Emsisoft New Malware Blog

Antivir Solution Pro Adware Removal Instructions

emsi — Tue, 20 Jul 2010 08:25:25 +0000

The Emsisoft malware research team has discoverd a new outbreak of the Antivir Solution Pro adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.AntivirSolutionPro.

Antivir Solution Pro is a rogue security program, this is a new variant from AVSecuritySuite, Antivirus Suite, and Antivirus Soft. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new file:

%UserProfile%\Local Settings\Application Data\%random%\%random%.exe

Create new registry entries:

HKEY_LOCAL_MACHINE\software\AVSolution
HKEY_LOCAL_MACHINE\software\AVSuitE
HKEY_CURRENT_USER\software\AVSolution
HKEY_CURRENT_USER\software\AVSuitE
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “%random%”
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “%random%”
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyServer = http=127.0.0.1:5643
ProxyOverride =
HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\PhishingFilter
EnabledV8 = 0×00000000 (0)
Enabled = 0×00000000 (0)

Screenshots:

How to remove the infection of Antivir Solution Pro (Adware.Win32.Antivir Solution Pro)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

AntivirusGT Adware Removal Instructions

emsi — Wed, 07 Jul 2010 17:22:10 +0000

The Emsisoft malware research team has discoverd a new outbreak of the AntivirusGT adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.AntivirusGT.

AntivirusGT is a rogue security program clone of Antivirus7 or FakeAntivir, which is also a rogue application that has become widespread. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files:

%ProgramFiles%\AVGT\AntivirusGT.exe
%AllUsersProfile%\Start Menu\AVGT\AntivirusGT.lnk
%AllUsersProfile%\Start Menu\AVGT\Uninstall.lnk
%UserProfile%\Desktop\AntivirusGT.lnk

Create new registry entries:

HKEY_CURRENT_USER\software\EVA50C
HKEY_CURRENT_USER\software\WinV2
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “AVGT”

Screenshots:

How to remove the infection of AntivirusGT (Adware.Win32.AntivirusGT)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Defense Center Adware Removal Instructions

emsi — Thu, 17 Jun 2010 21:04:48 +0000

The Emsisoft malware research team has discoverd a new outbreak of the Defense Center adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.ProtectionCenter.

Defense Center is a rogue security program. This is a new variant from Protection Center, Data Protection, Digital Protection, Your Protection, User Protection, Dr. Guard , and PaladinAntivirus. This rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase. This rogue also found bundled with TDSS rootkit.

Create new files:

%ProgramFiles%\Defense Center\virus.mp3
%ProgramFiles%\Defense Center\about.ico
%ProgramFiles%\Defense Center\activate.ico
%ProgramFiles%\Defense Center\buy.ico
%ProgramFiles%\Defense Center\def.db
%ProgramFiles%\Defense Center\defcnt.exe
%ProgramFiles%\Defense Center\defext.dll
%ProgramFiles%\Defense Center\defhook.dll
%ProgramFiles%\Defense Center\help.ico
%ProgramFiles%\Defense Center\scan.ico
%ProgramFiles%\Defense Center\settings.ico
%ProgramFiles%\Defense Center\splash.mp3
%ProgramFiles%\Defense Center\Uninstall.exe
%ProgramFiles%\Defense Center\update.ico
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Defense Center.lnk
%UserProfile%\Desktop\Defense Center.lnk
%UserProfile%\Desktop\Defense Center Support.lnk
%UserProfile%\Local Settings\Temp\def.dat
%UserProfile%\Local Settings\Temp\defr.dat
%UserProfile%\Local Settings\Temp\dhdhtrdhdrtr5y
%UserProfile%\Local Settings\Temp\3c08.tmp
%UserProfile%\Local Settings\Temp\4a8f.tmp
%UserProfile%\Local Settings\Temp\4otjesjty.mof
%UserProfile%\Local Settings\Temp\23cd.tmp
%UserProfile%\Local Settings\Temp\3764.tmp
%UserProfile%\Local Settings\Temp\b8bc.tmp
%UserProfile%\Start Menu\Programs\Defense Center\Defense Center.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Scan.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Settings.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Update.lnk
%UserProfile%\Start Menu\Programs\Defense Center\About.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Activate.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Buy.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Defense Center Support.lnk

Create new/modify registry entries:

HKEY_LOCAL_MACHINE\software\Classes\*\ShellEx\ContextMenuHandlers\SimpleShlExt
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}\InprocServer32
HKEY_LOCAL_MACHINE\software\Classes\Folder\shellex\ContextMenuHandlers\SimpleShlExt
HKEY_LOCAL_MACHINE\software\Defense Center
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Defense Center
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “Defense Center”

Screenshots:

How to remove the infection of Defense Center (Adware.Win32.DefenseCenter)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

AV Security Suite Adware Removal Instructions

emsi — Fri, 11 Jun 2010 22:20:09 +0000

The Emsi Software malware research team has discoverd a new outbreak of the AV Security Suite adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.AVSecuritySuite.

AV Security Suite is a rogue security program, this is a new variant from Antivirus Suite, and Antivirus Soft. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new file:

%UserProfile%\Local Settings\Application Data\%random%\%random%.exe

Create new registry entries:

HKEY_LOCAL_MACHINE\software\avsoft
HKEY_LOCAL_MACHINE\software\avsuite
HKEY_CURRENT_USER\software\avsoft
HKEY_CURRENT_USER\software\avsuite
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “%random%”
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “%random%”

Screenshots:

How to remove the infection of AV Security Suite (Adware.Win32.AVSecuritySuite)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Protection Center Adware Removal Instructions

emsi — Wed, 09 Jun 2010 23:07:41 +0000

The Emsisoft malware research team has discoverd a new outbreak of the Protection Center adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.ProtectionCenter.

Protection Center is a rogue security program. This is a new variant from Data Protection, Digital Protection, Your Protection, User Protection, Dr. Guard , and PaladinAntivirus. This rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase. This rogue also found bundled with TDSS rootkit.

Create new files:

%ProgramFiles%\Protection Center\cntprot.exe
%ProgramFiles%\Protection Center\help.ico
%ProgramFiles%\Protection Center\scan.ico
%ProgramFiles%\Protection Center\settings.ico
%ProgramFiles%\Protection Center\splash.mp3
%ProgramFiles%\Protection Center\Uninstall.exe
%ProgramFiles%\Protection Center\update.ico
%ProgramFiles%\Protection Center\virus.mp3
%ProgramFiles%\Protection Center\about.ico
%ProgramFiles%\Protection Center\activate.ico
%ProgramFiles%\Protection Center\buy.ico
%ProgramFiles%\Protection Center\cnt.db
%ProgramFiles%\Protection Center\cntext.dll
%ProgramFiles%\Protection Center\cnthook.dll
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Protection Center.lnk
%UserProfile%\Desktop\Protection Center.lnk
%UserProfile%\Desktop\Protection Center Support.lnk
%UserProfile%\Local Settings\Temp\4otjesjty.mof
%UserProfile%\Local Settings\Temp\451d.tmp
%UserProfile%\Local Settings\Temp\3722.tmp
%UserProfile%\Local Settings\Temp\7461.tmp
%UserProfile%\Local Settings\Temp\cnt.dat
%UserProfile%\Local Settings\Temp\cntr.dat
%UserProfile%\Local Settings\Temp\dhdhtrdhdrtr5y
%UserProfile%\Local Settings\Temp\2bf7.tmp
%UserProfile%\Local Settings\Temp\4f4e.tmp
%UserProfile%\Start Menu\Programs\Protection Center\Protection Center Support.lnk
%UserProfile%\Start Menu\Programs\Protection Center\Protection Center.lnk
%UserProfile%\Start Menu\Programs\Protection Center\Scan.lnk
%UserProfile%\Start Menu\Programs\Protection Center\Settings.lnk
%UserProfile%\Start Menu\Programs\Protection Center\Update.lnk
%UserProfile%\Start Menu\Programs\Protection Center\About.lnk
%UserProfile%\Start Menu\Programs\Protection Center\Activate.lnk
%UserProfile%\Start Menu\Programs\Protection Center\Buy.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Protection Center
HKEY_LOCAL_MACHINE\software\Protection Center
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “Protection Center”

Screenshots:

How to remove the infection of Protection Center (Adware.Win32.ProtectionCenter)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

SysAntivirus Adware Removal Instructions

emsi — Sun, 06 Jun 2010 17:29:43 +0000

The Emsisoft malware research team has discoverd a new outbreak of the SysAntivirus adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.SysAntivirus.

SysAntivirus is a rogue security program, this is a new variant of XJR Antivirus, AKM Antivirus 2010 Pro and RTS Antivirus 2010. The maker of this rogue give it name as Sysinternals Antivirus. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files:

%ProgramFiles%\wp3.dat
%ProgramFiles%\wp4.dat
%ProgramFiles%\wpp.exe
%ProgramFiles%\adc_w32.dll
%ProgramFiles%\alggui.exe
%ProgramFiles%\nuar.old
%ProgramFiles%\skynet.dat
%ProgramFiles%\svchost.exe
%ProgramFiles%\Sysinternals Antivirus\Sysinternals Antivirus.exe
%UserProfile%\Desktop\Sysinternals Antivirus.lnk
%UserProfile%\Start Menu\Programs\Sysinternals Antivirus\Sysinternals Antivirus.lnk
C:\Sysinternals Antivirus\Sysinternals Antivirus.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\Classes\CLSID\{149256D5-E103-4523-BB43-2CFB066839D6}
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{149256D5-E103-4523-BB43-2CFB066839D6}\InprocServer32
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{149256D5-E103-4523-BB43-2CFB066839D6}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdbUpd
HKEY_CURRENT_USER\software\Sysinternals Antivirus
HKEY_CURRENT_USER\software\Sysinternals Antivirus\wpp
HKEY_CURRENT_USER\software\Sysinternals Antivirus\wpp\Registration
HKEY_CURRENT_USER\software\Sysinternals Antivirus\wpp\setdata
HKEY_USERS\S-1-5-18\Software\Sysinternals Antivirus
HKEY_USERS\S-1-5-18\Software\Sysinternals Antivirus\Sysinternals Antivirus
HKEY_USERS\S-1-5-18\Software\Sysinternals Antivirus\Sysinternals Antivirus\Registration
HKEY_USERS\S-1-5-18\Software\Sysinternals Antivirus\Sysinternals Antivirus\setdata

Screenshots:

How to remove the infection of SysAntivirus (Adware.Win32.SysAntivirus)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Security Master AV Adware Removal Instructions

emsi — Thu, 03 Jun 2010 20:42:48 +0000

The Emsisoft malware research team has discovered a new outbreak of the Security Master AV adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.SecurityMasterAV.

Security Master AV is a rogue security software that show false warning messages and show misleading scan results, this is another variant from My Security Engine, or CleanUP Antivirus. It will start automatically when your computer starts. The installer will also create numerous harmless files on your computer, usually at Recent folder, that are used to impersonate malware files. Once the program is running it will scan your computer and then display these files as infections, but will not allow you to remove them until you purchase the program.

Create new files:

%AllUsersProfile%\Application Data\%random%\SMAV.ico
%AllUsersProfile%\Application Data\%random%\SM%random%.exe
%AllUsersProfile%\Application Data\SM%random%AV\SM%random%AV.cfg
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Master AV.lnk
%UserProfile%\Application Data\Security Master AV\cookies.sqlite
%UserProfile%\Desktop\Security Master AV.lnk
%UserProfile%\Recent\dudl.exe
%UserProfile%\Recent\eb.tmp
%UserProfile%\Recent\fix.dll
%UserProfile%\Recent\hymt.exe
%UserProfile%\Recent\hymt.sys
%UserProfile%\Recent\kernel32.exe
%UserProfile%\Recent\kernel32.tmp
%UserProfile%\Recent\PE.tmp
%UserProfile%\Recent\ppal.sys
%UserProfile%\Recent\SICKBOY.tmp
%UserProfile%\Recent\tempdoc.exe
%UserProfile%\Recent\tjd.tmp
%UserProfile%\Recent\CLSV.exe
%UserProfile%\Recent\CLSV.sys
%UserProfile%\Start Menu\Security Master AV.lnk
%UserProfile%\Start Menu\Programs\Security Master AV.lnk

Create new registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “Security Master AV”
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\a.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aAvgApi.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AAWTray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\About.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ackwin32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Ad-Aware.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\adaware.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\advxdwin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AdwarePrj.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\agent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\agentsvr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\agentw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\alertsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\alevir.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\alogserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AlphaAV
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AlphaAV.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AluSchedulerSvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\amon9x.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\anti-trojan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Anti-Virus Professional.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntispywarXP2009.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\antivirus.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusPlus
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusPlus.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusPro_2010.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusXP
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusXP.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\antivirusxppro2009.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntiVirus_Pro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ants.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\apimonitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aplica32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\apvxdwin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\arr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Arrakis3.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashAvast.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashBug.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashChest.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashCnsnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashDisp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashLogV.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashMaiSv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashPopWz.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashQuick.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashServ.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashSimp2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashSimpl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashSkPcc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashSkPck.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashUpd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashWebSv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aswChLic.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aswRegSvr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aswRunDll.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aswUpdSv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atcon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atguard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atro55en.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atupdater.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atwatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\au.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aupdate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\auto-protect.nav80try.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\autodown.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\autotrace.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\autoupdate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\av360.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avadmin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AVCare.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avcenter.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avciman.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avconfig.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avconsol.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ave32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AVENGINE.EXE
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgcc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgchk.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgcmgr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgcsrvx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgctrl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgdumpx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgemc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgiproxy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgnsx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgrsx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgscanx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgserv9.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgsrmax.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgtray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgupd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgwdsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avkpop.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avkserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avkservice.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avkwctl9.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avltmain.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avmailc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avmcdlg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avnotify.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avp32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avpcc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avpdos32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avpm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avptc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avpupd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avsched32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avsynmgr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avupgsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AVWEBGRD.EXE
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwin95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwinnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwsc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwupd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwupd32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwupsrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avxmonitor9x.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avxmonitornt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avxquar.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\b.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\backweb.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bargains.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdfvcl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdfvwiz.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\BDInProcPatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdmcon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\BDMsnScan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdreinit.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdsubwiz.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\BDSurvey.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdtkexec.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdwizreg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bd_professional.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\beagle.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\belt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bidef.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bidserver.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bipcp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bipcpevalsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bisp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\blackd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\blackice.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\blink.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\blss.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bootconf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bootwarn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\borg2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bpc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\brasil.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\brastk.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\brw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bs120.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bspatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bundle.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bvt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\c.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cavscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ccapp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ccevtmgr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ccpxysvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ccSvcHst.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cdp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfgwiz.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfiadmin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfiaudit.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfinet.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfinet32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfpconfg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfplogvw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfpupdat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Cl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\claw95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\claw95cf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\clean.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cleaner.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cleaner3.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cleanIELow.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cleanpc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\click.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmd32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmdagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmesys.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmgrdian.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmon016.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\connectionmonitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\control
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cpd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cpf9×206.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cpfnt206.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\crashrep.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\csc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cssconfg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cssupdat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cssurf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ctrl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cwnb181.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cwntdwmo.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\d.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\datemanager.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dcomx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\defalert.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\defscangui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\defwatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\deloeminfs.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\deputy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dllcache.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dllreg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\doors.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dop.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dpf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dpfsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dpps2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\driverctrl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\drwatson.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\drweb32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\drwebupw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dssagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dvp95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dvp95_0.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ecengine.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\efpeadm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\emsw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\esafe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\escanhnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\escanv95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\espwatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ethereal.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\etrustcipe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\evpn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\exantivirus-cnet.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\exe.avxw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\expert.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\explore.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\f-agnt95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\f-prot.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\f-prot95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\f-stopw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fact.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fameh32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fast.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fch32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fih32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\findviru.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\firewall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fixcfg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fixfp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fnrb32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fp-win.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fp-win_trial.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fprot.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\frmwrk32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\frw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsaa.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav530stbyb.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav530wtbyb.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsgk32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsm32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsma32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsmb32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gator.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gbmenu.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gbn976rl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gbpoll.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\generics.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gmt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\guard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\guarddog.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\guardgui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hacktracersetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hbinst.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hbsrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\History.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\homeav2010.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hotactio.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hotpatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\htlog.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\htpatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hwpe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hxdl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hxiul.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iamapp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iamserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iamstats.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ibmasn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ibmavsp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icload95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icloadnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icsupp95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icsuppnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Identity.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\idle.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iedll.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iedriver.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\IEShow.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iface.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ifw2000.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\inetlnfo.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\infus.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\infwin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\init.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\init32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\install[1].exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\install[2].exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\install[3].exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\install[4].exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\install[5].exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\intdel.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\intren.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iomon98.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\istsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\jammer.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\jdbgmrg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\jedi.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\JsRcGen.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kavlite40eng.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kavpers40eng.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kavpf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kazza.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\keenvalue.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kerio-pf-213-en-win.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kerio-wrl-421-en-win.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kerio-wrp-421-en-win.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\killprocesssetup161.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\launcher.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ldnetmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ldpro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ldpromenu.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ldscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\licmgr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\livesrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lnetinfo.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\loader.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\localnet.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lockdown.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lockdown2000.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lookout.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lordpe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\luall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\luau.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lucomserver.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\luinit.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\luspt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\MalwareRemoval.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mapisvc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcmnhdlr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcmscsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcnasvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcproxy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\McSACore.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcshell.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcshield.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcsysmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mctool.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcupdate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcvsrte.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcvsshld.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\md.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mfin32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mfw2en.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mfweng3.02d30.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mgavrtcl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mgavrte.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mghtml.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mgui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\minilog.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mmod.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\monitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\moolive.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mostat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mpfagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mpfservice.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\MPFSrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mpftray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mrflux.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mrt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msa.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msapp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msbb.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msblast.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mscache.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msccn32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mscman.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msconfig
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msdm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msdos.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msfwsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msiexec16.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mslaugh.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmgt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\MsMpEng.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmsgri32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mssmmc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mssys.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msvxd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mu0311ad.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mwatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\n32scanw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navap.navapsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navapsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navapw32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navdx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navlu32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navstub.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navw32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navwnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nc2000.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ncinst4.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ndd32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\neomonitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\neowatchlog.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netarmor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netd32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netinfo.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netscanpro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netspyhunter-1.2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netutils.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nisserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nisum.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nmain.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nod32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\normist.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\norton_internet_secu_3.0_407.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\notstart.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\npf40_tw_98_nt_me_2k.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\npfmessenger.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nprotect.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\npscheck.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\npssvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nsched32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nssys32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nstask32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nsupdate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ntrtscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ntvdm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ntxconfig.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nupgrade.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nvarch16.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nvc95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nvsvc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nwinst4.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nwservice.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nwtool16.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\OAcat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\OAhlp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\OAReg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\oasrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\oaui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\oaview.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\OcHealthMon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ODSW.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ollydbg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\onsrvr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\optimize.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ostronet.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\otfix.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\outpost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\outpostinstall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\outpostproinstall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ozn695m5.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\padmin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\panixk.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\patch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavcl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PavFnSvr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavproxy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavprsrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavsched.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavsrv51.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pccwin98.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pcfwallicon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pcip10117_0.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pcscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsAuxs.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsGui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsSvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsTray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PC_Antispyware2010.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pdfndr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pdsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PerAvir.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\periscope.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\persfw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\personalguard
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\personalguard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\perswf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pf2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pfwadmin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pgmonitr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pingscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\platin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pop3trap.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\poproxy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\popscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\portdetective.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\portmonitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\powerscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ppinupdt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pptbc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ppvstop.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\prizesurfer.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\prmt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\prmvr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\procdump.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\processmonitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\procexplorerv1.0.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\programauditor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\proport.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\protector.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\protectx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PSANCU.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PSANHost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PSANToManager.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PsCtrls.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PsImSvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PskSvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pspf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PSUNMain.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\purge.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\qconsole.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\qh.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\qserver.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Quick Heal.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\QuickHealCleaner.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rapapp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rav7.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rav7win.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rav8win32eng.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rb32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rcsync.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\realmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\reged.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\regedt32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rescue.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rescue32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rrguard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rscdwld.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rshell.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rtvscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rtvscn95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rulaunch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rwg
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rwg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SafetyKeeper.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\safeweb.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sahagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Save.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SaveArmor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SaveDefense.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SaveKeep.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\savenow.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sbserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scam32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scan32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scan95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scanpm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scrscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\seccenter.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Secure Veteran.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\secureveteran.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Security Center.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SecurityFighter.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\securitysoldier.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\serv95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\setloadorder.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\setupvameeval.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\setup_flowprotector_us.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sgssfw32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sh.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\shellspyinstall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\shield.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\shn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\showbehind.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\signcheck.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smart.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smartprotector.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smrtdefp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sms.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smss32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\snetcfg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\soap.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sofi.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SoftSafeness.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sperm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sphinx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spoler.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spoolcv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spoolsv32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spywarexpguard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spyxx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\srexe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\srng.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ss3edit.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ssgrate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ssg_4104.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\st2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\start.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\stcloader.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\supftrl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\support.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\supporter5.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\svc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\svchostc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\svchosts.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\svshost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sweep95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sweepnet.sweepsrv.sys.swnetsup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\symlcsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\symproxysvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\symtray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\system.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\system32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sysupd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\taskmgr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\taumon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tbscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tca.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tcm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tds-3.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tds2-98.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tds2-nt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\teekids.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tfak.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tfak5.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tgbob.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\titanin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\titaninxp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\TPSrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\trickler.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\trjscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\trjsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\trojantrap3.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\TrustWarrior.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tsadbot.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tsc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tvmd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tvtmd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\uiscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\undoboot.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\updat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\upgrad.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\upgrepl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\utpost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbcmserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbcons.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbust.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbwin9x.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbwinntw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vcsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vet32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vet95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vettray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vfsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vir-help.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\virusmdpersonalfirewall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\VisthAux.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\VisthLic.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\VisthUpd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vnlan300.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vnpc3000.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vpc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vpc42.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vpfw30s.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vptray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vscan40.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vscenu6.02d30.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsched.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsecomr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vshwin32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsisetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsmain.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsstat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vswin9xe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vswinntse.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vswinperse.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\w32dsm89.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\W3asbas.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\w9x.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\watchdog.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\webdav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\WebProxy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\webscanx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\webtrap.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wfindv32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\whoswatchingme.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wimmun32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\win-bugsfix.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\win32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\win32us.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winactive.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\windll32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\window.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\windows Police Pro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\windows.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wininetd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wininitx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winlogin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winmain.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winppr32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winrecon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winservn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winss.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winssk32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winssnotify.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\WinSSUI.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winstart.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winstart001.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wintsk32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winupdate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wkufind.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wnad.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wradmin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wrctrl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wsbgate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wscfxas.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wscfxav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wscfxfw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wsctool.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wupdater.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wupdt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wyvernworksfirewall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\xpdeluxe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\xpf202en.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\xp_antispyware.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zapro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zapsetup3001.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zatutor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zonalm2601.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zonealarm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\_avpcc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\_avpm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\~1.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\~2.exe

