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcnasvc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcproxy.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McSACore.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshell.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mctool.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcupdate.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsrte.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\md.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfin32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfw2en.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfweng3.02d30.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrtcl.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrte.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mghtml.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgui.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\minilog.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmod.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monitor.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\moolive.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfagent.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfservice.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPFSrv.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpftray.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrflux.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrt.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msapp.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msbb.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msblast.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscache.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msccn32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscman.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msdm.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msdos.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msfwsvc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msiexec16.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mslaugh.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmgt.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmsgri32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssmmc32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssys.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msvxd.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mu0311ad.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mwatch.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\n32scanw.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nav.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navap.navapsvc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navdx.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navlu32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navnt.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navstub.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navwnt.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nc2000.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ncinst4.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndd32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neomonitor.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neowatchlog.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netarmor.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netd32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netinfo.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netmon.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netscanpro.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netspyhunter-1.2.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netutils.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisserv.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisum.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nmain.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\normist.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\norton_internet_secu_3.0_407.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notstart.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npf40_tw_98_nt_me_2k.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfmessenger.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nprotect.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npscheck.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npssvc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsched32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nssys32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nstask32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsupdate.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nt.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntrtscan.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntxconfig.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nui.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nupgrade.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvarch16.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvc95.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvsvc32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwinst4.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwservice.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwtool16.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAcat.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAhlp.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAReg.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oasrv.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaui.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaview.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OcHealthMon.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ODSW.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ollydbg.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OLT.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onsrvr.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\optimize.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ostronet.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\otfix.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostinstall.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostproinstall.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\padmin.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\panixk.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\patch.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pav.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavcl.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PavFnSvr.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavproxy.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavprsrv.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsched.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsrv51.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavw.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccwin98.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcfwallicon.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcip10117_0.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcscan.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsAuxs.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsGui.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsTray.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PC_Antispyware2010.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdfndr.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdsetup.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PerAvir.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\periscope.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\persfw.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\perswf.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pf2.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfwadmin.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pgmonitr.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pingscan.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pop3trap.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\poproxy.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\popscan.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\portdetective.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\portmonitor.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerscan.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppinupdt.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pptbc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppvstop.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prizesurfer.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prmt.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prmvr.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procdump.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\processmonitor.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexplorerv1.0.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\programauditor.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\proport.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectx.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANCU.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANHost.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANToManager.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsCtrls.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsImSvc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PskSvc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pspf.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSUNMain.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\purge.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qconsole.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qh.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qserver.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quick Heal.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QuickHealCleaner.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rapapp.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7win.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav8win32eng.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ray.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rb32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rcsync.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\realmon.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\reged.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rrguard.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rscdwld.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rshell.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscan.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscn95.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rulaunch.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeweb.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sahagent.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Save.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveArmor.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveDefense.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveKeep.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\savenow.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sbserv.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scam32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan95.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanpm.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scrscan.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\seccenter.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secure Veteran.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\secureveteran.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Security Center.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityFighter.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\securitysoldier.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\serv95.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setloadorder.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setupvameeval.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup_flowprotector_us.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sgssfw32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sh.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shellspyinstall.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shield.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shn.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\showbehind.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\signcheck.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smart.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartprotector.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smrtdefp.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sms.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smss32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snetcfg.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\soap.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sofi.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SoftSafeness.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sperm.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spf.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sphinx.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolcv.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spywarexpguard.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spyxx.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\srexe.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\srng.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ss3edit.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ssgrate.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ssg_4104.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\st2.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\start.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stcloader.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\supftrl.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\support.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\supporter5.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchostc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchosts.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svshost.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweep95.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweepnet.sweepsrv.sys.swnetsup.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symproxysvc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symtray.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\system.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\system32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sysupd.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taumon.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbscan.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tca.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcm.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds-3.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-98.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-nt.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\teekids.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak5.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tgbob.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titanin.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titaninxp.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TPSrv.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trickler.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjscan.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjsetup.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trojantrap3.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrustWarrior.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsadbot.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvmd.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvtmd.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uiscan.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\undoboot.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\updat.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upgrad.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upgrepl.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utpost.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcmserv.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcons.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbust.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwin9x.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwinntw.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcsetup.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet95.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vettray.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vfsetup.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\virusmdpersonalfirewall.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthAux.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthLic.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthUpd.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnlan300.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnpc3000.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc42.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpfw30s.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vptray.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscan40.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscenu6.02d30.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsched.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsecomr.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vshwin32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsisetup.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmain.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmon.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswin9xe.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinntse.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinperse.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\w32dsm89.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\W3asbas.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\w9x.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\watchdog.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webdav.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WebProxy.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webtrap.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wfindv32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\whoswatchingme.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wimmun32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\win-bugsfix.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\win32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\win32us.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winactive.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winav.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windll32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\window.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows Police Pro.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wininetd.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wininitx.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winlogin.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winmain.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winppr32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winrecon.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winservn.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winss.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winssk32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winssnotify.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WinSSUI.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart001.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintsk32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupdate.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wkufind.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnad.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnt.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wradmin.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wrctrl.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsbgate.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxas.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxav.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxfw.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsctool.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdater.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wyvernworksfirewall.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpdeluxe.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpf202en.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp_antispyware.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutor.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonalm2601.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpm.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe\Debugger: “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe\Debugger: “svchost.exe”
HKEY_USER\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\URL: “http://findgala.com/?&uid=2121&q={searchTerms}”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IIL: 0×00000000
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\ltHI: 0×00000000
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\ltTST: 0x00008BC3
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PRS: “http://127.0.0.1:27777/?inj=%ORIGINAL%”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\RunInvalidSignatures: 0×00000001
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU\Enable: 0×00000001
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU\Size: 0x0000000A
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits: 0×00000064
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU\Factor: 0×00000014
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\MSCompatibilityMode: 0×00000000
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\URL: “http://findgala.com/?&uid=2121&q={searchTerms}”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\UID: “2121″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer: “http=127.0.0.1:25430″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\78690298603: “”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\Version/12.02121: “”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun: 0×00000001
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\0: “msseces.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\1: “MSASCui.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\2: “ekrn.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\3: “egui.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\4: “avgnt.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\5: “avcenter.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\6: “avscan.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\7: “avgfrw.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\8: “avgui.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\9: “avgtray.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\10: “avgscanx.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\11: “avgcfgex.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\12: “avgemc.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\13: “avgchsvx.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\14: “avgcmgr.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\15: “avgwdsvc.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\System Smart Security: “”%AllUsersProfile%\Application Data\73f1ad\SS73f_2121.exe” /s /d”
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes\URL: “http://findgala.com/?&uid=2121&q={searchTerms}”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures: “no”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable: 0×00000001