Modify hosts file:

127.0.0.1 localhost
74.125.45.100 4-open-davinci.com
74.125.45.100 securitysoftwarepayments.com
74.125.45.100 privatesecuredpayments.com
74.125.45.100 secure.privatesecuredpayments.com
74.125.45.100 getantivirusplusnow.com
74.125.45.100 secure-plus-payments.com
74.125.45.100 www.getantivirusplusnow.com
74.125.45.100 www.secure-plus-payments.com
74.125.45.100 www.getavplusnow.com
74.125.45.100 safebrowsing-cache.google.com
74.125.45.100 urs.microsoft.com
74.125.45.100 www.securesoftwarebill.com
74.125.45.100 secure.paysecuresystem.com
74.125.45.100 paysoftbillsolution.com
74.125.45.100 protected.maxisoftwaremart.com
173.236.107.243 www.google.com
173.236.107.243 google.com
173.236.107.243 google.com.au
173.236.107.243 www.google.com.au
173.236.107.243 google.be
173.236.107.243 www.google.be
173.236.107.243 google.com.br
173.236.107.243 www.google.com.br
173.236.107.243 google.ca
173.236.107.243 www.google.ca
173.236.107.243 google.ch
173.236.107.243 www.google.ch
173.236.107.243 google.de
173.236.107.243 www.google.de
173.236.107.243 google.dk
173.236.107.243 www.google.dk
173.236.107.243 google.fr
173.236.107.243 www.google.fr
173.236.107.243 google.ie
173.236.107.243 www.google.ie
173.236.107.243 google.it
173.236.107.243 www.google.it
173.236.107.243 google.co.jp
173.236.107.243 www.google.co.jp
173.236.107.243 google.nl
173.236.107.243 www.google.nl
173.236.107.243 google.no
173.236.107.243 www.google.no
173.236.107.243 google.co.nz
173.236.107.243 www.google.co.nz
173.236.107.243 google.pl
173.236.107.243 www.google.pl
173.236.107.243 google.se
173.236.107.243 www.google.se
173.236.107.243 google.co.uk
173.236.107.243 www.google.co.uk
173.236.107.243 google.co.za
173.236.107.243 www.google.co.za
173.236.107.243 www.google-analytics.com
173.236.107.243 www.bing.com
173.236.107.243 search.yahoo.com
173.236.107.243 www.search.yahoo.com
173.236.107.243 uk.search.yahoo.com
173.236.107.243 ca.search.yahoo.com
173.236.107.243 de.search.yahoo.com
173.236.107.243 fr.search.yahoo.com
173.236.107.243 au.search.yahoo.com

Screenshots:

How to remove the infection of Security Master AV (Adware.Win32.SecurityMasterAV)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Win Antispyware Center Adware Removal Instructions

emsi — Fri, 28 May 2010 06:07:59 +0000

The Emsisoft malware research team has discoverd a new outbreak of the Win Antispyware Center adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WinAntispywareCenter.

Win Antispyware Center is a rogue security program. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files:

%ProgramFiles%\WinAntispywareCenter\av.exe
%UserProfile%\Local Settings\Temp\10.tmp

Create or modify registry entries:

HKEY_LOCAL_MACHINE\software\Classes\secfile
HKEY_LOCAL_MACHINE\software\Classes\secfile\DefaultIcon
HKEY_LOCAL_MACHINE\software\Classes\secfile\shell
HKEY_LOCAL_MACHINE\software\Classes\secfile\shell\open
HKEY_LOCAL_MACHINE\software\Classes\secfile\shell\open\command
HKEY_LOCAL_MACHINE\software\Classes\secfile\shell\runas
HKEY_LOCAL_MACHINE\software\Classes\secfile\shell\runas\command
HKEY_LOCAL_MACHINE\software\Classes\secfile\shell\start
HKEY_LOCAL_MACHINE\software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\software\Win Antispyware Center
HKEY_LOCAL_MACHINE\software\Classes\.exe\shell\open\command
(Default) = “C:\Program Files\WinAntispywareCenter\av.exe” /START “%1″ %*
IsolatedCommand = “%1″ %*
HKEY_LOCAL_MACHINE\software\Classes\secfile\shell\open\command
(Default) = “C:\Program Files\WinAntispywareCenter\av.exe” /START “%1″ %*
IsolatedCommand = “%1″ %*
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run
Win Antispyware Center = C:\Program Files\WinAntispywareCenter\av.exe
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run
Win Antispyware Center = C:\Program Files\WinAntispywareCenter\av.exe

Screenshots:

How to remove the infection of Win Antispyware Center (Adware.Win32.WinAntispywareCenter)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

XJR Antivirus Adware Removal Instructions

emsi — Wed, 26 May 2010 06:56:56 +0000

The Emsisoft malware research team has discoverd a new outbreak of the XJR Antivirus adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.XJRAntivirus.

XJR Antivirus is a rogue security program, this is a new variant of AKM Antivirus 2010 Pro and RTS Antivirus 2010. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files:

%ProgramFiles%\wp4.dat
%ProgramFiles%\adc_w32.dll
%ProgramFiles%\alggui.exe
%ProgramFiles%\skynet.dat
%ProgramFiles%\svchost.exe
%ProgramFiles%\wp3.dat
%ProgramFiles%\XJR Antivirus\XJR Antivirus.exe
%UserProfile%\Desktop\XJR Antivirus.lnk
%UserProfile%\Start Menu\Programs\XJR Antivirus\XJR Antivirus.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\Classes\CLSID\{149256D5-E103-4523-BB43-2CFB066839D6}
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{149256D5-E103-4523-BB43-2CFB066839D6}\InprocServer32
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{149256D5-E103-4523-BB43-2CFB066839D6}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdbUpd
HKEY_CURRENT_USER\software\XJR Antivirus
HKEY_CURRENT_USER\software\XJR Antivirus\wpp
HKEY_CURRENT_USER\software\XJR Antivirus\wpp\Registration
HKEY_CURRENT_USER\software\XJR Antivirus\wpp\setdata
HKEY_CURRENT_USER\software\XJR Antivirus\XJR Antivirus
HKEY_CURRENT_USER\software\XJR Antivirus\XJR Antivirus\Registration
HKEY_CURRENT_USER\software\XJR Antivirus\XJR Antivirus\setdata

Modify registry entry:

HKEY_LOCAL_MACHINE\software\Classes\exefile\shell\open\command
Old: = “%1″ %*
New: = C:\Program Files\alggui.exe “%1″ %*

Screenshots:

How to remove the infection of XJR Antivirus (Adware.Win32.XJRAntivirus)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

ByteDefender Adware Removal Instructions

emsi — Thu, 20 May 2010 16:29:23 +0000

The Emsisoft malware research team has discoverd a new outbreak of the ByteDefender adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.ByteDefender.

ByteDefender is a rogue security program. This is a new variant from Winiguard/Winisoft family. The author of ByteDefender also made SystemIron, SecurePcAv, SafePcAv, GuardWWW, MyPcSecure, PcSecureNet, PcsSecure, APcSafe, APcSecure, ProtectSoldier, ProtectDefender, ArmorDefender, DefendAPc, SysDefenders, InSysSecure, SysProtector, APcDefender, PcProtectar, PcsProtector,… etc. To further convince victim, SystemIron will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

%ProgramFiles%\ByteDefender Software\ByteDefender\ByteDefender.exe
%ProgramFiles%\ByteDefender Software\ByteDefender\Uninstall.exe
%ProgramFiles%\ByteDefender Software\ByteDefender\always_delete.xml
%ProgramFiles%\ByteDefender Software\ByteDefender\always_skip.xml
%ProgramFiles%\ByteDefender Software\ByteDefender\quarantine\quarantine.xml
%AllUsersProfile%\Start Menu\Programs\ByteDefender.lnk
%UserProfile%\Desktop\ByteDefender.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\ByteDefender
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\ByteDefender
HKEY_CURRENT_USER\software\ByteDefender
HKEY_CURRENT_USER\software\ByteDefender\agents
HKEY_CURRENT_USER\software\ByteDefender\general
HKEY_CURRENT_USER\software\ByteDefender\realtime
HKEY_CURRENT_USER\software\ByteDefender\scanner
HKEY_CURRENT_USER\software\ByteDefender\tasks
HKEY_CURRENT_USER\software\ByteDefender\tasks\0
HKEY_CURRENT_USER\software\ByteDefender\tasks\1
HKEY_CURRENT_USER\software\ByteDefender\updates
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “ByteDefender”
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “ByteDefender”

Screenshots:

How to remove the infection of ByteDefender (Adware.Win32.ByteDefender)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

FakeCopyright Adware Removal Instructions

emsi — Wed, 19 May 2010 09:51:57 +0000

The Emsisoft malware research team has discoverd a new outbreak of the FakeCopyright adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.FakeCopyright.

FakeCopyright trying to force users to pay a fee for illegal or copyrighted material that installed on the user computer. Once installed, this program will run automatically when starting Windows and shows a window like this:

Create new files:

%UserProfile%\Application Data\APManager\wallpaper.jpg
%UserProfile%\Application Data\APManager\apmanager.exe
%UserProfile%\Application Data\APManager\files
%UserProfile%\Application Data\APManager\iplog
%UserProfile%\Application Data\APManager\ispinfo
%UserProfile%\Application Data\APManager\settings.ini
%UserProfile%\Application Data\APManager\uninstall.exe
%UserProfile%\Application Data\APManager\languages\French.lng
%UserProfile%\Application Data\APManager\languages\German.lng
%UserProfile%\Application Data\APManager\languages\Italian.lng
%UserProfile%\Application Data\APManager\languages\Portuguese.lng
%UserProfile%\Application Data\APManager\languages\Slovak.lng
%UserProfile%\Application Data\APManager\languages\Spanish.lng
%UserProfile%\Application Data\APManager\languages\template.lng
%UserProfile%\Application Data\APManager\languages\Czech.lng
%UserProfile%\Application Data\APManager\languages\Danish.lng
%UserProfile%\Application Data\APManager\languages\Dutch.lng
%UserProfile%\Application Data\APManager\languages\English.lng
%UserProfile%\Desktop\AP Manager.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\APManager
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “apmanager.exe”

How to remove the infection of FakeCopyright (Adware.Win32.FakeCopyright)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Data Protection Adware Removal Instructions

emsi — Sat, 15 May 2010 13:59:05 +0000

The Emsisoft malware research team has discoverd a new outbreak of the Data Protection adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.DataProtection.

Data Protection is a rogue security program. This is a new variant from Digital Protection, Your Protection, User Protection, Dr. Guard , and PaladinAntivirus. This rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files:

%ProgramFiles%\Data Protection\virus.mp3
%ProgramFiles%\Data Protection\about.ico
%ProgramFiles%\Data Protection\activate.ico
%ProgramFiles%\Data Protection\buy.ico
%ProgramFiles%\Data Protection\dat.db
%ProgramFiles%\Data Protection\datext.dll
%ProgramFiles%\Data Protection\dathook.dll
%ProgramFiles%\Data Protection\datprot.exe
%ProgramFiles%\Data Protection\help.ico
%ProgramFiles%\Data Protection\scan.ico
%ProgramFiles%\Data Protection\settings.ico
%ProgramFiles%\Data Protection\splash.mp3
%ProgramFiles%\Data Protection\Uninstall.exe
%ProgramFiles%\Data Protection\update.ico
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Data Protection.lnk
%UserProfile%\Desktop\Data Protection.lnk
%UserProfile%\Desktop\Data Protection Support.lnk
%UserProfile%\Start Menu\Programs\Data Protection\Update.lnk
%UserProfile%\Start Menu\Programs\Data Protection\About.lnk
%UserProfile%\Start Menu\Programs\Data Protection\Activate.lnk
%UserProfile%\Start Menu\Programs\Data Protection\Buy.lnk
%UserProfile%\Start Menu\Programs\Data Protection\Data Protection Support.lnk
%UserProfile%\Start Menu\Programs\Data Protection\Data Protection.lnk
%UserProfile%\Start Menu\Programs\Data Protection\Scan.lnk
%UserProfile%\Start Menu\Programs\Data Protection\Settings.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\Classes\*\ShellEx\ContextMenuHandlers\SimpleShlExt
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}\InprocServer32
HKEY_LOCAL_MACHINE\software\Classes\Folder\shellex\ContextMenuHandlers\SimpleShlExt
HKEY_LOCAL_MACHINE\software\Data Protection
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Data Protection
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “Data Protection”

Screenshots:

How to remove the infection of Data Protection (Adware.Win32.DataProtection)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

FakeSecurityEssentials Adware Removal Instructions

emsi — Fri, 14 May 2010 06:55:26 +0000

The Emsisoft malware research team has discoverd a new outbreak of the FakeSecurityEssentials adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.FakeSecurityEssentials.

FakeSecurityEssentials is a rogue security program, that try to deceives the user with a GUI similar to Microsoft Security Essentials. A rogue security program tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

How to remove the infection of FakeSecurityEssentials (Adware.Win32.FakeSecurityEssentials)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

RTS Antivirus 2010 Pro Adware Removal Instructions

emsi — Tue, 11 May 2010 11:15:10 +0000

The Emsisoft malware research team has discoverd a new outbreak of the RTS Antivirus 2010 adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.RTSAntivirus2010.

RTS Antivirus 2010 is a rogue security program, come from hxxp://www.rtsantivirus2010. com. This is another variant from AKM Antivirus 2010 Pro. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files:

%ProgramFiles%\RST Antivirus 2010\WININET.dll
%ProgramFiles%\RST Antivirus 2010\comdlg32.dll
%ProgramFiles%\RST Antivirus 2010\dwmapi.dll
%ProgramFiles%\RST Antivirus 2010\libclamav.dll
%ProgramFiles%\RST Antivirus 2010\oledlg.dll
%ProgramFiles%\RST Antivirus 2010\pthreadVC2.dll
%ProgramFiles%\RST Antivirus 2010\RST Antivirus 2010.exe
%ProgramFiles%\RST Antivirus 2010\uninstall.bat
%UserProfile%\Application Data\RST Antivirus 2010\WinDefPro.dat
%UserProfile%\Application Data\RST Antivirus 2010\db\daily.cvd
%UserProfile%\Desktop\RST Antivirus 2010.lnk
%UserProfile%\Start Menu\Programs\RST Antivirus 2010\Uninstall RST Antivirus 2010.lnk
%UserProfile%\Start Menu\Programs\RST Antivirus 2010\RST Antivirus 2010.lnk

Screenshots:

How to remove the infection of RTS Antivirus 2010 (Adware.Win32.RTSAntivirus2010)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

AKM Antivirus 2010 Pro Adware Removal Instructions

emsi — Fri, 07 May 2010 09:27:12 +0000

The Emsisoft malware research team has discoverd a new outbreak of the AKM Antivirus 2010 Pro adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.AKMAntivirus2010Pro.

AKM Antivirus 2010 Pro is a rogue security program. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files:

%ProgramFiles%\skynet.dat
%ProgramFiles%\svchost.exe
%ProgramFiles%\wp3.dat
%ProgramFiles%\wp4.dat
%ProgramFiles%\adc32.dll
%ProgramFiles%\alggui.exe
%ProgramFiles%\nuar.old
%ProgramFiles%\AKM Antivirus 2010 Pro\AKM Antivirus 2010 Pro.exe
%UserProfile%\Desktop\AKM Antivirus 2010 Pro.lnk
%UserProfile%\Start Menu\Programs\AKM Antivirus 2010 Pro\AKM Antivirus 2010 Pro.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\Classes\CLSID\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}\InprocServer32
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdbUpd
HKEY_CURRENT_USER\software\AKM Antivirus 2010 Pro
HKEY_CURRENT_USER\software\AKM Antivirus 2010 Pro\PC_protect
HKEY_CURRENT_USER\software\AKM Antivirus 2010 Pro\PC_protect\Registration
HKEY_CURRENT_USER\software\AKM Antivirus 2010 Pro\PC_protect\setdata

Screenshots:

How to remove the infection of AKM Antivirus 2010 Pro (Adware.Win32.AKMAntivirus2010Pro)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

PCommander Adware Removal Instructions

emsi — Fri, 07 May 2010 09:08:06 +0000

The Emsisoft malware research team has discoverd a new outbreak of the PCommander adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.PCommander.