Screenshots:

How to remove the infection of System Smart Security (Adware.Win32.SystemSmartSecurity)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Personal Shield Pro Adware Removal Instructions

emsi — Sat, 11 Jun 2011 04:22:23 +0000

The Emsisoft malware research team has discovered a new outbreak of the Personal Shield Pro adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.PersonalShieldPro.

Personal Shield Pro is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new file:

%AllUsersProfile%\Application Data\%random%.exe

Create new registry entry:

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run
(String) %random% = %AllUsersProfile%\Application Data\%random%.exe –run

Screenshots:

How to remove the infection of Personal Shield Pro (Adware.Win32.PersonalShieldPro)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Work Checker Adware Removal Instructions

emsi — Fri, 10 Jun 2011 19:53:05 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Work Checker adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsWorkChecker.

Windows Work Checker is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Work Checker (Adware.Win32.WindowsWorkChecker)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Monitoring Utility Adware Removal Instructions

emsi — Fri, 10 Jun 2011 19:52:20 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Monitoring Utility adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsMonitoringUtility.

Windows Monitoring Utility is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Monitoring Utility (Adware.Win32.WindowsMonitoringUtility)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Examination Utility Adware Removal Instructions

emsi — Fri, 10 Jun 2011 19:51:44 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Examination Utility adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsExaminationUtility.

Windows Examination Utility is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Examination Utility (Adware.Win32.WindowsExaminationUtility)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Troubles Killer Adware Removal Instructions

emsi — Fri, 10 Jun 2011 13:28:43 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Troubles Killer adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsTroublesKiller.