PCommander is a rogue security program, this is a new variant from Control Components / Control Center. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files:

%UserProfile%\Application Data\PCommander\settings.ini
%UserProfile%\Application Data\PCommander\uninstall.exe
%UserProfile%\Application Data\PCommander\ccagent.exe
%UserProfile%\Application Data\PCommander\ccmain.exe
%UserProfile%\Application Data\PCommander\faq\guide.html
%UserProfile%\Application Data\PCommander\faq\images\06.png
%UserProfile%\Application Data\PCommander\faq\images\07.png
%UserProfile%\Application Data\PCommander\faq\images\08.png
%UserProfile%\Application Data\PCommander\faq\images\09.png
%UserProfile%\Application Data\PCommander\faq\images\10.png
%UserProfile%\Application Data\PCommander\faq\images\05.png
%UserProfile%\Desktop\PCommander.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCommander
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “ccagent.exe”

Screenshots:

How to remove the infection of PCommander (Adware.Win32.PCommander)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

A-fast Antivirus Adware Removal Instructions

emsi — Thu, 06 May 2010 05:23:32 +0000

The Emsisoft malware research team has discoverd a new outbreak of the A-fast Antivirus adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.AFastAntivirus.

A-fast Antivirus is a rogue security program come from hxxp://www.a-fast .com. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files:

%ProgramFiles%\A-fast\A-fast.exe
%UserProfile%\Desktop\A-fast Antivirus.lnk

Create new registry entries:

HKEY_CURRENT_USER\software\A-fast
HKEY_CURRENT_USER\software\A-fast\Activation
HKEY_CURRENT_USER\software\A-fast\Security
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “fast”

Screenshots:

How to remove the infection of A-fast Antivirus (Adware.Win32.AFastAntivirus)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

ACommander Adware Removal Instructions

emsi — Thu, 06 May 2010 04:44:33 +0000

The Emsisoft malware research team has discoverd a new outbreak of the ACommander adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.ACommander.

ACommander is a rogue security program, this is a new variant from Control Components / Control Center. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files:

%UserProfile%\Application Data\ACommander\settings.ini
%UserProfile%\Application Data\ACommander\uninstall.exe
%UserProfile%\Application Data\ACommander\ccagent.exe
%UserProfile%\Application Data\ACommander\ccmain.exe
%UserProfile%\Application Data\ACommander\faq\guide.html
%UserProfile%\Application Data\ACommander\faq\images\06.png
%UserProfile%\Application Data\ACommander\faq\images\07.png
%UserProfile%\Application Data\ACommander\faq\images\08.png
%UserProfile%\Application Data\ACommander\faq\images\09.png
%UserProfile%\Application Data\ACommander\faq\images\10.png
%UserProfile%\Application Data\ACommander\faq\images\05.png
%UserProfile%\Desktop\ACommander.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ACommander
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “ccagent.exe”

Screenshots:

How to remove the infection of ACommander (Adware.Win32.ACommander)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

My Security Engine Adware Removal Instructions

emsi — Thu, 29 Apr 2010 09:14:51 +0000

The Emsisoft malware research team has discovered a new outbreak of the My Security Engine adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.MySecurityEngine.

My Security Engine is a rogue security software that show false warning messages and show misleading scan results, this is another variant from CleanUP Antivirus. It will start automatically when your computer starts. The installer will also create numerous harmless files on your computer, usually at Recent folder, that are used to impersonate malware files. Once the program is running it will scan your computer and then display these files as infections, but will not allow you to remove them until you purchase the program.

Create new files:

%AllUsersProfile%\Application Data\%random%\MSE.ico
%AllUsersProfile%\Application Data\%random%\MSf4c.exe
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\My Security Engine.lnk
%UserProfile%\Application Data\My Security Engine\cookies.sqlite
%UserProfile%\Application Data\My Security Engine\Instructions.ini
%UserProfile%\Desktop\My Security Engine.lnk
%UserProfile%\Recent\snl2w.dll
%UserProfile%\Recent\snl2w.drv
%UserProfile%\Recent\std.exe
%UserProfile%\Recent\std.tmp
%UserProfile%\Recent\cid.tmp
%UserProfile%\Recent\DBOLE.tmp
%UserProfile%\Recent\eb.dll
%UserProfile%\Recent\eb.tmp
%UserProfile%\Recent\energy.exe
%UserProfile%\Recent\exec.sys
%UserProfile%\Recent\fix.dll
%UserProfile%\Recent\fix.drv
%UserProfile%\Recent\FW.exe
%UserProfile%\Recent\pal.drv
%UserProfile%\Recent\PE.dll
%UserProfile%\Recent\runddlkey.sys
%UserProfile%\Start Menu\My Security Engine.lnk
%UserProfile%\Start Menu\Programs\My Security Engine.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\a.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aAvgApi.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AAWTray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\About.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ackwin32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Ad-Aware.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\adaware.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\advxdwin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AdwarePrj.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\agent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\agentsvr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\agentw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\alertsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\alevir.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\alogserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AlphaAV
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AlphaAV.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AluSchedulerSvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\amon9x.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\anti-trojan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Anti-Virus Professional.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntispywarXP2009.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\antivirus.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusPlus
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusPlus.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusPro_2010.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusXP
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusXP.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\antivirusxppro2009.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntiVirus_Pro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ants.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\apimonitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aplica32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\apvxdwin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\arr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Arrakis3.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashAvast.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashBug.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashChest.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashCnsnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashDisp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashLogV.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashMaiSv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashPopWz.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashQuick.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashServ.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashSimp2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashSimpl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashSkPcc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashSkPck.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashUpd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashWebSv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aswChLic.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aswRegSvr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aswRunDll.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aswUpdSv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atcon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atguard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atro55en.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atupdater.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atwatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\au.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aupdate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\auto-protect.nav80try.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\autodown.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\autotrace.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\autoupdate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\av360.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avadmin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AVCare.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avcenter.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avciman.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avconfig.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avconsol.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ave32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AVENGINE.EXE
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgcc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgchk.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgcmgr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgcsrvx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgctrl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgdumpx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgemc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgiproxy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgnsx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgrsx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgscanx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgserv9.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgsrmax.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgtray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgupd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgwdsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avkpop.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avkserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avkservice.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avkwctl9.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avltmain.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avmailc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avmcdlg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avnotify.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avp32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avpcc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avpdos32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avpm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avptc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avpupd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avsched32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avsynmgr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avupgsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AVWEBGRD.EXE
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwin95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwinnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwsc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwupd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwupd32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwupsrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avxmonitor9x.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avxmonitornt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avxquar.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\b.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\backweb.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bargains.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdfvcl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdfvwiz.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\BDInProcPatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdmcon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\BDMsnScan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdreinit.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdsubwiz.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\BDSurvey.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdtkexec.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdwizreg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bd_professional.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\beagle.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\belt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bidef.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bidserver.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bipcp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bipcpevalsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bisp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\blackd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\blackice.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\blink.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\blss.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bootconf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bootwarn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\borg2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bpc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\brasil.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\brastk.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\brw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bs120.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bspatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bundle.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bvt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\c.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cavscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ccapp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ccevtmgr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ccpxysvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ccSvcHst.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cdp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfgwiz.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfiadmin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfiaudit.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfinet.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfinet32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfpconfg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfplogvw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfpupdat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Cl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\claw95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\claw95cf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\clean.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cleaner.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cleaner3.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cleanIELow.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cleanpc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\click.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmd32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmdagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmesys.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmgrdian.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmon016.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\connectionmonitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\control
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cpd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cpf9×206.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cpfnt206.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\crashrep.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\csc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cssconfg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cssupdat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cssurf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ctrl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cwnb181.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cwntdwmo.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\d.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\datemanager.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dcomx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\defalert.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\defscangui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\defwatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\deloeminfs.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\deputy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dllcache.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dllreg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\doors.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dop.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dpf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dpfsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dpps2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\driverctrl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\drwatson.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\drweb32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\drwebupw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dssagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dvp95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dvp95_0.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ecengine.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\efpeadm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\emsw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\esafe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\escanhnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\escanv95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\espwatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ethereal.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\etrustcipe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\evpn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\exantivirus-cnet.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\exe.avxw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\expert.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\explore.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\f-agnt95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\f-prot.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\f-prot95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\f-stopw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fact.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fameh32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fast.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fch32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fih32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\findviru.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\firewall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fixcfg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fixfp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fnrb32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fp-win.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fp-win_trial.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fprot.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\frmwrk32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\frw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsaa.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav530stbyb.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav530wtbyb.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsgk32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsm32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsma32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsmb32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gator.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gbmenu.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gbn976rl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gbpoll.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\generics.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gmt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\guard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\guarddog.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\guardgui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hacktracersetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hbinst.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hbsrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\History.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\homeav2010.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hotactio.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hotpatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\htlog.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\htpatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hwpe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hxdl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hxiul.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iamapp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iamserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iamstats.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ibmasn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ibmavsp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icload95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icloadnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icsupp95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icsuppnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Identity.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\idle.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iedll.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iedriver.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\IEShow.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iface.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ifw2000.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\inetlnfo.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\infus.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\infwin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\init.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\init32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\install[1].exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\install[2].exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\install[3].exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\install[4].exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\install[5].exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\intdel.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\intren.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iomon98.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\istsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\jammer.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\jdbgmrg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\jedi.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\JsRcGen.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kavlite40eng.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kavpers40eng.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kavpf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kazza.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\keenvalue.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kerio-pf-213-en-win.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kerio-wrl-421-en-win.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kerio-wrp-421-en-win.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\killprocesssetup161.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\launcher.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ldnetmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ldpro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ldpromenu.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ldscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\licmgr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\livesrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lnetinfo.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\loader.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\localnet.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lockdown.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lockdown2000.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lookout.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lordpe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\luall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\luau.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lucomserver.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\luinit.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\luspt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\MalwareRemoval.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mapisvc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcmnhdlr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcmscsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcnasvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcproxy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\McSACore.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcshell.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcshield.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcsysmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mctool.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcupdate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcvsrte.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcvsshld.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\md.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mfin32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mfw2en.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mfweng3.02d30.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mgavrtcl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mgavrte.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mghtml.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mgui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\minilog.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mmod.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\monitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\moolive.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mostat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mpfagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mpfservice.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\MPFSrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mpftray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mrflux.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mrt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msa.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msapp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msbb.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msblast.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mscache.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msccn32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mscman.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msconfig
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msdm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msdos.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msfwsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msiexec16.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mslaugh.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmgt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\MsMpEng.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmsgri32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mssmmc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mssys.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msvxd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mu0311ad.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mwatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\n32scanw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navap.navapsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navapsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navapw32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navdx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navlu32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navstub.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navw32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navwnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nc2000.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ncinst4.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ndd32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\neomonitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\neowatchlog.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netarmor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netd32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netinfo.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netscanpro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netspyhunter-1.2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netutils.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nisserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nisum.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nmain.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nod32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\normist.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\norton_internet_secu_3.0_407.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\notstart.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\npf40_tw_98_nt_me_2k.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\npfmessenger.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nprotect.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\npscheck.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\npssvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nsched32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nssys32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nstask32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nsupdate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ntrtscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ntvdm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ntxconfig.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nupgrade.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nvarch16.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nvc95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nvsvc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nwinst4.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nwservice.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nwtool16.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\OAcat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\OAhlp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\OAReg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\oasrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\oaui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\oaview.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\OcHealthMon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ODSW.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ollydbg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\onsrvr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\optimize.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ostronet.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\otfix.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\outpost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\outpostinstall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\outpostproinstall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ozn695m5.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\padmin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\panixk.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\patch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavcl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PavFnSvr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavproxy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavprsrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavsched.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavsrv51.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pccwin98.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pcfwallicon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pcip10117_0.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pcscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsAuxs.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsGui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsSvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsTray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PC_Antispyware2010.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pdfndr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pdsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PerAvir.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\periscope.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\persfw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\personalguard
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\personalguard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\perswf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pf2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pfwadmin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pgmonitr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pingscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\platin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pop3trap.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\poproxy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\popscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\portdetective.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\portmonitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\powerscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ppinupdt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pptbc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ppvstop.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\prizesurfer.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\prmt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\prmvr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\procdump.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\processmonitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\procexplorerv1.0.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\programauditor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\proport.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\protector.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\protectx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PSANCU.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PSANHost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PSANToManager.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PsCtrls.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PsImSvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PskSvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pspf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PSUNMain.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\purge.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\qconsole.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\qh.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\qserver.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Quick Heal.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\QuickHealCleaner.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rapapp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rav7.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rav7win.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rav8win32eng.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rb32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rcsync.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\realmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\reged.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\regedt32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rescue.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rescue32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rrguard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rscdwld.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rshell.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rtvscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rtvscn95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rulaunch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rwg
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rwg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SafetyKeeper.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\safeweb.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sahagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Save.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SaveArmor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SaveDefense.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SaveKeep.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\savenow.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sbserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scam32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scan32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scan95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scanpm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scrscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\seccenter.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Secure Veteran.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\secureveteran.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Security Center.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SecurityFighter.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\securitysoldier.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\serv95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\setloadorder.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\setupvameeval.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\setup_flowprotector_us.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sgssfw32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sh.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\shellspyinstall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\shield.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\shn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\showbehind.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\signcheck.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smart.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smartprotector.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smrtdefp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sms.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smss32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\snetcfg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\soap.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sofi.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SoftSafeness.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sperm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sphinx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spoler.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spoolcv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spoolsv32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spywarexpguard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spyxx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\srexe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\srng.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ss3edit.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ssgrate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ssg_4104.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\st2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\start.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\stcloader.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\supftrl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\support.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\supporter5.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\svc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\svchostc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\svchosts.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\svshost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sweep95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sweepnet.sweepsrv.sys.swnetsup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\symlcsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\symproxysvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\symtray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\system.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\system32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sysupd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\taskmgr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\taumon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tbscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tca.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tcm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tds-3.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tds2-98.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tds2-nt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\teekids.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tfak.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tfak5.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tgbob.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\titanin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\titaninxp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\TPSrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\trickler.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\trjscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\trjsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\trojantrap3.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\TrustWarrior.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tsadbot.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tsc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tvmd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tvtmd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\uiscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\undoboot.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\updat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\upgrad.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\upgrepl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\utpost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbcmserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbcons.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbust.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbwin9x.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbwinntw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vcsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vet32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vet95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vettray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vfsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vir-help.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\virusmdpersonalfirewall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\VisthAux.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\VisthLic.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\VisthUpd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vnlan300.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vnpc3000.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vpc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vpc42.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vpfw30s.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vptray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vscan40.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vscenu6.02d30.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsched.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsecomr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vshwin32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsisetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsmain.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsstat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vswin9xe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vswinntse.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vswinperse.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\w32dsm89.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\W3asbas.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\w9x.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\watchdog.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\webdav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\WebProxy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\webscanx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\webtrap.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wfindv32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\whoswatchingme.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wimmun32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\win-bugsfix.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\win32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\win32us.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winactive.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\windll32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\window.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\windows Police Pro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\windows.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wininetd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wininitx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winlogin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winmain.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winppr32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winrecon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winservn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winss.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winssk32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winssnotify.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\WinSSUI.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winstart.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winstart001.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wintsk32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winupdate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wkufind.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wnad.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wradmin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wrctrl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wsbgate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wscfxas.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wscfxav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wscfxfw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wsctool.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wupdater.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wupdt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wyvernworksfirewall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\xpdeluxe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\xpf202en.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\xp_antispyware.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zapro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zapsetup3001.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zatutor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zonalm2601.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zonealarm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\_avpcc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\_avpm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\~1.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\~2.exe
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “My Security Engine”

Modify hosts file:

127.0.0.1 localhost
74.125.45.100 4-open-davinci.com
74.125.45.100 securitysoftwarepayments.com
74.125.45.100 privatesecuredpayments.com
74.125.45.100 secure.privatesecuredpayments.com
74.125.45.100 getantivirusplusnow.com
74.125.45.100 secure-plus-payments.com
74.125.45.100 www.getantivirusplusnow.com
74.125.45.100 www.secure-plus-payments.com
74.125.45.100 www.getavplusnow.com
74.125.45.100 safebrowsing-cache.google.com
74.125.45.100 urs.microsoft.com
74.125.45.100 www.securesoftwarebill.com
74.125.45.100 secure.paysecuresystem.com
74.125.45.100 paysoftbillsolution.com
74.125.45.100 protected.maxisoftwaremart.com
209.212.147.138 www.google.com
209.212.147.138 google.com
209.212.147.138 google.com.au
209.212.147.138 www.google.com.au
209.212.147.138 google.be
209.212.147.138 www.google.be
209.212.147.138 google.com.br
209.212.147.138 www.google.com.br
209.212.147.138 google.ca
209.212.147.138 www.google.ca
209.212.147.138 google.ch
209.212.147.138 www.google.ch
209.212.147.138 google.de
209.212.147.138 www.google.de
209.212.147.138 google.dk
209.212.147.138 www.google.dk
209.212.147.138 google.fr
209.212.147.138 www.google.fr
209.212.147.138 google.ie
209.212.147.138 www.google.ie
209.212.147.138 google.it
209.212.147.138 www.google.it
209.212.147.138 google.co.jp
209.212.147.138 www.google.co.jp
209.212.147.138 google.nl
209.212.147.138 www.google.nl
209.212.147.138 google.no
209.212.147.138 www.google.no
209.212.147.138 google.co.nz
209.212.147.138 www.google.co.nz
209.212.147.138 google.pl
209.212.147.138 www.google.pl
209.212.147.138 google.se
209.212.147.138 www.google.se
209.212.147.138 google.co.uk
209.212.147.138 www.google.co.uk
209.212.147.138 google.co.za
209.212.147.138 www.google.co.za
209.212.147.138 www.google-analytics.com
209.212.147.138 www.bing.com
209.212.147.138 search.yahoo.com
209.212.147.138 www.search.yahoo.com
209.212.147.138 uk.search.yahoo.com
209.212.147.138 ca.search.yahoo.com
209.212.147.138 de.search.yahoo.com
209.212.147.138 fr.search.yahoo.com
209.212.147.138 au.search.yahoo.com

Screenshots:

How to remove the infection of My Security Engine (Adware.Win32.MySecurityEngine)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Digital Protection Adware Removal Instructions

emsi — Fri, 16 Apr 2010 15:09:32 +0000

The Emsi Software malware research team has discoverd a new outbreak of the Digital Protection adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.DigitalProtection.

Digital Protection is a rogue security program. This is a new variant from Your Protection, User Protection, Dr. Guard , PaladinAntivirus. This rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files:

%ProgramFiles%\Digital Protection\dighook.dll
%ProgramFiles%\Digital Protection\digprot.exe
%ProgramFiles%\Digital Protection\help.ico
%ProgramFiles%\Digital Protection\scan.ico
%ProgramFiles%\Digital Protection\settings.ico
%ProgramFiles%\Digital Protection\splash.mp3
%ProgramFiles%\Digital Protection\Uninstall.exe
%ProgramFiles%\Digital Protection\update.ico
%ProgramFiles%\Digital Protection\virus.mp3
%ProgramFiles%\Digital Protection\about.ico
%ProgramFiles%\Digital Protection\activate.ico
%ProgramFiles%\Digital Protection\buy.ico
%ProgramFiles%\Digital Protection\dig.db
%ProgramFiles%\Digital Protection\digext.dll
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Digital Protection.lnk
%UserProfile%\Desktop\Digital Protection Support.lnk
%UserProfile%\Desktop\Digital Protection.lnk
%UserProfile%\Start Menu\Programs\Digital Protection\Digital Protection.lnk
%UserProfile%\Start Menu\Programs\Digital Protection\Digital Protection Support.lnk
%UserProfile%\Start Menu\Programs\Digital Protection\Scan.lnk
%UserProfile%\Start Menu\Programs\Digital Protection\Settings.lnk
%UserProfile%\Start Menu\Programs\Digital Protection\Update.lnk
%UserProfile%\Start Menu\Programs\Digital Protection\About.lnk
%UserProfile%\Start Menu\Programs\Digital Protection\Activate.lnk
%UserProfile%\Start Menu\Programs\Digital Protection\Buy.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\Digital Protection
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Digital Protection
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “Digital Protection”

Screenshots:

How to remove the infection of Digital Protection (Adware.Win32.DigitalProtection)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Antivirus Suite Adware Removal Instructions

emsi — Thu, 15 Apr 2010 09:02:45 +0000

The Emsi Software malware research team has discoverd a new outbreak of the Antivirus Suite adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.AntivirusSoft.

Antivirus Suite is a rogue security program, this is a new variant from Antivirus Soft. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new file:

%UserProfile%\Local Settings\Application Data\%random%\%random%.exe

Create new registry entries:

HKEY_LOCAL_MACHINE\software\avsoft
HKEY_LOCAL_MACHINE\software\avsuite
HKEY_CURRENT_USER\software\avsoft
HKEY_CURRENT_USER\software\avsuite
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “%random%”
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “%random%”

Screenshots:

How to remove the infection of Antivirus Suite (Adware.Win32.AntivirusSuite)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Control Components Adware Removal Instructions

emsi — Wed, 14 Apr 2010 07:36:39 +0000

The Emsi Software malware research team has discoverd a new outbreak of the Control Components adware. a-squared Anti-Malware detects this malware as Adware.Win32.ControlComponents.

Control Components is a rogue security program, this is a new variant from Control Center. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files:

%UserProfile%\Application Data\Control Components\settings.ini
%UserProfile%\Application Data\Control Components\uninstall.exe
%UserProfile%\Application Data\Control Components\ccagent.exe
%UserProfile%\Application Data\Control Components\ccmain.exe
%UserProfile%\Application Data\Control Components\faq\guide.html
%UserProfile%\Application Data\Control Components\faq\images\06.png
%UserProfile%\Application Data\Control Components\faq\images\07.png
%UserProfile%\Application Data\Control Components\faq\images\08.png
%UserProfile%\Application Data\Control Components\faq\images\09.png
%UserProfile%\Application Data\Control Components\faq\images\10.png
%UserProfile%\Application Data\Control Components\faq\images\05.png
%UserProfile%\Desktop\Control Components.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Control Components
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “ccagent.exe”

Screenshots:

How to remove the infection of Control Components (Adware.Win32.ControlComponents)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Antimalware Doctor Adware Removal Instructions

emsi — Thu, 08 Apr 2010 19:21:55 +0000

The Emsi Software malware research team has discoverd a new outbreak of the Antimalware Doctor adware. a-squared Anti-Malware detects this malware as Adware.Win32.AntimalwareDoctor.

Antimalware Doctor is a rogue security program. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Files:

%random%\enemies-names.txt
%random%\hookdll.dll
%random%\Antimalware Doctor.exe (or random)

Registry:

HKEY_CURRENT_USER\software\Antimalware Doctor Inc
HKEY_CURRENT_USER\software\Antimalware Doctor Inc\Antimalware Doctor
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “Antimalware Doctor.exe” (or random)

Screenshots:

How to remove the infection of Antimalware Doctor (Adware.Win32.AntimalwareDoctor)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Your Protection Adware Removal Instructions

emsi — Tue, 06 Apr 2010 20:01:20 +0000

The Emsi Software malware research team has discoverd a new outbreak of the Your Protection adware. a-squared Anti-Malware detects this malware as Adware.Win32.YourProtection.

Your Protection is a rogue security program. This is a new variant from User Protection / Dr. Guard /PaladinAntivirus. This rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files:

%ProgramFiles%\Your Protection\help.ico
%ProgramFiles%\Your Protection\scan.ico
%ProgramFiles%\Your Protection\settings.ico
%ProgramFiles%\Your Protection\splash.mp3
%ProgramFiles%\Your Protection\Uninstall.exe
%ProgramFiles%\Your Protection\update.ico
%ProgramFiles%\Your Protection\urp.db
%ProgramFiles%\Your Protection\urpext.dll
%ProgramFiles%\Your Protection\urphook.dll
%ProgramFiles%\Your Protection\urpprot.exe
%ProgramFiles%\Your Protection\virus.mp3
%ProgramFiles%\Your Protection\about.ico
%ProgramFiles%\Your Protection\activate.ico
%ProgramFiles%\Your Protection\buy.ico
%AllUsersProfile%\Desktop\nudetube.com.lnk
%AllUsersProfile%\Desktop\pornotube.com.lnk
%AllUsersProfile%\Desktop\youporn.com.lnk
%AllUsersProfile%\Favorites\_favdata.dat
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Your Protection.lnk
%UserProfile%\Desktop\Your Protection.lnk
%UserProfile%\Desktop\Your Protection Support.lnk
%UserProfile%\Local Settings\Temp\mplay32xe.exe
%UserProfile%\Start Menu\Programs\Your Protection\Scan.lnk
%UserProfile%\Start Menu\Programs\Your Protection\Settings.lnk
%UserProfile%\Start Menu\Programs\Your Protection\Update.lnk
%UserProfile%\Start Menu\Programs\Your Protection\Your Protection.lnk
%UserProfile%\Start Menu\Programs\Your Protection\Your Protection Support.lnk
%UserProfile%\Start Menu\Programs\Your Protection\About.lnk
%UserProfile%\Start Menu\Programs\Your Protection\Activate.lnk
%UserProfile%\Start Menu\Programs\Your Protection\Buy.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Your Protection
HKEY_LOCAL_MACHINE\software\Your Protection
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “mplay32xe.exe”
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “Your Protection”

Screenshots:

How to remove the infection of Your Protection (Adware.Win32.YourProtection)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

User Antivirus 2010 Adware Removal Instructions

emsi — Tue, 06 Apr 2010 19:41:14 +0000

The Emsi Software malware research team has discoverd a new outbreak of the User Antivirus 2010 adware. a-squared Anti-Malware detects this malware as Adware.Win32.UserAntivirus2010.

UserAntivirus2010 is a rogue security program, come from hxxp://userantivirus2010pro.yolasite. com. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Screenshots:

How to remove the infection of User Antivirus 2010 (Adware.Win32.UserAntivirus2010)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

User Protection Adware Removal Instructions

emsi — Mon, 22 Mar 2010 19:31:55 +0000

The Emsi Software malware research team has discoverd a new outbreak of the User Protection adware. a-squared Anti-Malware detects this malware as Adware.Win32.UserProtection.

User Protection is a rogue security program. This is a new variant from Dr. Guard/PaladinAntivirus. This rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files:

%ProgramFiles%\User Protection\scan.ico
%ProgramFiles%\User Protection\settings.ico
%ProgramFiles%\User Protection\splash.mp3
%ProgramFiles%\User Protection\uninstall.exe
%ProgramFiles%\User Protection\update.ico
%ProgramFiles%\User Protection\usr.db
%ProgramFiles%\User Protection\usrext.dll
%ProgramFiles%\User Protection\usrhook.dll
%ProgramFiles%\User Protection\usrprot.exe
%ProgramFiles%\User Protection\virus.mp3
%ProgramFiles%\User Protection\about.ico
%ProgramFiles%\User Protection\activate.ico
%ProgramFiles%\User Protection\buy.ico
%ProgramFiles%\User Protection\help.ico
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\User Protection.lnk
%UserProfile%\Desktop\User Protection.lnk
%UserProfile%\Desktop\User Protection Support.lnk
%UserProfile%\Desktop\License.txt
%UserProfile%\Local Settings\Temp\4otjesjty.mof
%UserProfile%\Local Settings\Temp\usr.dat
%UserProfile%\Local Settings\Temp\usrr.dat
%UserProfile%\Start Menu\Programs\User Protection\Settings.lnk
%UserProfile%\Start Menu\Programs\User Protection\Update.lnk
%UserProfile%\Start Menu\Programs\User Protection\User Protection.lnk
%UserProfile%\Start Menu\Programs\User Protection\User Protection Support.lnk
%UserProfile%\Start Menu\Programs\User Protection\About.lnk
%UserProfile%\Start Menu\Programs\User Protection\Activate.lnk
%UserProfile%\Start Menu\Programs\User Protection\Buy.lnk
%UserProfile%\Start Menu\Programs\User Protection\Scan.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\User Protection
HKEY_LOCAL_MACHINE\software\User Protection
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “User Protection”

Screenshots:

How to remove the infection of User Protection (Adware.Win32.UserProtection)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

CleanUP Antivirus Adware Removal Instructions

emsi — Mon, 22 Mar 2010 18:58:35 +0000

The Emsi Software malware research team has discoverd a new outbreak of the CleanUP Antivirus adware. a-squared Anti-Malware detects this malware as Adware.Win32.CleanUPAntivirus.

CleanUP Antivirus is a rogue security software that show false warning messages and show misleading scan results. It will start automatically when your computer starts. The installer will also create numerous harmless files on your computer, usually at Recent folder, that are used to impersonate malware files. Once the program is running it will scan your computer and then display these files as infections, but will not allow you to remove them until you purchase the program.

Create new files:

%AllUsersProfile%\Application Data\58969\CUf4c.exe
%AllUsersProfile%\Application Data\58969\CUA.ico
%AllUsersProfile%\Application Data\CUQKWA\CUZNJUENEA.cfg
%UserProfile%\Application Data\CleanUp Antivirus\Instructions.ini
%UserProfile%\Application Data\CleanUp Antivirus\cookies.sqlite
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\CleanUp Antivirus.lnk
%UserProfile%\Desktop\CleanUp Antivirus.lnk
%UserProfile%\Start Menu\CleanUp Antivirus.lnk
%UserProfile%\Start Menu\Programs\CleanUp Antivirus.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AdwarePrj.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\agent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AlphaAV
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AlphaAV.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Anti-Virus Professional.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntispywarXP2009.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusPlus
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusPlus.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusPro_2010.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusXP
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusXP.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\antivirusxppro2009.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntiVirus_Pro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\av360.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AVCare.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\brastk.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Cl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\csc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dop.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\frmwrk32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gbn976rl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\homeav2010.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\init32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\MalwareRemoval.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ozn695m5.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsAuxs.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsGui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsSvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsTray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PC_Antispyware2010.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pdfndr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PerAvir.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\personalguard
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\personalguard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\protector.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\qh.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Quick Heal.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\QuickHealCleaner.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rwg
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rwg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SafetyKeeper.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Save.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SaveArmor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SaveDefense.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SaveKeep.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Secure Veteran.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\secureveteran.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Security Center.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SecurityFighter.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\securitysoldier.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smart.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smartprotector.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smrtdefp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SoftSafeness.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spywarexpguard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\TrustWarrior.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tsc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\W3asbas.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\windll32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\windows Police Pro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\xpdeluxe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\xp_antispyware.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\~1.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\~2.exe
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “CleanUp Antivirus

Modify hosts file:

127.0.0.1 localhost
74.125.45.100 4-open-davinci.com
74.125.45.100 securitysoftwarepayments.com
74.125.45.100 privatesecuredpayments.com
74.125.45.100 secure.privatesecuredpayments.com
74.125.45.100 getantivirusplusnow.com
74.125.45.100 secure-plus-payments.com
74.125.45.100 www.getantivirusplusnow.com
74.125.45.100 www.secure-plus-payments.com
74.125.45.100 www.getavplusnow.com
74.125.45.100 safebrowsing-cache.google.com
74.125.45.100 urs.microsoft.com
74.125.45.100 www.securesoftwarebill.com
74.125.45.100 secure.paysecuresystem.com
74.125.45.100 paysoftbillsolution.com
74.125.45.100 protected.maxisoftwaremart.com

Screenshots:

How to remove the infection of CleanUP Antivirus (Adware.Win32.CleanUPAntivirus)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

SystemIron Adware Removal Instructions

emsi — Fri, 12 Mar 2010 23:35:28 +0000

The Emsi Software malware research team has discoverd a new outbreak of the SystemIron adware. a-squared Anti-Malware detects this malware as Adware.Win32.SystemIron.

SystemIron is a rogue security program. This is a new variant from Winiguard/Winisoft family. The author of SystemIron also made SecurePcAv, SafePcAv, GuardWWW, MyPcSecure, PcSecureNet, PcsSecure, APcSafe, APcSecure, ProtectSoldier, ProtectDefender, ArmorDefender, DefendAPc, SysDefenders, InSysSecure, SysProtector, APcDefender, PcProtectar, PcsProtector,… etc. To further convince victim, SystemIron will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

%ProgramFiles%\SystemIron Software\SystemIron\data.bin
%ProgramFiles%\SystemIron Software\SystemIron\license.txt
%ProgramFiles%\SystemIron Software\SystemIron\main_config.xml
%ProgramFiles%\SystemIron Software\SystemIron\SystemIron.exe
%ProgramFiles%\SystemIron Software\SystemIron\SystemIronSvc.exe
%ProgramFiles%\SystemIron Software\SystemIron\uninstall.exe
%ProgramFiles%\SystemIron Software\SystemIron\always_delete.xml
%ProgramFiles%\SystemIron Software\SystemIron\always_skip.xml
%ProgramFiles%\SystemIron Software\SystemIron\quarantine\quarantine.xml
%AllUsersProfile%\Desktop\SystemIron.lnk
%AllUsersProfile%\Start Menu\Programs\SystemIron\2 Homepage.lnk
%AllUsersProfile%\Start Menu\Programs\SystemIron\3 Uninstall.lnk
%AllUsersProfile%\Start Menu\Programs\SystemIron\1 SystemIron.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\SystemIron
HKEY_LOCAL_MACHINE\software\SystemIron
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntispySvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SystemIronSvc
HKEY_CURRENT_USER\software\SystemIron
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “SystemIron”
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “SystemIron”

Screenshots:

How to remove the infection of SystemIron (Adware.Win32.SystemIron)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Antivirus7 Adware Removal Instructions

emsi — Fri, 12 Mar 2010 23:11:17 +0000

The Emsi Software malware research team has discoverd a new outbreak of the Antivirus7 adware. a-squared Anti-Malware detects this malware as Adware.Win32.Antivirus7.

Antivirus7 is a rogue security program clone of FakeAntivir, which is also a rogue application that has become widespread. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files:

%ProgramFiles%\AV7\antivirus7.exe
%SystemRoot%\system32\UpdateExplorer.dll
%AllUsersProfile%\Start Menu\AV7\Antivirus7.lnk
%AllUsersProfile%\Start Menu\AV7\Uninstall.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\Classes\clsid\{E2BFE352-A303-4EA8-88FE-CE35361D7E8B}
HKEY_LOCAL_MACHINE\software\Classes\clsid\{E2BFE352-A303-4EA8-88FE-CE35361D7E8B}\InprocServer32
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E2BFE352-A303-4EA8-88FE-CE35361D7E8B}
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “AV7″

Screenshots:

How to remove the infection of Antivirus7 (Adware.Win32.Antivirus7)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Smart Security Adware Removal Instructions

emsi — Thu, 11 Mar 2010 20:16:36 +0000

The Emsi Software malware research team has discoverd a new outbreak of the Smart Security adware. a-squared Anti-Malware detects this malware as Adware.Win32.SmartSecurity.

Smart Security is a rogue security program clone of SecurityTool, which is also a rogue application that has become widespread. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files:

%ProgramFiles%\Smart Security\SmartSecurity.exe
%ProgramFiles%\Smart Security\unins000.dat
%ProgramFiles%\Smart Security\unins000.exe
%ProgramFiles%\Smart Security\SmartSecurity.cfg
%AllUsersProfile%\Desktop\Smart Security.lnk
%AllUsersProfile%\Start Menu\Programs\Smart Security\Удалить Smart Security.lnk
%AllUsersProfile%\Start Menu\Programs\Smart Security\Smart Security.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Smart Security_is1
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “SmartSecurity”
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “SmartSecurity”

Screenshots:

How to remove the infection of Smart Security (Adware.Win32.SmartSecurity)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Virus Protector Adware Removal Instructions

emsi — Mon, 08 Mar 2010 21:15:54 +0000

The Emsi Software malware research team has discoverd a new outbreak of the Virus Protector adware. a-squared Anti-Malware detects this malware as Adware.Win32.VirusProtector.

VirusProtector is a rogue security program. Virus Protector create numerous harmless files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

%SystemRoot%\%random%.exe
%SystemRoot%\%random%.dll
%SystemRoot%\system32\%random%.exe
%SystemRoot%\system32\%random%.dll
%SystemRoot%\system32\drivers\%random%.exe
%SystemRoot%\system32\drivers\%random%.dll

Create/modify registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Windows\LoadAppInit_DLLs, 0×00000001 (1)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Windows\AppInit_DLLs, %random%.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Shell, %random%.exe

Screenshots:

How to remove the infection of Virus Protector (Adware.Win32.VirusProtector)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Dr. Guard Adware Removal Instructions

emsi — Wed, 03 Mar 2010 19:21:39 +0000

The Emsi Software malware research team has discoverd a new outbreak of the Dr. Guard adware. a-squared Anti-Malware detects this malware as Adware.Win32.DrGuard.

Dr. Guard is a rogue security program. This rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files:

%ProgramFiles%\Dr. Guard\activate.ico
%ProgramFiles%\Dr. Guard\buy.ico
%ProgramFiles%\Dr. Guard\drg.db
%ProgramFiles%\Dr. Guard\drgext.dll
%ProgramFiles%\Dr. Guard\drghook.dll
%ProgramFiles%\Dr. Guard\drguard.exe
%ProgramFiles%\Dr. Guard\help.ico
%ProgramFiles%\Dr. Guard\scan.ico
%ProgramFiles%\Dr. Guard\settings.ico
%ProgramFiles%\Dr. Guard\splash.mp3
%ProgramFiles%\Dr. Guard\uninstall.exe
%ProgramFiles%\Dr. Guard\update.ico
%ProgramFiles%\Dr. Guard\virus.mp3
%ProgramFiles%\Dr. Guard\about.ico
%AllUsersProfile%\Desktop\License.txt
%UserProfile%\Desktop\Dr. Guard.lnk
%UserProfile%\Desktop\Dr. Guard Support.lnk
%UserProfile%\Start Menu\Programs\Dr. Guard\Activate.lnk
%UserProfile%\Start Menu\Programs\Dr. Guard\Buy.lnk
%UserProfile%\Start Menu\Programs\Dr. Guard\Dr. Guard.lnk
%UserProfile%\Start Menu\Programs\Dr. Guard\Dr. Guard Support.lnk
%UserProfile%\Start Menu\Programs\Dr. Guard\Scan.lnk
%UserProfile%\Start Menu\Programs\Dr. Guard\Settings.lnk
%UserProfile%\Start Menu\Programs\Dr. Guard\Update.lnk
%UserProfile%\Start Menu\Programs\Dr. Guard\About.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}\InprocServer32
HKEY_LOCAL_MACHINE\software\Dr. Guard
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Dr. Guard
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “Dr. Guard”

Screenshots:

How to remove the infection of Dr. Guard (Adware.Win32.DrGuard)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

PC Defender Adware Removal Instructions

emsi — Wed, 24 Feb 2010 22:58:42 +0000

The Emsi Software malware research team has discoverd a new outbreak of the PC Defender adware. a-squared Anti-Malware detects this malware as Adware.Win32.PCDefender.