Windows Troubles Killer is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Troubles Killer (Adware.Win32.WindowsTroublesKiller)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Protection Alarm Adware Removal Instructions

emsi — Fri, 10 Jun 2011 13:19:59 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Protection Alarm adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsProtectionAlarm.

Windows Protection Alarm is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Protection Alarm (Adware.Win32.WindowsProtectionAlarm)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Rescue Center Adware Removal Instructions

emsi — Sat, 04 Jun 2011 04:50:39 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Rescue Center adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsRescueCenter.

Windows Rescue Center is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Rescue Center (Adware.Win32.WindowsRescueCenter)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Crashes Deliverer Adware Removal Instructions

emsi — Sat, 04 Jun 2011 04:42:57 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Crashes Deliverer adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsCrashesDeliverer.

Windows Crashes Deliverer is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Crashes Deliverer (Adware.Win32.WindowsSaviourFirewall)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Saviour Firewall Adware Removal Instructions

emsi — Sat, 04 Jun 2011 04:34:32 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Saviour Firewall adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsSaviourFirewall.

Windows Saviour Firewall is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Saviour Firewall (Adware.Win32.WindowsSaviourFirewall)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Averting System Adware Removal Instructions

emsi — Sat, 04 Jun 2011 04:25:41 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Averting System adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsAvertingSystem.

Windows Averting System is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Averting System (Adware.Win32.WindowsAvertingSystem)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Accidents Prevention Adware Removal Instructions

emsi — Sat, 04 Jun 2011 04:14:13 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Troubles Solver adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsAccidentsPrevention.

Windows Accidents Prevention is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Accidents Prevention (Adware.Win32.WindowsAccidentsPrevention)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Troubles Solver Adware Removal Instructions

emsi — Thu, 02 Jun 2011 11:08:01 +0000

Windows Troubles Solver is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Troubles Solver (Adware.Win32.WindowsTroublesSolver)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Anticrashes Utility Adware Removal Instructions

emsi — Thu, 02 Jun 2011 09:15:14 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Anticrashes Utility adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsAnticrashesUtility.

Windows Anticrashes Utility is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Anticrashes Utility (Adware.Win32.WindowsAnticrashesUtility)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Risks Preventions Adware Removal Instructions

emsi — Sat, 28 May 2011 06:16:25 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Risks Preventions adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsRisksPreventions.

Windows Risks Preventions is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Risks Preventions (Adware.Win32.WindowsRisksPreventions)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Custom Settings Adware Removal Instructions

emsi — Sat, 28 May 2011 06:09:15 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Custom Settings adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsCustomSettings.

Windows Custom Settings is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Custom Settings (Adware.Win32.WindowsCustomSettings)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Firewall Unit Adware Removal Instructions

emsi — Fri, 27 May 2011 14:39:06 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Firewall Unit adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsFirewallUnit.

Windows Firewall Unit is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Firewall Unit (Adware.Win32.WindowsFirewallUnit)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Safeguard Utility Adware Removal Instructions

emsi — Tue, 24 May 2011 09:35:33 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Safeguard Utility adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsSafeguardUtility.

Windows Safeguard Utility is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Safeguard Utility (Adware.Win32.WindowsSafeguardUtility)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Repairing System Adware Removal Instructions

emsi — Tue, 24 May 2011 08:06:21 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Repairing System adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsRepairingSystem.

Windows Repairing System is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Repairing System (Adware.Win32.WindowsRepairingSystem)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Precautions Center Adware Removal Instructions

emsi — Tue, 24 May 2011 07:50:12 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Precautions Center adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsPrecautionsCenter.

Windows Precautions Center is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Precautions Center (Adware.Win32.WindowsPrecautionsCenter)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows System Tasks Adware Removal Instructions

emsi — Fri, 20 May 2011 07:22:30 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows System Tasks adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsSystemTasks.

Windows System Tasks is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows System Tasks (Adware.Win32.WindowsSystemTasks)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Protection Servant Adware Removal Instructions

emsi — Fri, 20 May 2011 07:12:40 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Protection Servant adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsProtectionServant.