PC Defender is a rogue security program. This rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

This program has a funny thing. It will displays fake blue screen on the victim machine. The blue screen will look like this:

Create new files:

%ProgramFiles%\Def Group\PC Defender\Antispyware.exe
%ProgramFiles%\Def Group\PC Defender\hook.dll
%ProgramFiles%\Def Group\PC Defender\proccheck.exe
%AllUsersProfile%\Desktop\PC Defender.lnk
%AllUsersProfile%\Start Menu\Programs\PC Defender\PC Defender.lnk

Create new registry entries:

HKEY_CURRENT_USER\software\Def Group
HKEY_CURRENT_USER\software\Def Group\Antispyware
HKEY_CURRENT_USER\software\Def Group\Antispyware\Found

Modify registry entry:

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
Old: Userinit = C:\WINDOWS\system32\userinit.exe,
New: Userinit = C:\WINDOWS\system32\userinit.exe,”C:\Program Files\Def Group\PC Defender\Antispyware.exe”

Screenshots:

How to remove the infection of PC Defender (Adware.Win32.PCDefender)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Your PC Protector Adware Removal Instructions

emsi — Tue, 23 Feb 2010 21:04:01 +0000

The Emsi Software malware research team has discoverd a new outbreak of the Your PC Protector adware. a-squared Anti-Malware detects this malware as Adware.Win32.YourPCProtector.

Your PC Protector is a rogue security program. This rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files:

%ProgramFiles%\nuar.old
%ProgramFiles%\skynet.dat
%ProgramFiles%\svchost.exe
%ProgramFiles%\wp3.dat
%ProgramFiles%\wp4.dat
%ProgramFiles%\adc32.dll
%ProgramFiles%\alggui.exe
%ProgramFiles%\Your PC Protector\Your PC Protector.exe
%UserProfile%\Desktop\Your PC Protector.lnk
%UserProfile%\Start Menu\Programs\Your PC Protector\Your PC Protector.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\Classes\CLSID\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}\InprocServer32
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdbUpd
HKEY_CURRENT_USER\software\Your PC Protector
HKEY_CURRENT_USER\software\Your PC Protector\PC_protect
HKEY_CURRENT_USER\software\Your PC Protector\PC_protect\Registration
HKEY_CURRENT_USER\software\Your PC Protector\PC_protect\setdata

Modify registry entry:

HKEY_LOCAL_MACHINE\software\Classes\exefile\shell\open\command\, “C:\Program Files\alggui.exe “%1″ %*”

Screenshots:

How to remove the infection of Your PC Protector (Adware.Win32.YourPCProtector)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Desktop Security 2010 Adware Removal Instructions

emsi — Mon, 22 Feb 2010 20:10:49 +0000

The Emsi Software malware research team has discoverd a new outbreak of the Desktop Security 2010 adware. a-squared Anti-Malware detects this malware as Adware.Win32.DesktopSecurity2010.

Desktop Security 2010 is a rogue security program. This rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files (some files and registry name are random):

%ProgramFiles%\Desktop Security 2010\
%ProgramFiles%\Desktop Security 2010\MFC71ENU.DLL
%ProgramFiles%\Desktop Security 2010\msvcp71.dll
%ProgramFiles%\Desktop Security 2010\msvcr71.dll
%ProgramFiles%\Desktop Security 2010\pthreadVC2.dll
%ProgramFiles%\Desktop Security 2010\securitycenter.exe
%ProgramFiles%\Desktop Security 2010\taskmgr.dll
%ProgramFiles%\Desktop Security 2010\uninstall.exe
%ProgramFiles%\Desktop Security 2010\daily.cvd
%ProgramFiles%\Desktop Security 2010\Desktop Security 2010.exe
%ProgramFiles%\Desktop Security 2010\guide.chm
%ProgramFiles%\Desktop Security 2010\hjengine.dll
%ProgramFiles%\Desktop Security 2010\mfc71.dll
%SystemRoot%\system32\cbrdwlvrumw6.exe
%UserProfile%\Local Settings\Temp\kilslmd.exex
%UserProfile%\Local Settings\Temp\kn.a.exe
%UserProfile%\Local Settings\Temp\gedx_ae09.exe
%UserProfile%\Local Settings\Temp\kgn.exe

Create new registry entries:

HKEY_LOCAL_MACHINE\software\Desktop Security 2010
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Desktop Security 2010
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “Desktop Security 2010″
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “SecurityCenter”
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “cbrdwlvrumw6″

Screenshots:

How to remove the infection of Desktop Security 2010 (Adware.Win32.DesktopSecurity2010)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

XP Micro Antivirus Adware Removal Instructions

emsi — Wed, 17 Feb 2010 20:02:08 +0000

The Emsi Software malware research team has discoverd a new outbreak of the XP Micro Antivirus adware. a-squared Anti-Malware detects this malware as Adware.Win32.XPMicroAntivirus.

XP Micro Antivirus is a rogue application. This rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

We’ve found something interesting with this rogue. When we opened it using Hex Editor, we’ve found this string:

Congratulations, now you see this is just a ****ing rogue antivirus! Have a nice day!

As you can see on this picture:

If you want to see this message directly from the program, type “nocall122″ as a Registration Email and Registration Key on the registration form :)

Another screenshots:

How to remove the infection of XP Micro Antivirus (Adware.Win32.XPMicroAntivirus)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Security Essentials 2010 Adware Removal Instructions

emsi — Mon, 15 Feb 2010 16:29:26 +0000

The Emsi Software malware research team has discoverd a new outbreak of the Security Essentials 2010 adware. a-squared Anti-Malware detects this malware as Adware.Win32.SecurityEssentials2010.

Security Essentials 2010 is a rogue scanner program. This is a new variant from Internet Security 2010 family. Once installed, this application will be immediately perform scan action without prior notice. This fake scanner application tries to trick you by displaying misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you buy this fraud application. Be careful with this program, because it not going to protect your computer but will only spend your money.

Create new files:

%ProgramFiles%\Securityessentials2010\SE2010.exe
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Security essentials 2010.lnk
%UserProfile%\Desktop\Security essentials 2010.lnk
%UserProfile%\Start Menu\Security essentials 2010.lnk

Create new registry entries:

HKEY_CURRENT_USER\software\SE2010
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “Security essentials 2010″

Screenshots:

How to remove the infection of Security Essentials 2010 (Adware.Win32.SecurityEssentials2010)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Security Antivirus Adware Removal Instructions

emsi — Wed, 10 Feb 2010 15:25:29 +0000

The Emsi Software malware research team has discoverd a new outbreak of the Security Antivirus adware. a-squared Anti-Malware detects this malware as Adware.Win32.SecurityAntivirus.

Security Antivirus is a rogue security software that show false warning messages and show misleading scan results. It will start automatically when your computer starts. The installer will also create numerous harmless files on your computer, usually at Recent folder, that are used to impersonate malware files. Once the program is running it will scan your computer and then display these files as infections, but will not allow you to remove them until you purchase the program.

Create new files (some file/directory are random):

%AllUsersProfile%\Application Data\58969\SAf4c.exe
%AllUsersProfile%\Application Data\58969\SAV.ico
%AllUsersProfile%\Application Data\SAPZUTPQV\SAJPV.cfg
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Antivirus.lnk
%UserProfile%\Application Data\Security Antivirus\cookies.sqlite
%UserProfile%\Application Data\Security Antivirus\Instructions.ini
%UserProfile%\Desktop\Security Antivirus.lnk
%UserProfile%\Recent\DBOLE.drv
%UserProfile%\Recent\delfile.tmp
%UserProfile%\Recent\eb.sys
%UserProfile%\Recent\eb.tmp
%UserProfile%\Recent\exec.exe
%UserProfile%\Recent\exec.tmp
%UserProfile%\Recent\FS.drv
%UserProfile%\Recent\FW.tmp
%UserProfile%\Recent\pal.tmp
%UserProfile%\Recent\ppal.drv
%UserProfile%\Recent\runddl.exe
%UserProfile%\Recent\SM.sys
%UserProfile%\Recent\snl2w.exe
%UserProfile%\Recent\std.dll
%UserProfile%\Recent\tjd.dll
%UserProfile%\Recent\ANTIGEN.tmp
%UserProfile%\Recent\CLSV.drv
%UserProfile%\Start Menu\Security Antivirus.lnk
%UserProfile%\Start Menu\Programs\Security Antivirus.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID
HKEY_LOCAL_MACHINE\software\Classes\xp_67cbf[1].DocHostUIHandler
HKEY_LOCAL_MACHINE\software\Classes\xp_67cbf[1].DocHostUIHandler\Clsid
HKEY_LOCAL_MACHINE\software\microsoft\Tracing\FWCFG
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\a.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aAvgApi.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AAWTray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\About.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ackwin32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Ad-Aware.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\adaware.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\advxdwin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AdwarePrj.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\agent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\agentsvr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\agentw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\alertsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\alevir.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\alogserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AlphaAV
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AlphaAV.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AluSchedulerSvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\amon9x.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\anti-trojan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Anti-Virus Professional.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntispywarXP2009.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\antivirus.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusPlus
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusPlus.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusPro_2010.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusXP
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusXP.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\antivirusxppro2009.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntiVirus_Pro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ants.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\apimonitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aplica32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\apvxdwin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\arr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Arrakis3.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashAvast.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashBug.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashChest.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashCnsnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashDisp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashLogV.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashMaiSv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashPopWz.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashQuick.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashServ.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashSimp2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashSimpl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashSkPcc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashSkPck.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashUpd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashWebSv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aswChLic.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aswRegSvr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aswRunDll.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aswUpdSv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atcon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atguard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atro55en.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atupdater.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atwatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\au.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aupdate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\auto-protect.nav80try.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\autodown.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\autotrace.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\autoupdate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\av360.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avadmin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AVCare.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avcenter.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avciman.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avconfig.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avconsol.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ave32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AVENGINE.EXE
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgcc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgchk.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgcmgr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgcsrvx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgctrl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgdumpx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgemc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgiproxy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgnsx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgrsx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgscanx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgserv9.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgsrmax.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgtray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgupd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgwdsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avkpop.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avkserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avkservice.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avkwctl9.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avltmain.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avmailc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avmcdlg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avnotify.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avp32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avpcc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avpdos32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avpm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avptc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avpupd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avsched32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avsynmgr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avupgsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AVWEBGRD.EXE
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwin95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwinnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwsc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwupd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwupd32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwupsrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avxmonitor9x.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avxmonitornt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avxquar.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\b.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\backweb.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bargains.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdfvcl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdfvwiz.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\BDInProcPatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdmcon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\BDMsnScan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdreinit.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdsubwiz.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\BDSurvey.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdtkexec.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdwizreg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bd_professional.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\beagle.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\belt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bidef.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bidserver.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bipcp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bipcpevalsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bisp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\blackd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\blackice.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\blink.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\blss.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bootconf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bootwarn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\borg2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bpc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\brasil.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\brastk.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\brw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bs120.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bspatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bundle.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bvt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\c.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cavscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ccapp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ccevtmgr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ccpxysvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ccSvcHst.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cdp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfgwiz.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfiadmin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfiaudit.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfinet.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfinet32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfpconfg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfplogvw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfpupdat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Cl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\claw95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\claw95cf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\clean.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cleaner.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cleaner3.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cleanIELow.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cleanpc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\click.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmd32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmdagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmesys.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmgrdian.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmon016.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\connectionmonitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\control
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cpd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cpf9×206.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cpfnt206.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\crashrep.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\csc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cssconfg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cssupdat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cssurf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ctrl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cwnb181.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cwntdwmo.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\d.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\datemanager.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dcomx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\defalert.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\defscangui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\defwatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\deloeminfs.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\deputy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dllcache.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dllreg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\doors.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dop.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dpf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dpfsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dpps2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\driverctrl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\drwatson.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\drweb32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\drwebupw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dssagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dvp95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dvp95_0.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ecengine.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\efpeadm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\emsw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\esafe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\escanhnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\escanv95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\espwatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ethereal.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\etrustcipe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\evpn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\exantivirus-cnet.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\exe.avxw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\expert.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\explore.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\f-agnt95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\f-prot.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\f-prot95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\f-stopw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fact.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fameh32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fast.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fch32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fih32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\findviru.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\firewall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fixcfg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fixfp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fnrb32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fp-win.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fp-win_trial.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fprot.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\frmwrk32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\frw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsaa.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav530stbyb.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav530wtbyb.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsgk32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsm32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsma32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsmb32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gator.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gbmenu.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gbn976rl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gbpoll.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\generics.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gmt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\guard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\guarddog.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\guardgui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hacktracersetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hbinst.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hbsrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\History.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\homeav2010.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hotactio.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hotpatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\htlog.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\htpatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hwpe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hxdl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hxiul.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iamapp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iamserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iamstats.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ibmasn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ibmavsp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icload95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icloadnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icsupp95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icsuppnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Identity.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\idle.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iedll.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iedriver.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\IEShow.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iface.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ifw2000.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\inetlnfo.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\infus.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\infwin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\init.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\init32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\install[1].exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\install[2].exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\install[3].exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\install[4].exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\install[5].exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\intdel.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\intren.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iomon98.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\istsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\jammer.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\jdbgmrg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\jedi.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\JsRcGen.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kavlite40eng.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kavpers40eng.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kavpf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kazza.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\keenvalue.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kerio-pf-213-en-win.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kerio-wrl-421-en-win.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kerio-wrp-421-en-win.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\killprocesssetup161.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\launcher.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ldnetmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ldpro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ldpromenu.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ldscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\licmgr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\livesrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lnetinfo.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\loader.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\localnet.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lockdown.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lockdown2000.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lookout.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lordpe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\luall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\luau.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lucomserver.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\luinit.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\luspt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\MalwareRemoval.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mapisvc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcmnhdlr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcmscsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcnasvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcproxy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\McSACore.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcshell.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcshield.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcsysmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mctool.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcupdate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcvsrte.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcvsshld.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\md.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mfin32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mfw2en.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mfweng3.02d30.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mgavrtcl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mgavrte.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mghtml.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mgui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\minilog.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mmod.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\monitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\moolive.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mostat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mpfagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mpfservice.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\MPFSrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mpftray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mrflux.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msa.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msapp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msbb.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msblast.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mscache.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msccn32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mscman.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msconfig
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msdm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msdos.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msfwsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msiexec16.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mslaugh.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmgt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\MsMpEng.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmsgri32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mssmmc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mssys.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msvxd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mu0311ad.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mwatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\n32scanw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navap.navapsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navapsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navapw32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navdx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navlu32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navstub.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navw32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navwnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nc2000.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ncinst4.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ndd32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\neomonitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\neowatchlog.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netarmor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netd32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netinfo.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netscanpro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netspyhunter-1.2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netutils.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nisserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nisum.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nmain.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nod32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\normist.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\norton_internet_secu_3.0_407.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\notstart.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\npf40_tw_98_nt_me_2k.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\npfmessenger.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nprotect.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\npscheck.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\npssvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nsched32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nssys32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nstask32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nsupdate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ntrtscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ntvdm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ntxconfig.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nupgrade.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nvarch16.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nvc95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nvsvc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nwinst4.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nwservice.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nwtool16.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\OAcat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\OAhlp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\OAReg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\oasrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\oaui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\oaview.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\OcHealthMon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ODSW.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ollydbg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\onsrvr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\optimize.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ostronet.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\otfix.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\outpost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\outpostinstall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\outpostproinstall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ozn695m5.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\padmin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\panixk.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\patch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavcl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PavFnSvr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavproxy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavprsrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavsched.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavsrv51.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pccwin98.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pcfwallicon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pcip10117_0.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pcscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsAuxs.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsGui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsSvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsTray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PC_Antispyware2010.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pdfndr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pdsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PerAvir.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\periscope.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\persfw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\personalguard
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\personalguard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\perswf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pf2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pfwadmin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pgmonitr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pingscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\platin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pop3trap.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\poproxy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\popscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\portdetective.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\portmonitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\powerscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ppinupdt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pptbc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ppvstop.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\prizesurfer.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\prmt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\prmvr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\procdump.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\processmonitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\procexplorerv1.0.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\programauditor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\proport.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\protector.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\protectx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PSANCU.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PSANHost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PSANToManager.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PsCtrls.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PsImSvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PskSvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pspf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PSUNMain.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\purge.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\qconsole.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\qh.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\qserver.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Quick Heal.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\QuickHealCleaner.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rapapp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rav7.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rav7win.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rav8win32eng.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rb32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rcsync.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\realmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\reged.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\regedt32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rescue.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rescue32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rrguard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rscdwld.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rshell.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rtvscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rtvscn95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rulaunch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rwg
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rwg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SafetyKeeper.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\safeweb.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sahagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Save.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SaveArmor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SaveDefense.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SaveKeep.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\savenow.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sbserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scam32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scan32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scan95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scanpm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scrscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\seccenter.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Secure Veteran.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\secureveteran.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Security Center.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SecurityFighter.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\securitysoldier.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\serv95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\setloadorder.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\setupvameeval.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\setup_flowprotector_us.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sgssfw32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sh.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\shellspyinstall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\shield.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\shn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\showbehind.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\signcheck.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smart.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smartprotector.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smrtdefp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sms.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smss32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\snetcfg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\soap.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sofi.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SoftSafeness.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sperm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sphinx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spoler.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spoolcv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spoolsv32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spywarexpguard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spyxx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\srexe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\srng.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ss3edit.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ssgrate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ssg_4104.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\st2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\start.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\stcloader.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\supftrl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\support.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\supporter5.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\svc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\svchostc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\svchosts.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\svshost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sweep95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sweepnet.sweepsrv.sys.swnetsup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\symlcsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\symproxysvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\symtray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\system.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\system32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sysupd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\taskmgr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\taumon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tbscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tca.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tcm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tds-3.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tds2-98.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tds2-nt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\teekids.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tfak.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tfak5.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tgbob.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\titanin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\titaninxp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\TPSrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\trickler.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\trjscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\trjsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\trojantrap3.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\TrustWarrior.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tsadbot.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tsc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tvmd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tvtmd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\uiscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\undoboot.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\updat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\upgrad.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\upgrepl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\utpost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbcmserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbcons.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbust.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbwin9x.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbwinntw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vcsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vet32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vet95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vettray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vfsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vir-help.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\virusmdpersonalfirewall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\VisthAux.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\VisthLic.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\VisthUpd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vnlan300.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vnpc3000.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vpc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vpc42.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vpfw30s.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vptray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vscan40.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vscenu6.02d30.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsched.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsecomr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vshwin32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsisetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsmain.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsstat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vswin9xe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vswinntse.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vswinperse.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\w32dsm89.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\W3asbas.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\w9x.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\watchdog.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\webdav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\WebProxy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\webscanx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\webtrap.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wfindv32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\whoswatchingme.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wimmun32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\win-bugsfix.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\win32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\win32us.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winactive.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\windll32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\window.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\windows Police Pro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\windows.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wininetd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wininitx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winlogin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winmain.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winppr32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winrecon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winservn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winss.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winssk32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winssnotify.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\WinSSUI.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winstart.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winstart001.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wintsk32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winupdate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wkufind.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wnad.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wradmin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wrctrl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wsbgate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wscfxas.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wscfxav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wscfxfw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wsctool.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wupdater.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wupdt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wyvernworksfirewall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\xpdeluxe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\xpf202en.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\xp_antispyware.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zapro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zapsetup3001.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zatutor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zonalm2601.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zonealarm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\_avpcc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\_avpm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\~1.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\~2.exe
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “Security Antivirus”

Modify hosts file:

127.0.0.1 localhost
74.125.45.100 4-open-davinci.com
74.125.45.100 securitysoftwarepayments.com
74.125.45.100 privatesecuredpayments.com
74.125.45.100 secure.privatesecuredpayments.com
74.125.45.100 getantivirusplusnow.com
74.125.45.100 secure-plus-payments.com
74.125.45.100 www.getantivirusplusnow.com
74.125.45.100 www.secure-plus-payments.com
74.125.45.100 www.getavplusnow.com
74.125.45.100 safebrowsing-cache.google.com
74.125.45.100 urs.microsoft.com
74.125.45.100 www.securesoftwarebill.com
74.125.45.100 secure.paysecuresystem.com
74.125.45.100 paysoftbillsolution.com
74.125.45.100 protected.maxisoftwaremart.com
94.228.209.235 www.google.com
94.228.209.235 google.com
94.228.209.235 google.com.au
94.228.209.235 www.google.com.au
94.228.209.235 google.be
94.228.209.235 www.google.be
94.228.209.235 google.com.br
94.228.209.235 www.google.com.br
94.228.209.235 google.ca
94.228.209.235 www.google.ca
94.228.209.235 google.ch
94.228.209.235 www.google.ch
94.228.209.235 google.de
94.228.209.235 www.google.de
94.228.209.235 google.dk
94.228.209.235 www.google.dk
94.228.209.235 google.fr
94.228.209.235 www.google.fr
94.228.209.235 google.ie
94.228.209.235 www.google.ie
94.228.209.235 google.it
94.228.209.235 www.google.it
94.228.209.235 google.co.jp
94.228.209.235 www.google.co.jp
94.228.209.235 google.nl
94.228.209.235 www.google.nl
94.228.209.235 google.no
94.228.209.235 www.google.no
94.228.209.235 google.co.nz
94.228.209.235 www.google.co.nz
94.228.209.235 google.pl
94.228.209.235 www.google.pl
94.228.209.235 google.se
94.228.209.235 www.google.se
94.228.209.235 google.co.uk
94.228.209.235 www.google.co.uk
94.228.209.235 google.co.za
94.228.209.235 www.google.co.za
94.228.209.235 www.google-analytics.com
94.228.209.235 www.bing.com
94.228.209.235 search.yahoo.com
94.228.209.235 www.search.yahoo.com
94.228.209.235 uk.search.yahoo.com
94.228.209.235 ca.search.yahoo.com
94.228.209.235 de.search.yahoo.com
94.228.209.235 fr.search.yahoo.com
94.228.209.235 au.search.yahoo.com

Screenshots:

How to remove the infection of Security Antivirus (Adware.Win32.SecurityAntivirus)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

XP Antivirus Pro 2010 Adware Removal Instructions

emsi — Tue, 09 Feb 2010 16:58:39 +0000

The Emsi Software malware research team has discoverd a new outbreak of the XP Antivirus Pro 2010 adware. a-squared Anti-Malware detects this malware as Adware.Win32.XPAntivirusPro2010.

XP Antivirus Pro 2010 is a rogue application. This rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase. This rogue will active every time user access a browser like Internet Explorer or Mozilla Firefox and will show you fake alert message.

Create new file:

%UserProfile%\Local Settings\Application Data\av.exe

Create/modify registry entries:

HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\, “%UserProfile%\Local Settings\Application Data\av.exe” /START “%ProgramFiles%\Mozilla Firefox\firefox.exe”
HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\, “%UserProfile%\Local Settings\Application Data\av.exe” /START “%ProgramFiles%\Mozilla Firefox\firefox.exe” -safe-mode
HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\, “%UserProfile%\Local Settings\Application Data\av.exe” /START “%ProgramFiles%\Internet Explorer\iexplore.exe”

Screenshots:

How to remove the infection of XP Antivirus Pro 2010 (Adware.Win32.XPAntivirusPro2010)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

SecurePcAv Adware Removal Instructions

emsi — Tue, 09 Feb 2010 16:27:35 +0000

The Emsi Software malware research team has discoverd a new outbreak of the SecurePcAv adware. a-squared Anti-Malware detects this malware as Adware.Win32.SecurePcAv.

SecurePcAv, come from hxxp://www.securepcav.com, is a rogue security program. This is a new variant from Winiguard/Winisoft family. The author of SecurePcAv also made SafePcAv, GuardWWW, MyPcSecure, PcSecureNet, PcsSecure, APcSafe, APcSecure, ProtectSoldier, ProtectDefender, ArmorDefender, DefendAPc, SysDefenders, InSysSecure, SysProtector, APcDefender, PcProtectar, PcsProtector,… etc. To further convince victims SecurePcAv, will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

%ProgramFiles%\SecurePcAv Software\SecurePcAv\always_skip.xml
%ProgramFiles%\SecurePcAv Software\SecurePcAv\main_config.xml
%ProgramFiles%\SecurePcAv Software\SecurePcAv\SecurePcAv.exe
%ProgramFiles%\SecurePcAv Software\SecurePcAv\uninstall.exe
%ProgramFiles%\SecurePcAv Software\SecurePcAv\always_delete.xml
%ProgramFiles%\SecurePcAv Software\SecurePcAv\quarantine\quarantine.xml
%AllUsersProfile%\Desktop\SecurePcAv.lnk
%AllUsersProfile%\Start Menu\Programs\SecurePcAv\1 SecurePcAv.lnk
%AllUsersProfile%\Start Menu\Programs\SecurePcAv\2 Homepage.lnk
%AllUsersProfile%\Start Menu\Programs\SecurePcAv\3 Uninstall.lnk
%UserProfile%\Cookies\userdemo@securepcav[1].txt

Create new registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\SecurePcAv
HKEY_LOCAL_MACHINE\software\SecurePcAv
HKEY_CURRENT_USER\software\SecurePcAv
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “SecurePcAv”
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “SecurePcAv”

Screenshots:

How to remove the infection of SecurePcAv (Adware.Win32.SecurePcAv)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Paladin Antivirus Adware Removal Instructions

emsi — Tue, 09 Feb 2010 16:14:12 +0000

The Emsi Software malware research team has discoverd a new outbreak of the Paladin Antivirus adware. a-squared Anti-Malware detects this malware as Adware.Win32.PaladinAntivirus.

Paladin Antivirus is a rogue application. This rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files:

%ProgramFiles%\Paladin Antivirus\phook.dll
%ProgramFiles%\Paladin Antivirus\uninstall.exe
%ProgramFiles%\Paladin Antivirus\help.ico
%ProgramFiles%\Paladin Antivirus\pav.db
%ProgramFiles%\Paladin Antivirus\pav.exe
%ProgramFiles%\Paladin Antivirus\pavext.dll
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Paladin Antivirus.lnk
%UserProfile%\Desktop\Paladin Antivirus.lnk
%UserProfile%\Desktop\Paladin Antivirus Support.lnk
%UserProfile%\Start Menu\Programs\Paladin Antivirus\Paladin Antivirus.lnk
%UserProfile%\Start Menu\Programs\Paladin Antivirus\Paladin Antivirus Support.lnk
%UserProfile%\Start Menu\Programs\Paladin Antivirus\Uninstall Paladin Antivirus.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Paladin Antivirus
HKEY_LOCAL_MACHINE\software\Paladin Antivirus
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “Paladin Antivirus”

Screenshots:

How to remove the infection of Paladin Antivirus (Adware.Win32.PaladinAntivirus)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Advanced Defender Adware Removal Instructions

emsi — Tue, 09 Feb 2010 15:58:18 +0000

The Emsi Software malware research team has discoverd a new outbreak of the Advanced Defender adware. a-squared Anti-Malware detects this malware as Adware.Win32.AdvancedDefender.

Advanced Defender is a rogue application. This rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files:

%ProgramFiles%\Advanced Defender\baseadd.wdb
%ProgramFiles%\Advanced Defender\conf.wcf
%ProgramFiles%\Advanced Defender\quarant.wdb
%ProgramFiles%\Advanced Defender\queue.wdb
%ProgramFiles%\Advanced Defender\advanceddefender.exe
%ProgramFiles%\Advanced Defender\base.wdb
%AllUsersProfile%\Microsoft PData\track.wid
%UserProfile%\Desktop\Advanced Defender.lnk
%UserProfile%\Start Menu\Programs\Advanced Defender\Advanced Defender.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\Advanced Defender
HKEY_LOCAL_MACHINE\software\Advanced Defender\Soft
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Advanced Defender
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “advanceddefender”

Screenshots:

How to remove the infection of Advanced Defender (Adware.Win32.AdvancedDefender)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Fake Antivirus Adware Removal Instructions

emsi — Mon, 08 Feb 2010 18:04:51 +0000

The Emsi Software malware research team has discoverd a new outbreak of the Fake Antivirus adware. a-squared Anti-Malware detects this malware as Adware.Win32.FakeAntivirus.

“Antivirus”, is name of this rogue application, it come from hxxp://just-protect-pc.info. This rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files:

%ProgramFiles%\Antivirus\AvBho.dll
%ProgramFiles%\Antivirus\Uninstall.exe
%ProgramFiles%\Antivirus\wscsvc32.exe
%ProgramFiles%\Antivirus\Antivirus.exe
%AllUsersProfile%\Desktop\Antivirus.lnk
%AllUsersProfile%\Start Menu\Programs\Antivirus\Antivirus.lnk
%AllUsersProfile%\Start Menu\Programs\Antivirus\Uninstall.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus.lnk
%UserProfile%\Local Settings\Temp\winupd64x.exe

Create new registry entries:

HKEY_LOCAL_MACHINE\software\Antivirus
HKEY_LOCAL_MACHINE\software\Classes\AvBho.AvBhoApp
HKEY_LOCAL_MACHINE\software\Classes\AvBho.AvBhoApp\CLSID
HKEY_LOCAL_MACHINE\software\Classes\AvBho.AvBhoApp\CurVer
HKEY_LOCAL_MACHINE\software\Classes\AvBho.AvBhoApp.1
HKEY_LOCAL_MACHINE\software\Classes\AvBho.AvBhoApp.1\CLSID
HKEY_LOCAL_MACHINE\software\Classes\clsid\{9d541c6a-573b-4888-b35e-6816e68c3620}
HKEY_LOCAL_MACHINE\software\Classes\clsid\{9d541c6a-573b-4888-b35e-6816e68c3620}\InprocServer32
HKEY_LOCAL_MACHINE\software\Classes\clsid\{9d541c6a-573b-4888-b35e-6816e68c3620}\ProgID
HKEY_LOCAL_MACHINE\software\Classes\clsid\{9d541c6a-573b-4888-b35e-6816e68c3620}\Programmable
HKEY_LOCAL_MACHINE\software\Classes\clsid\{9d541c6a-573b-4888-b35e-6816e68c3620}\TypeLib
HKEY_LOCAL_MACHINE\software\Classes\clsid\{9d541c6a-573b-4888-b35e-6816e68c3620}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\software\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}
HKEY_LOCAL_MACHINE\software\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\ProxyStubClsid
HKEY_LOCAL_MACHINE\software\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\software\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\TypeLib
HKEY_LOCAL_MACHINE\software\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}
HKEY_LOCAL_MACHINE\software\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid
HKEY_LOCAL_MACHINE\software\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\software\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib
HKEY_LOCAL_MACHINE\software\Classes\Typelib\{65DA0CE6-30D1-4144-A0B6-59BD01372E26}
HKEY_LOCAL_MACHINE\software\Classes\Typelib\{65DA0CE6-30D1-4144-A0B6-59BD01372E26}\1.0
HKEY_LOCAL_MACHINE\software\Classes\Typelib\{65DA0CE6-30D1-4144-A0B6-59BD01372E26}\1.0\0
HKEY_LOCAL_MACHINE\software\Classes\Typelib\{65DA0CE6-30D1-4144-A0B6-59BD01372E26}\1.0\0\win32
HKEY_LOCAL_MACHINE\software\Classes\Typelib\{65DA0CE6-30D1-4144-A0B6-59BD01372E26}\1.0\FLAGS
HKEY_LOCAL_MACHINE\software\Classes\Typelib\{65DA0CE6-30D1-4144-A0B6-59BD01372E26}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d541c6a-573b-4888-b35e-6816e68c3620}
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Antivirus
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “Antivirus.exe”
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “wscsvc32.exe”

Modify hosts file:

174.142.113.204 just-protect-pc.info
70.38.11.165 review.2009softwarereviews.com
70.38.11.165 a1.review.zdnet.com
70.38.11.165 d1.reviews.cnet.com
70.38.11.165 reviews.toptenreviews.com
70.38.11.165 reviews.download.com
70.38.11.165 reviews.pcadvisor.co.uk
70.38.11.165 reviews.pcmag.com
70.38.11.165 reviews.pcpro.co.uk
70.38.11.165 reviews.reevoo.com
70.38.11.165 reviews.riverstreams.co.uk
70.38.11.165 reviews.techradar.com
70.38.11.165 av2010pro.com
70.38.11.165 review.deutsch.eazel.com
70.38.11.165 reviews.download.softwareload.de
70.38.11.165 r1.downloads.phpnuke.org
70.38.11.165 www.anti.actebis.com
70.38.11.165 www.antivirus-review.channelpartner.de
70.38.11.165 www.reviews.chip.de
70.38.11.165 www.dah5.ppks.net
70.38.11.165 www.test-reviews.softguide.de
70.38.11.165 www.review.virenschutz.ch
70.38.11.165 www.reviews.wave-computer.de
70.38.11.165 www.about.zdnet.de
70.38.11.165 www.soft-review.zdnet1.de
70.38.11.165 reviews.livix.blogspot.com
70.38.11.165 www.review-antivirus.alegsa.com.ar
70.38.11.165 www.ra1.analisis-antivirus.com
70.38.11.165 www.review.antivirusgratis.com.ar
70.38.11.165 www.soft-review.directoriowarez.com
70.38.11.165 www.arbest.grupogeek.com
70.38.11.165 www.best-reviews.pcasalvo.com
70.38.11.165 www.testing-av.pcdecasa.net
70.38.11.165 www.rz-x.wei.cl
70.38.11.165 www.review.yoreparo.com
70.38.11.165 reviews.coprocessing.be
70.38.11.165 lab.descary.com
70.38.11.165 review.fr.brothersoft.com
70.38.11.165 www.antilab-review.01net.com
70.38.11.165 www.review-lab.blogeek.ch
70.38.11.165 www.gr1.clubic.com
70.38.11.165 www.laboratory.commentcamarche.net
70.38.11.165 www.review.generation-nt.com
70.38.11.165 www.top-rev.host.fr
70.38.11.165 www.expert.infos-du-net.com
70.38.11.165 www.review.numerama.com
70.38.11.165 www.lab1-r.starzik.com
70.38.11.165 review-tests.italian.ircfast.com
70.38.11.165 www.labs.b2b24.ilsole24ore.com
70.38.11.165 www.ref1.blogslab.net
70.38.11.165 www.review.dvdprice.it
70.38.11.165 www.reviews.ebizitalia.it
70.38.11.165 www.review-software.hwgadget.com
70.38.11.165 www.exp-test.hwupgrade.it
70.38.11.165 www.full-reiew.lolasoft.it
70.38.11.165 www.dkl23.mondotechblog.com
70.38.11.165 www.antiviruses.sicurezzainrete.com
70.38.11.165 www.top.tomshw.it
70.38.11.165 avangate.com
70.38.11.165 regnow.com
70.38.11.165 shareit.com
70.38.11.165 eSellerate.net

Screenshots:

How to remove the infection of Fake Antivirus (Adware.Win32.FakeAntivirus)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Antivirus Soft Adware Removal Instructions

emsi — Fri, 05 Feb 2010 17:14:44 +0000

The Emsi Software malware research team has discoverd a new outbreak of the Antivirus Soft adware. a-squared Anti-Malware detects this malware as Adware.Win32.AntivirusSoft.

Antivirus Soft is a rogue security program, come from hxxp:// newsoftspot.com. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new file:

%UserProfile%\Local Settings\Application Data\%random%\%random%sftav.exe

Create new registry entries:

HKEY_CURRENT_USER\software\avsoft
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, %random%
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, %random%

Screenshots:

How to remove the infection of Antivirus Soft (Adware.Win32.AntivirusSoft)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

SafePcAv Adware Removal Instructions

emsi — Fri, 05 Feb 2010 16:56:53 +0000

The Emsi Software malware research team has discoverd a new outbreak of the SafePcAv adware. a-squared Anti-Malware detects this malware as Adware.Win32.SafePcAv.

SafePcAv, come from hxxp://www.safepcav.com, is a rogue security program. This is a new variant from Winiguard/Winisoft family. The author of GuardWWW also made GuardWWW, MyPcSecure, PcSecureNet, PcsSecure, APcSafe, APcSecure, ProtectSoldier, ProtectDefender, ArmorDefender, DefendAPc, SysDefenders, InSysSecure, SysProtector, APcDefender, PcProtectar, PcsProtector,… etc. To further convince victims SafePcAv, will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

%ProgramFiles%\SafePcAv Software\SafePcAv\always_delete.xml
%ProgramFiles%\SafePcAv Software\SafePcAv\always_skip.xml
%ProgramFiles%\SafePcAv Software\SafePcAv\main_config.xml
%ProgramFiles%\SafePcAv Software\SafePcAv\SafePcAv.exe
%ProgramFiles%\SafePcAv Software\SafePcAv\uninstall.exe
%ProgramFiles%\SafePcAv Software\SafePcAv\quarantine\quarantine.xml
%AllUsersProfile%\Desktop\SafePcAv.lnk
%AllUsersProfile%\Start Menu\Programs\SafePcAv\1 SafePcAv.lnk
%AllUsersProfile%\Start Menu\Programs\SafePcAv\2 Homepage.lnk
%AllUsersProfile%\Start Menu\Programs\SafePcAv\3 Uninstall.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\SafePcAv
HKEY_LOCAL_MACHINE\software\SafePcAv
HKEY_CURRENT_USER\software\SafePcAv
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “SafePcAv”
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “SafePcAv”

Screenshots:

How to remove the infection of SafePcAv (Adware.Win32.SafePcAv)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

GuardWWW Adware Removal Instructions

emsi — Wed, 03 Feb 2010 17:05:38 +0000

The Emsi Software malware research team has discoverd a new outbreak of the GuardWWW adware. a-squared Anti-Malware detects this malware as Adware.Win32.GuardWWW.

GuardWWW, come from hxxp://www.guardwww.com, is a rogue security program. This is a new variant from Winiguard/Winisoft family. The author of GuardWWW also made MyPcSecure, PcSecureNet, PcsSecure, APcSafe, APcSecure, ProtectSoldier, ProtectDefender, ArmorDefender, DefendAPc, SysDefenders, InSysSecure, SysProtector, APcDefender, PcProtectar, PcsProtector, etc. To further convince victims GuardWWW, will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

%ProgramFiles%\GuardWWW Software\GuardWWW\always_delete.xml
%ProgramFiles%\GuardWWW Software\GuardWWW\always_skip.xml
%ProgramFiles%\GuardWWW Software\GuardWWW\GuardWWW.exe
%ProgramFiles%\GuardWWW Software\GuardWWW\main_config.xml
%ProgramFiles%\GuardWWW Software\GuardWWW\uninstall.exe
%ProgramFiles%\GuardWWW Software\GuardWWW\quarantine\quarantine.xml
%AllUsersProfile%\Desktop\GuardWWW.lnk
%AllUsersProfile%\Start Menu\Programs\GuardWWW\2 Homepage.lnk
%AllUsersProfile%\Start Menu\Programs\GuardWWW\3 Uninstall.lnk
%AllUsersProfile%\Start Menu\Programs\GuardWWW\1 GuardWWW.lnk
%UserProfile%\Cookies\userdemo@guardwww[1].txt

Create new registry entries:

HKEY_LOCAL_MACHINE\software\GuardWWW
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\GuardWWW
HKEY_CURRENT_USER\software\GuardWWW
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “GuardWWW”
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “GuardWWW”

Screenshots:

How to remove the infection of GuardWWW (Adware.Win32.GuardWWW)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

MyPcSecure Adware Removal Instructions

emsi — Mon, 01 Feb 2010 18:26:34 +0000

The Emsi Software malware research team has discoverd a new outbreak of the MyPcSecure adware. a-squared Anti-Malware detects this malware as Adware.Win32.MyPcSecure.