Windows Protection Servant is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Protection Servant (Adware.Win32.WindowsProtectionServant)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Activity Inspector Adware Removal Instructions

emsi — Thu, 19 May 2011 12:55:04 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Activity Inspector adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsActivityInspector.

Windows Activity Inspector is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Activity Inspector (Adware.Win32.WindowsActivityInspector)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Win XP Recovery Adware Removal Instructions

emsi — Tue, 17 May 2011 12:38:49 +0000

The Emsisoft malware research team has discovered a new outbreak of the WinXPRecovery adware or also known as Windows XP Recovery. Emsisoft Anti-Malware detects this malware as Adware.Win32.WinXPRecovery.

Windows XP Recovery is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Variants of the rogue defragmenter:

Create new files:

%AllUsersProfile%\Application Data\~%random%
%AllUsersProfile%\Application Data\~%random%
%AllUsersProfile%\Application Data\%random%
%AllUsersProfile%\Application Data\%random%.exe
%UserProfile%\Desktop\Windows XP Recovery.lnk
%UserProfile%\Start Menu\Programs\Windows XP Recovery\
%UserProfile%\Start Menu\Programs\Windows XP Recovery\Uninstall Windows XP Recovery.lnk
%UserProfile%\Start Menu\Programs\Windows XP Recovery\Windows XP Recovery.lnk

Create/modify registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\
DisableTaskMgr: 0×00000001

HKEY_CURRENT_USER\Software\
75fa38b7-8b94-4995-ad32-52e938867954:
BD: 43 00 3A 00 5C 00 44 00 6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 73 00 20 00 61 00…

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\
Use FormSuggest: “Yes”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
WarnonBadCertRecving: 0×00000000
CertificateRevocation: 0×00000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\
NoChangingWallPaper: 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\
LowRiskFileTypes: “/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\
SaveZoneInformation: 0×00000001

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDesktop = 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\
DisableTaskMgr: 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
%random%: “%AllUsersProfile%\Application Data\%random%.exe”

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\
CheckExeSignatures: “no”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Hidden: 0×00000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
ShowSuperHidden: 0×00000000

Screenshots:

How to remove the infection of Windows XP Recovery (Adware.Win32.WinXPRecovery)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Tweaking Utility Adware Removal Instructions

emsi — Tue, 17 May 2011 12:16:22 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Tweaking Utility adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsTweakingUtility.

Windows Tweaking Utility is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Tweaking Utility (Adware.Win32.WindowsTweakingUtility)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Inspection Utility Adware Removal Instructions

emsi — Thu, 12 May 2011 12:48:06 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Inspection Utility adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsInspectionUtility.

Windows Inspection Utility is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Inspection Utility (Adware.Win32.WindowsInspectionUtility)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Supervision Center Adware Removal Instructions

emsi — Thu, 12 May 2011 12:00:06 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Supervision Center adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsSupervisionCenter.

Windows Supervision Center is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Supervision Center (Adware.Win32.Windows Supervision Center)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Oversight Center Adware Removal Instructions

emsi — Tue, 10 May 2011 08:13:27 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Oversight Center adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsOversightCenter.

Windows Oversight Center is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Oversight Center (Adware.Win32.WindowsOversightCenter)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

FakeBitDef2011 Adware Removal Instructions

emsi — Wed, 04 May 2011 18:15:22 +0000

The Emsisoft malware research team has discovered a new outbreak of the Fake BitDefender 2011 or FakeBitDef2011 adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.FakeBitDef2011.