MyPcSecure, come from hxxp://www.mypcsecure.com, is a rogue security program. This is a new variant from Winiguard/Winisoft family. The author of MyPcSecure also made PcSecureNet, PcsSecure, APcSafe, APcSecure, ProtectSoldier, ProtectDefender, ArmorDefender, DefendAPc, SysDefenders, InSysSecure, SysProtector, APcDefender, PcProtectar, PcsProtector, etc. To further convince victims MyPcSecure, will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

%ProgramFiles%\MyPcSecure Software\MyPcSecure\always_delete.xml
%ProgramFiles%\MyPcSecure Software\MyPcSecure\always_skip.xml
%ProgramFiles%\MyPcSecure Software\MyPcSecure\main_config.xml
%ProgramFiles%\MyPcSecure Software\MyPcSecure\MyPcSecure.exe
%ProgramFiles%\MyPcSecure Software\MyPcSecure\uninstall.exe
%ProgramFiles%\MyPcSecure Software\MyPcSecure\quarantine\quarantine.xml
%AllUsersProfile%\Desktop\MyPcSecure.lnk
%AllUsersProfile%\Start Menu\Programs\MyPcSecure\2 Homepage.lnk
%AllUsersProfile%\Start Menu\Programs\MyPcSecure\3 Uninstall.lnk
%AllUsersProfile%\Start Menu\Programs\MyPcSecure\1 MyPcSecure.lnk
%UserProfile%\Cookies\userdemo@mypcsecure[1].txt

Create new registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\MyPcSecure
HKEY_LOCAL_MACHINE\software\MyPcSecure
HKEY_CURRENT_USER\software\MyPcSecure
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “MyPcSecure”
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “MyPcSecure”

Screenshots:

How to remove the infection of MyPcSecure (Adware.Win32.MyPcSecure)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Total PC Defender 2010 Adware Removal Instructions

emsi — Mon, 01 Feb 2010 18:07:51 +0000

The Emsi Software malware research team has discoverd a new outbreak of the Total PC Defender 2010 adware. a-squared Anti-Malware detects this malware as Adware.Win32.TotalPCDefender2010.

Total PC Defender 2010 is a rogue security program. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files:

%ProgramFiles%\Total PC Defender\Total PC Defender.exe
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Total PC Defender.lnk
%UserProfile%\Desktop\Total PC Defender.lnk
%UserProfile%\Start Menu\Total PC Defender\Total PC Defender.lnk

Create new registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Uninstall\Total PC Defender
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “Total PC Defender”

Screenshots:

How to remove the infection of Total PC Defender 2010 (Adware.Win32.TotalPCDefender2010)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

PcSecureNet Adware Removal Instructions

emsi — Thu, 28 Jan 2010 14:06:00 +0000

The Emsi Software malware research team has discoverd a new outbreak of the PcSecureNet adware. a-squared Anti-Malware detects this malware as Adware.Win32.PcSecureNet.

PcSecureNet, come from hxxp://www.pcsecurenet.com, is a rogue security program. This is a new variant from Winiguard/Winisoft family. The author of PcSecureNet also made PcsSecure, APcSafe, APcSecure, ProtectSoldier, ProtectDefender, ArmorDefender, DefendAPc, SysDefenders, InSysSecure, SysProtector, APcDefender, PcProtectar, PcsProtector, GreatDefender, APCProtect, ProtectPcs, SysDefence, TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldier, SoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc. To further convince victims, PcSecureNet will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

%ProgramFiles%\PcSecureNet Software\PcSecureNet\main_config.xml
%ProgramFiles%\PcSecureNet Software\PcSecureNet\PcSecureNet.exe
%ProgramFiles%\PcSecureNet Software\PcSecureNet\uninstall.exe
%SystemRoot%\System32\p6hxvcb5.exe
%SystemRoot%\System32\spool\PRTPROCS\W32X86\000012da.tmp
%SystemRoot%\System32\spool\PRTPROCS\W32X86\0000793d.tmp
%AllUsersProfile%\Desktop\PcSecureNet.lnk
%AllUsersProfile%\Start Menu\Programs\PcSecureNet\1 PcSecureNet.lnk
%AllUsersProfile%\Start Menu\Programs\PcSecureNet\2 Homepage.lnk
%AllUsersProfile%\Start Menu\Programs\PcSecureNet\3 Uninstall.lnk
%UserProfile%\Cookies\userdemo@pcsecurenet[1].txt
%UserProfile%\Local Settings\Temp\0000216e
%UserProfile%\Local Settings\Temp\p6hxvcb5.exe
%UserProfile%\Local Settings\Temp\z6oi395v.exe
%UserProfile%\Local Settings\Temp\00002e31

Create new registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\PcSecureNet
HKEY_LOCAL_MACHINE\software\PcSecureNet
HKEY_CURRENT_USER\software\PcSecureNet
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “PcSecureNet”
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “PcSecureNet”

Screenshots:

How to remove the infection of PcSecureNet (Adware.Win32.PcSecureNet)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

PcsSecure Adware Removal Instructions

emsi — Mon, 25 Jan 2010 15:13:08 +0000

The Emsi Software malware research team has discoverd a new outbreak of the PcsSecure adware. a-squared Anti-Malware detects this malware as Adware.Win32.PcsSecure.

PcsSecure, come from hxxp://www.pcssecure.com, is a rogue security program. This is a new variant from Winiguard/Winisoft family. The author of PcsSecure also made APcSafe, APcSecure, ProtectSoldier, ProtectDefender, ArmorDefender, DefendAPc, SysDefenders, InSysSecure, SysProtector, APcDefender, PcProtectar, PcsProtector, GreatDefender, APCProtect, ProtectPcs, SysDefence, TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldier, SoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc. To further convince victims, PcsSecure will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

%ProgramFiles%\PcsSecure Software\PcsSecure\always_delete.xml
%ProgramFiles%\PcsSecure Software\PcsSecure\always_skip.xml
%ProgramFiles%\PcsSecure Software\PcsSecure\main_config.xml
%ProgramFiles%\PcsSecure Software\PcsSecure\PcsSecure.exe
%ProgramFiles%\PcsSecure Software\PcsSecure\uninstall.exe
%ProgramFiles%\PcsSecure Software\PcsSecure\quarantine\quarantine.xml
%AllUsersProfile%\Desktop\PcsSecure.lnk
%AllUsersProfile%\Start Menu\Programs\PcsSecure\1 PcsSecure.lnk
%AllUsersProfile%\Start Menu\Programs\PcsSecure\2 Homepage.lnk
%AllUsersProfile%\Start Menu\Programs\PcsSecure\3 Uninstall.lnk
%UserProfile%\Cookies\userdemo@pcssecure[1].txt

Create new registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\PcsSecure
HKEY_LOCAL_MACHINE\software\PcsSecure
HKEY_CURRENT_USER\software\PcsSecure
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “PcsSecure”
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “PcsSecure”

Screenshots:

How to remove the infection of PcsSecure (Adware.Win32.PcsSecure)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

APcSafe Adware Removal Instructions

emsi — Mon, 25 Jan 2010 15:00:53 +0000

The Emsi Software malware research team has discoverd a new outbreak of the APcSafe adware. a-squared Anti-Malware detects this malware as Adware.Win32.APcSafe.

APcSafe, come from hxxp://www.apcsafe.com, is a rogue security program. This is a new variant from Winiguard/Winisoft family. The author of APcSafe also made APcSecure, ProtectSoldier, ProtectDefender, ArmorDefender, DefendAPc, SysDefenders, InSysSecure, SysProtector, APcDefender, PcProtectar, PcsProtector, GreatDefender, APCProtect, ProtectPcs, SysDefence, TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldier, SoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc. To further convince victims, APcSafe will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

%ProgramFiles%\APcSafe Software\APcSafe\always_skip.xml
%ProgramFiles%\APcSafe Software\APcSafe\APcSafe.exe
%ProgramFiles%\APcSafe Software\APcSafe\main_config.xml
%ProgramFiles%\APcSafe Software\APcSafe\uninstall.exe
%ProgramFiles%\APcSafe Software\APcSafe\always_delete.xml
%ProgramFiles%\APcSafe Software\APcSafe\quarantine\quarantine.xml
%AllUsersProfile%\Desktop\APcSafe.lnk
%AllUsersProfile%\Start Menu\Programs\APcSafe\1 APcSafe.lnk
%AllUsersProfile%\Start Menu\Programs\APcSafe\2 Homepage.lnk
%AllUsersProfile%\Start Menu\Programs\APcSafe\3 Uninstall.lnk
%UserProfile%\Cookies\userdemo@apcsafe[1].txt

Create new registry entries:

HKEY_LOCAL_MACHINE\software\APcSafe
HKEY_CURRENT_USER\software\APcSafe
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “APcSafe”
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “APcSafe”

Screenshots:

How to remove the infection of APcSafe (Adware.Win32.APcSafe)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

APcSecure Adware Removal Instructions

emsi — Fri, 22 Jan 2010 20:27:51 +0000

The Emsi Software malware research team has discoverd a new outbreak of the APcSecure adware. a-squared Anti-Malware detects this malware as Adware.Win32.APcSecure.

APcSecure, come from hxxp://www.apcsecure.com, is a rogue security program. This is a new variant from Winiguard/Winisoft family. The author of APcSecure also made ProtectSoldier, ProtectDefender, ArmorDefender, DefendAPc, SysDefenders, InSysSecure, SysProtector, APcDefender, PcProtectar, PcsProtector, GreatDefender, APCProtect, ProtectPcs, SysDefence, TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldier, SoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc. To further convince victims, APcSecure will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

%ProgramFiles%\APcSecure Software\APcSecure\APcSecure.exe
%ProgramFiles%\APcSecure Software\APcSecure\main_config.xml
%ProgramFiles%\APcSecure Software\APcSecure\uninstall.exe
%AllUsersProfile%\Desktop\APcSecure.lnk
%AllUsersProfile%\Start Menu\Programs\APcSecure\1 APcSecure.lnk
%AllUsersProfile%\Start Menu\Programs\APcSecure\2 Homepage.lnk
%AllUsersProfile%\Start Menu\Programs\APcSecure\3 Uninstall.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\APcSecure
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\APcSecure
HKEY_CURRENT_USER\software\APcSecure
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “APcSecure”
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “APcSecure”

Screenshots:

How to remove the infection of APcSecure (Adware.Win32.APcSecure)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

ProtectSoldier Adware Removal Instructions

emsi — Thu, 21 Jan 2010 21:07:53 +0000

The Emsi Software malware research team has discoverd a new outbreak of the ProtectSoldier adware. a-squared Anti-Malware detects this malware as Adware.Win32.ProtectSoldier.

ProtectSoldier, come from hxxp://www.protectsoldier.com, is a rogue security program. This is a new variant from Winiguard/Winisoft family. The author of ProtectSoldier also made ProtectDefender, ArmorDefender, DefendAPc, SysDefenders, InSysSecure, SysProtector, APcDefender, PcProtectar, PcsProtector, GreatDefender, APCProtect, ProtectPcs, SysDefence, TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldier, SoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc. To further convince victims, ProtectSoldier will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

%ProgramFiles%\ProtectSoldier Software\ProtectSoldier\always_delete.xml
%ProgramFiles%\ProtectSoldier Software\ProtectSoldier\always_skip.xml
%ProgramFiles%\ProtectSoldier Software\ProtectSoldier\ProtectSoldier.exe
%ProgramFiles%\ProtectSoldier Software\ProtectSoldier\Uninstall.exe
%ProgramFiles%\ProtectSoldier Software\ProtectSoldier\quarantine\quarantine.xml
%UserProfile%\Cookies\userdemo@protectsoldier[2].txt
%UserProfile%\Desktop\ProtectSoldier.lnk
%UserProfile%\Start Menu\Programs\ProtectSoldier.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\ProtectSoldier
HKEY_LOCAL_MACHINE\software\ProtectSoldier
HKEY_CURRENT_USER\software\ProtectSoldier
HKEY_CURRENT_USER\software\ProtectSoldier\agents
HKEY_CURRENT_USER\software\ProtectSoldier\general
HKEY_CURRENT_USER\software\ProtectSoldier\realtime
HKEY_CURRENT_USER\software\ProtectSoldier\scanner
HKEY_CURRENT_USER\software\ProtectSoldier\tasks
HKEY_CURRENT_USER\software\ProtectSoldier\tasks\0
HKEY_CURRENT_USER\software\ProtectSoldier\tasks\1
HKEY_CURRENT_USER\software\ProtectSoldier\updates
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “ProtectSoldier”
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “ProtectSoldier”

Screenshots:

How to remove the infection of ProtectSoldier (Adware.Win32.ProtectSoldier)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

ProtectDefender Adware Removal Instructions

emsi — Wed, 20 Jan 2010 22:33:33 +0000

The Emsi Software malware research team has discoverd a new outbreak of the ProtectDefender adware. a-squared Anti-Malware detects this malware as Adware.Win32.ProtectDefender.

ProtectDefender, come from hxxp://www.protectdefender.com, is a rogue security program. This is a new variant from Winiguard/Winisoft family. The author of ProtectDefender also made ArmorDefender, DefendAPc, SysDefenders, InSysSecure, SysProtector, APcDefender, PcProtectar, PcsProtector, GreatDefender, APCProtect, ProtectPcs, SysDefence, TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldier, SoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc. To further convince victims, ProtectDefender will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

%ProgramFiles%\ProtectDefender Software\ProtectDefender\always_skip.xml
%ProgramFiles%\ProtectDefender Software\ProtectDefender\ProtectDefender.exe
%ProgramFiles%\ProtectDefender Software\ProtectDefender\Uninstall.exe
%ProgramFiles%\ProtectDefender Software\ProtectDefender\always_delete.xml
%ProgramFiles%\ProtectDefender Software\ProtectDefender\quarantine\quarantine.xml
%UserProfile%\Cookies\userdemo@protectdefender[2].txt
%UserProfile%\Desktop\ProtectDefender.lnk
%UserProfile%\Start Menu\Programs\ProtectDefender.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\ProtectDefender
HKEY_CURRENT_USER\software\ProtectDefender
HKEY_CURRENT_USER\software\ProtectDefender\agents
HKEY_CURRENT_USER\software\ProtectDefender\general
HKEY_CURRENT_USER\software\ProtectDefender\realtime
HKEY_CURRENT_USER\software\ProtectDefender\scanner
HKEY_CURRENT_USER\software\ProtectDefender\tasks
HKEY_CURRENT_USER\software\ProtectDefender\tasks\0
HKEY_CURRENT_USER\software\ProtectDefender\tasks\1
HKEY_CURRENT_USER\software\ProtectDefender\updates
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\ProtectDefender
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “ProtectDefender”
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “ProtectDefender”

Screenshots:

How to remove the infection of ProtectDefender (Adware.Win32.ProtectDefender)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

ArmorDefender Adware Removal Instructions

emsi — Tue, 19 Jan 2010 20:58:17 +0000

The Emsi Software malware research team has discoverd a new outbreak of the ArmorDefender adware. a-squared Anti-Malware detects this malware as Adware.Win32.ArmorDefender.

ArmorDefender, come from hxxp://www.armordefender.com, is a rogue security program. This is a new variant from Winiguard/Winisoft family, with a new GUI. The author of ArmorDefender also made DefendAPc, SysDefenders, InSysSecure, SysProtector, APcDefender, PcProtectar, PcsProtector, GreatDefender, APCProtect, ProtectPcs, SysDefence, TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldier, SoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc. To further convince victims, ArmorDefender will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

%ProgramFiles%\ArmorDefender Software\ArmorDefender\Uninstall.exe
%ProgramFiles%\ArmorDefender Software\ArmorDefender\ArmorDefender.exe
%SystemRoot%\system32\kus4.tmp.exe
%UserProfile%\Cookies\userdemo@armordefender[1].txt
%UserProfile%\Desktop\ArmorDefender.lnk
%UserProfile%\Local Settings\Temp\vow3.tmp.exe
%UserProfile%\Local Settings\Temp\kus4.tmp.exe
%UserProfile%\Start Menu\Programs\ArmorDefender.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\ArmorDefender
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\ArmorDefender
HKEY_CURRENT_USER\software\ArmorDefender
HKEY_CURRENT_USER\software\ArmorDefender\agents
HKEY_CURRENT_USER\software\ArmorDefender\general
HKEY_CURRENT_USER\software\ArmorDefender\realtime
HKEY_CURRENT_USER\software\ArmorDefender\scanner
HKEY_CURRENT_USER\software\ArmorDefender\tasks
HKEY_CURRENT_USER\software\ArmorDefender\tasks\0
HKEY_CURRENT_USER\software\ArmorDefender\tasks\1
HKEY_CURRENT_USER\software\ArmorDefender\updates
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “ArmorDefender”
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “ArmorDefender”

Screenshots:

How to remove the infection of ArmorDefender (Adware.Win32.ArmorDefender)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Win Security 360 Adware Removal Instructions

emsi — Mon, 18 Jan 2010 20:55:43 +0000

The Emsi Software malware research team has discoverd a new outbreak of the Win Security 360 adware. a-squared Anti-Malware detects this malware as Adware.Win32.WinSecurity360.

Win Security 360 is a rogue security program. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files:

%ProgramFiles%\WinSecurity360\Win Security 360.url
%ProgramFiles%\WinSecurity360\Win Security 360 Help.url
%ProgramFiles%\WinSecurity360\WinSecurity360.exe
%ProgramFiles%\WinSecurity360\sk.lst
%UserProfile%\Application Data\WinSecurity360\vlc.dat
%UserProfile%\Application Data\WinSecurity360\WinSecurity360.ini
%UserProfile%\Application Data\WinSecurity360\rmd.dat
%UserProfile%\Desktop\Win Security 360.lnk
%UserProfile%\Start Menu\Programs\Startup\Win Security 360.lnk
%UserProfile%\Start Menu\Programs\Win Security 360\Website.lnk
%UserProfile%\Start Menu\Programs\Win Security 360\Win Security 360.lnk
%UserProfile%\Start Menu\Programs\Win Security 360\Win Security 360 Help.lnk

Create new registry entry:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\App Paths\WinSecurity360

Screenshots:

How to remove the infection of Win Security 360 (Adware.Win32.WinSecurity360)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

DefendAPc Adware Removal Instructions

emsi — Mon, 18 Jan 2010 20:46:25 +0000

The Emsi Software malware research team has discoverd a new outbreak of the DefendAPc adware. a-squared Anti-Malware detects this malware as Adware.Win32.DefendAPc.

DefendAPc, come from hxxp://www.defendapc.com, is a rogue scanner program, it shows a fake security center window, shows misleading scan results and fake security alerts. The author of DefendAPc also made SysDefenders, InSysSecure, SysProtector, APcDefender, PcProtectar, PcsProtector, GreatDefender, APCProtect, ProtectPcs, SysDefence, TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldier, SoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc. To further convince victims, DefendAPc will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

%ProgramFiles%\DefendAPc Software\DefendAPc\always_delete.xml
%ProgramFiles%\DefendAPc Software\DefendAPc\always_skip.xml
%ProgramFiles%\DefendAPc Software\DefendAPc\DefendAPc.exe
%ProgramFiles%\DefendAPc Software\DefendAPc\main_config.xml
%ProgramFiles%\DefendAPc Software\DefendAPc\uninstall.exe
%ProgramFiles%\DefendAPc Software\DefendAPc\quarantine\quarantine.xml
%SystemRoot%\System32\spool\PRTPROCS\W32X86\00004e7f.tmp
%AllUsersProfile%\Desktop\DefendAPc.lnk
%AllUsersProfile%\Start Menu\Programs\DefendAPc\2 Homepage.lnk
%AllUsersProfile%\Start Menu\Programs\DefendAPc\3 Uninstall.lnk
%AllUsersProfile%\Start Menu\Programs\DefendAPc\1 DefendAPc.lnk
%UserProfile%\Cookies\userdemo@defendapc[1].txt

Create new registry entries:

HKEY_LOCAL_MACHINE\software\DefendAPc
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\DefendAPc
HKEY_CURRENT_USER\software\DefendAPc
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “DefendAPc”
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “DefendAPc”

Screenshots:

How to remove the infection of DefendAPc (Adware.Win32.DefendAPc)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

SysDefenders Adware Removal Instructions

emsi — Tue, 12 Jan 2010 20:03:45 +0000

The Emsi Software malware research team has discoverd a new outbreak of the SysDefenders adware. a-squared Anti-Malware detects this malware as Adware.Win32.SysDefenders.