FakeBitDef2011 is a rogue application. The maker of this rogue, gave it the same name as one of the security product. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%ProgramFiles%\BitDefender 2011\
%ProgramFiles%\BitDefender 2011\bitdefender.exe
%Windir%\system32\iesafemode.exe
%AllUsersProfile%\Start Menu\BitDefender 2011\
%AllUsersProfile%\Start Menu\BitDefender 2011\BitDefender 2011.lnk
%AllUsersProfile%\Start Menu\BitDefender 2011\Uninstall.lnk
%UserProfile%\Desktop\BitDefender 2011.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe\
Debugger: “iesafemode.exe -sb”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\
Debugger: “iesafemode.exe -sb”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\
Debugger: “iesafemode.exe -sb”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe\
Debugger: “iesafemode.exe -sb”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe\
Debugger: “iesafemode.exe -sb”
HKEY_CURRENT_USER\Software\EVA40A\
HKEY_CURRENT_USER\Software\Mon40A\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
BitDefender 2011: “%ProgramFiles%\BitDefender 2011\bitdefender.exe”

Screenshots:

How to remove the infection of FakeBitDef2011 (Adware.Win32.FakeBitDef2011)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Antivirus Clean 2011 Adware Removal Instructions

emsi — Wed, 13 Apr 2011 16:01:02 +0000

The Emsisoft malware research team has discovered a new outbreak of the Antivirus Clean 2011 adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.AntivirusClean2011.

Antivirus Clean 2011 is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%ProgramFiles%\Antivirus Clean 2011\
%ProgramFiles%\Antivirus Clean 2011\avservice.exe
%ProgramFiles%\Antivirus Clean 2011\avsetup.exe
%ProgramFiles%\Antivirus Clean 2011\avc2011.exe

Create new registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run
AntivirusClean = %ProgramFiles%\Antivirus Clean 2011\avc2011.exe
avservice = %ProgramFiles%\Antivirus Clean 2011\avservice.exe

Screenshots:

How to remove the infection of Antivirus Clean 2011 (Adware.Win32.AntivirusClean2011)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Restore Adware Removal Instructions

emsi — Fri, 08 Apr 2011 06:55:33 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Restore adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsRestore.

Windows Restore is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Variants of the rogue defragmenter:

Create new files:

%AllUsersProfile%\Application Data\%random%
%AllUsersProfile%\Application Data\%random%.exe
%AllUsersProfile%\Application Data\%random%.exe
%UserProfile%\Desktop\Windows Restore.lnk
%UserProfile%\Start Menu\Programs\Windows Restore\
%UserProfile%\Start Menu\Programs\Windows Restore\Uninstall Windows Restore.lnk
%UserProfile%\Start Menu\Programs\Windows Restore\Windows Restore.lnk

Create/modify registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\
DisableTaskMgr: 0×00000001

HKEY_CURRENT_USER\Software\
75fa38b7-8b94-4995-ad32-52e938867954:
BD: 43 00 3A 00 5C 00 44 00 6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 73 00 20 00 61 00…

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\
Use FormSuggest: “Yes”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
WarnonBadCertRecving: 0×00000000
CertificateRevocation: 0×00000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\
NoChangingWallPaper: 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\
LowRiskFileTypes: “/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\
SaveZoneInformation: 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\
DisableTaskMgr: 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
%random%: “%AllUsersProfile%\Application Data\%random%.exe”

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\
CheckExeSignatures: “no”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Hidden: 0×00000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
ShowSuperHidden: 0×00000000

Screenshots:

How to remove the infection of Windows Restore (Adware.Win32.WindowsRestore)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Passport Utility Adware Removal Instructions

emsi — Tue, 05 Apr 2011 09:12:29 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Passport Utility adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsPassportUtility.

Windows Passport Utility is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Passport Utility (Adware.Win32.WindowsPassportUtility)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Process Regulator Adware Removal Instructions

emsi — Tue, 05 Apr 2011 09:02:12 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Process Regulator adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsProcessRegulator.

Windows Process Regulator is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Process Regulator (Adware.Win32.WindowsProcessRegulator)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Repair Adware Removal Instructions

emsi — Tue, 05 Apr 2011 08:53:36 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Repair adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsRepair.

Windows Repair is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Variants of the rogue defragmenter:

Create new files:

%AllUsersProfile%\Application Data\%random%
%AllUsersProfile%\Application Data\%random%.exe
%AllUsersProfile%\Application Data\%random%.exe
%UserProfile%\Desktop\Windows Repair.lnk
%UserProfile%\Start Menu\Programs\Windows Repair\
%UserProfile%\Start Menu\Programs\Windows Repair\Uninstall Windows Repair.lnk
%UserProfile%\Start Menu\Programs\Windows Repair\Windows Repair.lnk

Create/modify registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\
DisableTaskMgr: 0×00000001

HKEY_CURRENT_USER\Software\
75fa38b7-8b94-4995-ad32-52e938867954:
BD: 43 00 3A 00 5C 00 44 00 6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 73 00 20 00 61 00…

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\
Use FormSuggest: “Yes”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
WarnonBadCertRecving: 0×00000000
CertificateRevocation: 0×00000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\
NoChangingWallPaper: 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\
LowRiskFileTypes: “/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\
SaveZoneInformation: 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\
DisableTaskMgr: 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
%random%: “%AllUsersProfile%\Application Data\%random%.exe”

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\
CheckExeSignatures: “no”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Hidden: 0×00000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
ShowSuperHidden: 0×00000000

Screenshots:

How to remove the infection of Windows Repair (Adware.Win32.WindowsRepair)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Recovery Adware Removal Instructions

emsi — Tue, 05 Apr 2011 08:04:41 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Recovery adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsRecovery.

Windows Recovery is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Variants of the rogue defragmenter:

Create new files:

%AllUsersProfile%\Application Data\%random%
%AllUsersProfile%\Application Data\%random%.exe
%AllUsersProfile%\Application Data\%random%.exe
%AllUsersProfile%\Application Data\~%random%
%AllUsersProfile%\Application Data\~%random%r
%UserProfile%\Desktop\Windows Recovery.lnk
%UserProfile%\Local Settings\Temp\%random%.tmp
%UserProfile%\Local Settings\Temp\%random%.tmp
%UserProfile%\Start Menu\Programs\Windows Recovery\
%UserProfile%\Start Menu\Programs\Windows Recovery\Uninstall Windows Recovery.lnk
%UserProfile%\Start Menu\Programs\Windows Recovery\Windows Recovery.lnk

Create/modify registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\
DisableTaskMgr: 0×00000001

HKEY_CURRENT_USER\Software\
75fa38b7-8b94-4995-ad32-52e938867954:
BD: 43 00 3A 00 5C 00 44 00 6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 73 00 20 00 61 00…

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\
Use FormSuggest: “Yes”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
WarnonBadCertRecving: 0×00000000
CertificateRevocation: 0×00000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\
NoChangingWallPaper: 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\
LowRiskFileTypes: “/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\
SaveZoneInformation: 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\
DisableTaskMgr: 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
EAGueaRwrDlOoPP: “%AllUsersProfile%\Application Data\EAGueaRwrDlOoPP.exe”

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\
CheckExeSignatures: “no”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Hidden: 0×00000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
ShowSuperHidden: 0×00000000

Screenshots:

How to remove the infection of Windows Recovery (Adware.Win32.WindowsRecovery)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Simple Protector Adware Removal Instructions

emsi — Tue, 05 Apr 2011 05:47:37 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Simple Protector adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsSimpleProtector.

Windows Simple Protector is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Simple Protector (Adware.Win32.WindowsSimpleProtector)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Stability Center Adware Removal Instructions

emsi — Fri, 01 Apr 2011 10:03:50 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Stability Center adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsStabilityCenter.

Windows Stability Center is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Stability Center (Adware.Win32.WindowsStabilityCenter)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Power Expansion Adware Removal Instructions

emsi — Fri, 01 Apr 2011 09:57:29 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Power Expansion adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsPowerExpansion.

Windows Power Expansion is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Power Expansion (Adware.Win32.WindowsPowerExpansion)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Expansion System Adware Removal Instructions

emsi — Fri, 01 Apr 2011 09:45:26 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Expansion System adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsExpansionSystem.

Windows Expansion System is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Expansion System (Adware.Win32.WindowsExpansionSystem)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Background Protector Adware Removal Instructions

emsi — Fri, 25 Mar 2011 14:06:09 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Background Protector adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsBackgroundProtector.

Windows Background Protector is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Background Protector (Adware.Win32.WindowsBackgroundProtector)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Lowlevel Solution Adware Removal Instructions

emsi — Fri, 25 Mar 2011 13:56:19 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Lowlevel Solution adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsLowlevelSolution.

Windows Lowlevel Solution is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Lowlevel Solution (Adware.Win32.WindowsLowlevelSolution)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Support System Adware Removal Instructions

emsi — Tue, 22 Mar 2011 07:36:23 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Support System adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsSupport System.

Windows Support System is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Support System (Adware.Win32.WindowsSupportSystem)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Emergency System Adware Removal Instructions

emsi — Sat, 19 Mar 2011 09:51:37 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Emergency System adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsEmergencySystem.

Windows Emergency System is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Emergency System (Adware.Win32.WindowsEmergencySystem)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Threats Removing Adware Removal Instructions

emsi — Sat, 19 Mar 2011 09:44:42 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Threats Removing adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsThreatsRemoving.

Windows Threats Removing is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Threats Removing (Adware.Win32.WindowsThreatsRemoving)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Remedy Adware Removal Instructions

emsi — Wed, 16 Mar 2011 06:11:08 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Remedy adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsRemedy.

Windows Remedy is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Another variants:

Create new file:

%UserProfile%\Application Data\Microsoft\%random%.exe

Create/modify registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
(String) Shell = %UserProfile%\Application Data\Microsoft\%random%.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\SystemRestore
(DWORD) DisableSR = 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
(DWORD) EnableLUA = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
(DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\afwserv.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastsvc.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avastui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe
(String) Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
(String) Debugger = svchost.exe

Screenshots:

How to remove the infection of Windows Remedy (Adware.Win32.WindowsRemedy)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Emsisoft New Malware Blog » Removal Help

Antivirus Smart Protection Rogue Removal Instructions

Related Posts:

Malware Protection Center Rogue Removal Instructions

Related Posts:

Smart Protection 2012 Rogue Removal Instructions

Related Posts:

Internet Security 2012 Rogue Removal Instructions

Related Posts:

Internet Security Guard Rogue Removal Instructions

Related Posts:

System Check Rogue Removal Instructions

Related Posts:

Super AV Rogue Removal Instructions

Related Posts:

Home Security Solutions Rogue Removal Instructions

Related Posts:

Security Monitor 2012 Rogue Removal Instructions

Related Posts:

XP Antivirus 2012 (MultiFakeAV) Rogue Removal Instructions

Related Posts:

Cloud AV 2012 Rogue Removal Instructions

Related Posts:

AV Protection 2011 Rogue Removal Instructions

Related Posts:

System Fix Rogue Removal Instructions

Related Posts:

AV Security 2012 Adware Removal Instructions

Related Posts:

Privacy Protection Adware Removal Instructions

Related Posts:

System Security 2011 Adware Removal Instructions

Related Posts:

AV Protection Online Adware Removal Instructions

Related Posts:

Cloud Protection Adware Removal Instructions

Related Posts:

Guard Online Adware Removal Instructions

Related Posts:

System Restore Adware Removal Instructions

Related Posts:

AV Guard Online Adware Removal Instructions

Related Posts:

Security Guard 2012 Adware Removal Instructions

Related Posts:

Security Sphere 2012 Removal Instructions

Related Posts:

Data Restore Adware Removal Instructions

Related Posts:

Total Protect Adware Removal Instructions

Related Posts:

Data Recovery Adware Removal Instructions

Related Posts:

OpenCloud Security Adware Removal Instructions

Related Posts:

System Recovery Adware Removal Instructions

Related Posts:

Master Utilities Adware Removal Instructions

Related Posts:

PC Repair Adware Removal Instructions

Related Posts:

OpenCloud Antivirus Adware Removal Instructions

Related Posts:

HDD Repair Adware Removal Instructions

Related Posts:

Home Safety Essentials Adware Removal Instructions

Related Posts:

System Repair Adware Removal Instructions

Related Posts:

Security Protection Adware Removal Instructions

Related Posts:

XP Home Security 2012 Adware Removal Instructions

Related Posts:

Wolfram Antivirus Adware Removal Instructions

Related Posts:

Zentom System Guard Adware Removal Instructions

Related Posts:

BlueFlare Antivirus Adware Removal Instructions

Related Posts:

Windows Armour Master Adware Removal Instructions