SysDefenders, come from hxxp://www.sysdefenders.com, is a rogue scanner program, it shows a fake security center window, shows misleading scan results and fake security alerts. The author of SysDefenders also made InSysSecure, SysProtector, APcDefender, PcProtectar, PcsProtector, GreatDefender, APCProtect, ProtectPcs, SysDefence, TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldier, SoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc. To further convince victims, SysDefenders will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files and folders:

%ProgramFiles%\SysDefenders Software\SysDefenders\main_config.xml
%ProgramFiles%\SysDefenders Software\SysDefenders\SysDefenders.exe
%ProgramFiles%\SysDefenders Software\SysDefenders\uninstall.exe
%AllUsersProfile%\Desktop\SysDefenders.lnk
%AllUsersProfile%\Start Menu\Programs\SysDefenders\1 SysDefenders.lnk
%AllUsersProfile%\Start Menu\Programs\SysDefenders\2 Homepage.lnk
%AllUsersProfile%\Start Menu\Programs\SysDefenders\3 Uninstall.lnk
%UserProfile%\Cookies\userdemo@sysdefenders[1].txt

Create new registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\SysDefenders
HKEY_LOCAL_MACHINE\software\SysDefenders
HKEY_CURRENT_USER\software\SysDefenders
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “SysDefenders”
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “SysDefenders”

Screenshots:

How to remove the infection of SysDefenders (Adware.Win32.SysDefenders)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

InSysSecure Adware Removal Instructions

emsi — Fri, 08 Jan 2010 20:14:21 +0000

The Emsi Software malware research team has discoverd a new outbreak of the InSysSecure adware. a-squared Anti-Malware detects this malware as Adware.Win32.InSysSecure.

InSysSecure, come from hxxp://www.insyssecure.com, is a rogue scanner program, it shows a fake security center window, shows misleading scan results and fake security alerts. The author of InSysSecure also made SysProtector, APcDefender, PcProtectar, PcsProtector, GreatDefender, APCProtect, ProtectPcs, SysDefence, TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldier, SoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc. To further convince victims, InSysSecure will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files and folders:

%ProgramFiles%\InSysSecure Software\InSysSecure\InSysSecure.exe
%ProgramFiles%\InSysSecure Software\InSysSecure\main_config.xml
%ProgramFiles%\InSysSecure Software\InSysSecure\uninstall.exe
%AllUsersProfile%\Desktop\InSysSecure.lnk
%AllUsersProfile%\Start Menu\Programs\InSysSecure\1 InSysSecure.lnk
%AllUsersProfile%\Start Menu\Programs\InSysSecure\2 Homepage.lnk
%AllUsersProfile%\Start Menu\Programs\InSysSecure\3 Uninstall.lnk
%UserProfile%\Cookies\userdemo@insyssecure[1].txt

Create new registry entries:

HKEY_LOCAL_MACHINE\software\InSysSecure
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\InSysSecure
HKEY_CURRENT_USER\software\InSysSecure
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “InSysSecure”
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “InSysSecure”

Screenshots:

How to remove the infection of InSysSecure (Adware.Win32.InSysSecure)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Guard Pro Adware Removal Instructions

emsi — Fri, 08 Jan 2010 20:02:50 +0000

The Emsi Software malware research team has discoverd a new outbreak of the Guard Pro adware. a-squared Anti-Malware detects this malware as Adware.Win32.GuardPro.

GuardPro is a rogue security program. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files and directories (some name of file/directory are random):

%AllUsersProfile%\Application Data\58969\VHf4c.exe
%AllUsersProfile%\Application Data\58969\VHOOK.ico
%AllUsersProfile%\Application Data\VHFEXIAPOOK\VHJRFXAOOK.cfg
%UserProfile%\Application Data\Guard Pro\cookies.sqlite
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Guard Pro.lnk
%UserProfile%\Desktop\Guard Pro.lnk
%UserProfile%\Start Menu\Guard Pro.lnk
%UserProfile%\Start Menu\Programs\Guard Pro.lnk
%SystemRoot%\SYSTEM32\drivers\etc\hosts

Create new registry entries:

HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID
HKEY_LOCAL_MACHINE\software\Classes\trial_16f7c.DocHostUIHandler
HKEY_LOCAL_MACHINE\software\Classes\trial_16f7c.DocHostUIHandler\Clsid
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AdwarePrj.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\agent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AlphaAV
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AlphaAV.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Anti-Virus Professional.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntispywarXP2009.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusPlus
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusPlus.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusPro_2010.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusXP
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusXP.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\antivirusxppro2009.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntiVirus_Pro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\av360.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AVCare.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\brastk.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Cl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\csc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dop.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\frmwrk32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gbn976rl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\homeav2010.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\init32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\MalwareRemoval.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ozn695m5.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsAuxs.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsGui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsSvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsTray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PC_Antispyware2010.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pdfndr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PerAvir.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\personalguard
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\personalguard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\protector.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\qh.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Quick Heal.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\QuickHealCleaner.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rwg
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rwg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SafetyKeeper.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Save.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SaveArmor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SaveDefense.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SaveKeep.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Secure Veteran.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\secureveteran.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Security Center.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SecurityFighter.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\securitysoldier.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smart.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smartprotector.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smrtdefp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SoftSafeness.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spywarexpguard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\TrustWarrior.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tsc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\W3asbas.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\windll32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\windows Police Pro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\xpdeluxe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\xp_antispyware.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\~1.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\~2.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “Guard Pro”

Modify hosts file:

74.125.45.100 4-open-davinci.com
74.125.45.100 securitysoftwarepayments.com
74.125.45.100 privatesecuredpayments.com
74.125.45.100 secure.privatesecuredpayments.com
74.125.45.100 getantivirusplusnow.com
74.125.45.100 secure-plus-payments.com
74.125.45.100 www.getantivirusplusnow.com
74.125.45.100 www.secure-plus-payments.com
74.125.45.100 www.getavplusnow.com
74.125.45.100 safebrowsing-cache.google.com
74.125.45.100 urs.microsoft.com
74.125.45.100 www.securesoftwarebill.com
74.125.45.100 secure.paysecuresystem.com
74.125.45.100 paysoftbillsolution.com
74.125.45.100 protected.maxisoftwaremart.com

Screenshots:

How to remove the infection of GuardPro (Adware.Win32.GuardPro)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

SysProtector Adware Removal Instructions

emsi — Fri, 08 Jan 2010 19:52:03 +0000

The Emsi Software malware research team has discoverd a new outbreak of the SysProtector adware. a-squared Anti-Malware detects this malware as Adware.Win32.SysProtector.

SysProtector, come from hxxp://www.sysprotector.com, is a rogue scanner program, it shows a fake security center window, shows misleading scan results and fake security alerts. The author of SysProtector also made APcDefender, PcProtectar, PcsProtector, GreatDefender, APCProtect, ProtectPcs, SysDefence, TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldier, SoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc. To further convince victims, SysProtector will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files and folders:

%ProgramFiles%\SysProtector Software\SysProtector\SysProtector.exe
%ProgramFiles%\SysProtector Software\SysProtector\uninstall.exe
%ProgramFiles%\SysProtector Software\SysProtector\main_config.xml
%AllUsersProfile%\Desktop\SysProtector.lnk
%AllUsersProfile%\Start Menu\Programs\SysProtector\1 SysProtector.lnk
%AllUsersProfile%\Start Menu\Programs\SysProtector\2 Homepage.lnk
%AllUsersProfile%\Start Menu\Programs\SysProtector\3 Uninstall.lnk
%UserProfile%\Cookies\userdemo@sysprotector[1].txt

Create new registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\SysProtector
HKEY_LOCAL_MACHINE\software\SysProtector
HKEY_CURRENT_USER\software\SysProtector
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “SysProtector”
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “SysProtector”

Screenshots:

How to remove the infection of SysProtector (Adware.Win32.SysProtector)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

APcDefender Adware Removal Instructions

emsi — Thu, 07 Jan 2010 19:54:16 +0000

The Emsi Software malware research team has discoverd a new outbreak of the PcProtectar adware. a-squared Anti-Malware detects this malware as Adware.Win32.APcDefender.

APcDefender, come from hxxp://www.apcdefender.com, is a rogue scanner program, it shows a fake security center window, shows misleading scan results and fake security alerts. The author of APcDefender also made PcProtectar, PcsProtector, GreatDefender, APCProtect, ProtectPcs, SysDefence, TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldier, SoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc. To further convince victims, APcDefender will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files and folders:

%ProgramFiles%\APcDefender Software\APcDefender\APcDefender.exe
%ProgramFiles%\APcDefender Software\APcDefender\main_config.xml
%ProgramFiles%\APcDefender Software\APcDefender\uninstall.exe
%AllUsersProfile%\Desktop\APcDefender.lnk
%AllUsersProfile%\Start Menu\Programs\APcDefender\1 APcDefender.lnk
%AllUsersProfile%\Start Menu\Programs\APcDefender\2 Homepage.lnk
%AllUsersProfile%\Start Menu\Programs\APcDefender\3 Uninstall.lnk
%UserProfile%\Cookies\userdemo@apcdefender[1].txt

Create new registry entries:

HKEY_LOCAL_MACHINE\software\APcDefender
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\APcDefender
HKEY_CURRENT_USER\software\APcDefender
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “APcDefender”
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “APcDefender”

Screenshots:

How to remove the infection of APcDefender (Adware.Win32.APcDefender)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

PcProtectar Adware Removal Instructions

emsi — Wed, 06 Jan 2010 18:45:38 +0000

The Emsi Software malware research team has discoverd a new outbreak of the PcProtectar adware. a-squared Anti-Malware detects this malware as Adware.Win32.PcProtectar.

PcProtectar, come from hxxp://www.pcprotectar.com, is a rogue scanner program, it shows a fake security center window, shows misleading scan results and fake security alerts. The author of PcProtectar also made PcsProtector, GreatDefender, APCProtect, ProtectPcs, SysDefence, TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldier, SoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc. To further convince victims, PcProtectar will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files and folders:

%ProgramFiles%\PCprotectar Software\PCprotectar\PCprotectar.exe
%ProgramFiles%\PCprotectar Software\PCprotectar\uninstall.exe
%ProgramFiles%\PCprotectar Software\PCprotectar\main_config.xml
%AllUsersProfile%\Desktop\PCprotectar.lnk
%AllUsersProfile%\Start Menu\Programs\PCprotectar\1 PCprotectar.lnk
%AllUsersProfile%\Start Menu\Programs\PCprotectar\2 Homepage.lnk
%AllUsersProfile%\Start Menu\Programs\PCprotectar\3 Uninstall.lnk
%UserProfile%\Cookies\userdemo@pcprotectar[1].txt

Create new registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\PCprotectar
HKEY_LOCAL_MACHINE\software\PCprotectar
HKEY_CURRENT_USER\software\PCprotectar
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “PCprotectar”
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “PCprotectar”

Screenshots:

We have something different with this variant, there’s no English.

How to remove the infection of PcProtectar (Adware.Win32.PcProtectar)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

NoMalware Adware Removal Instructions

emsi — Tue, 05 Jan 2010 15:44:49 +0000

The Emsi Software malware research team has discoverd a new outbreak of the NoMalware adware. a-squared Anti-Malware detects this malware as Adware.Win32.NoMalware.

NoMalware is a rogue security program. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

NoMalware sites:

hxxp:// nomalwares.org
hxxp:// nomalwarelab.com
hxxp:// malwaremechanic.com

Create new files and folders:

%ProgramFiles%\NoMalware\NoMalware.exe
%ProgramFiles%\NoMalware\unins000.dat
%ProgramFiles%\NoMalware\unins000.exe
%ProgramFiles%\NoMalware\base.db
%AllUsersProfile%\Desktop\NoMalware.lnk
%AllUsersProfile%\Start Menu\Programs\NoMalware\NoMalware.lnk
%AllUsersProfile%\Start Menu\Programs\NoMalware\Uninstall NoMalware.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\NoMalware.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\NoMalware
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\{6268F50B-D811-4370-8483-C017BC9F0C9F}_is1

Screenshots:

How to remove the infection of NoMalware (Adware.Win32.NoMalware)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

PcsProtector Adware Removal Instructions

emsi — Mon, 04 Jan 2010 20:49:39 +0000

The Emsi Software malware research team has discoverd a new outbreak of the PcsProtector adware. a-squared Anti-Malware detects this malware as Adware.Win32.PcsProtector.

PcsProtector, come from hxxp://www.pcsprotector.com, is a rogue scanner program, it shows a fake security center window, shows misleading scan results and fake security alerts. The author of PcsProtector also made GreatDefender, APCProtect, ProtectPcs, SysDefence, TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldier, SoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc. To further convince victims, PcsProtector will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files and directories:

%ProgramFiles%\PcsProtector Software\PcsProtector\PcsProtector.exe
%ProgramFiles%\PcsProtector Software\PcsProtector\uninstall.exe
%ProgramFiles%\PcsProtector Software\PcsProtector\main_config.xml
%AllUsersProfile%\Desktop\PcsProtector.lnk
%AllUsersProfile%\Start Menu\Programs\PcsProtector\2 Homepage.lnk
%AllUsersProfile%\Start Menu\Programs\PcsProtector\3 Uninstall.lnk
%AllUsersProfile%\Start Menu\Programs\PcsProtector\1 PcsProtector.lnk
%UserProfile%\Cookies\userdemo@pcsprotector[1].txt

Create new registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\PcsProtector
HKEY_LOCAL_MACHINE\software\PcsProtector
HKEY_CURRENT_USER\software\PcsProtector
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “PcsProtector”
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “PcsProtector”

Screenshots:

How to remove the infection of PcsProtector (Adware.Win32.PcsProtector)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

SpyEraser Adware Removal Instructions

emsi — Wed, 30 Dec 2009 19:10:04 +0000

The Emsi Software malware research team has discoverd a new outbreak of the SpyEraser adware. a-squared Anti-Malware detects this malware as Adware.Win32.SpyEraser.

SpyEraser is a rogue scanner program. This fake scanner application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you buy this fraud application.

SpyEraser sites:

hxxp://www. spyeraser-security.com
hxxp://www. spyeraser-trial.com

Create new files and directories:

%ProgramFiles%\SpyEraser\data.dll
%ProgramFiles%\SpyEraser\SpyEraser.exe
%ProgramFiles%\SpyEraser\Uninstall.exe
%AllUsersProfile%\Desktop\SpyEraser.lnk
%AllUsersProfile%\Start Menu\Programs\SpyEraser\SpyEraser\Launch SpyEraser.exe.lnk
%AllUsersProfile%\Start Menu\Programs\SpyEraser\SpyEraser\SpyEraser Uninstall.exe.lnk
%UserProfile%\Local Settings\Application Data\Downloaded Installations\{E5FF35CB-AAE1-4CD6-BFDE-D0BCE9CCBA4C}\SpyEraser.msi
%SystemRoot%\Installer\{6A2724E2-5E36-4F2E-9B3D-4A716774B3F9}\SpyEraser.exe1_5D3FA81F1A6D4924AD5250A57005F147.exe

Create new registry entries:

HKEY_LOCAL_MACHINE\software\Classes\Installer\Features\2E4272A663E5E2F4B9D3A41776473B9F
HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\2E4272A663E5E2F4B9D3A41776473B9F
HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\2E4272A663E5E2F4B9D3A41776473B9F\SourceList
HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\2E4272A663E5E2F4B9D3A41776473B9F\SourceList\Media
HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\2E4272A663E5E2F4B9D3A41776473B9F\SourceList\Net
HKEY_LOCAL_MACHINE\software\Classes\Installer\UpgradeCodes\21B289D0EDBF1BD48A4C39C60AF74DE9
HKEY_LOCAL_MACHINE\software\microsoft\SpyEraser
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\21B289D0EDBF1BD48A4C39C60AF74DE9
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EA061871792C67E4997020ED0AF0253E
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EBAB827A17F9D9B40B5A18854589281C
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2E4272A663E5E2F4B9D3A41776473B9F
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2E4272A663E5E2F4B9D3A41776473B9F\Features
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2E4272A663E5E2F4B9D3A41776473B9F\InstallProperties
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2E4272A663E5E2F4B9D3A41776473B9F\Patches
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2E4272A663E5E2F4B9D3A41776473B9F\Usage
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\{6A2724E2-5E36-4F2E-9B3D-4A716774B3F9}

Screenshots:

How to remove the infection of SpyEraser (Adware.Win32.SpyEraser)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

GreatDefender Adware Removal Instructions

emsi — Wed, 30 Dec 2009 18:47:26 +0000

The Emsi Software malware research team has discoverd a new outbreak of the GreatDefender adware. a-squared Anti-Malware detects this malware as Adware.Win32.GreatDefender.

GreatDefender, come from hxxp://www.greatdefender.com, is a rogue scanner program, it shows a fake security center window, shows misleading scan results and fake security alerts. The author of GreatDefender also made APCProtect, ProtectPcs, SysDefence, TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldier, SoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc. To further convince victims, GreatDefender will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files and directories:

%ProgramFiles%\GreatDefender Software\GreatDefender\GreatDefender.exe
%ProgramFiles%\GreatDefender Software\GreatDefender\main_config.xml
%ProgramFiles%\GreatDefender Software\GreatDefender\uninstall.exe
%AllUsersProfiles%\Desktop\GreatDefender.lnk
%AllUsersProfiles%\Start Menu\Programs\GreatDefender\2 Homepage.lnk
%AllUsersProfiles%\Start Menu\Programs\GreatDefender\3 Uninstall.lnk
%AllUsersProfiles%\Start Menu\Programs\GreatDefender\1 GreatDefender.lnk
%UserProfile%\Cookies\userdemo@greatdefender[1].txt

Create new registry entries:

HKEY_LOCAL_MACHINE\software\GreatDefender
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\GreatDefender
HKEY_CURRENT_USER\software\GreatDefender
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “GreatDefender”
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “GreatDefender”

Screenshots:

How to remove the infection of GreatDefender (Adware.Win32.GreatDefender)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Antivirus PC 2009 Adware Removal Instructions

emsi — Tue, 29 Dec 2009 18:16:10 +0000

The Emsi Software malware research team has discoverd a new outbreak of the Antivirus PC 2009 adware. a-squared Anti-Malware detects this malware as Adware.Win32.AntivirusPC2009.

Antivirus PC 2009 is a rogue scanner program. Once installed, this application will be immediately perform scan action without prior notice. This fake scanner application tries to trick you by displaying misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you buy this fraud application. Be careful with this program, because it not going to protect your computer but will only spend your money.

Create new files and directories:

%ProgramFiles%\Antivirus PC 2009\2.vbs
%ProgramFiles%\Antivirus PC 2009\avpc2009.exe
%ProgramFiles%\Antivirus PC 2009\avpc2009s.exe
%ProgramFiles%\Antivirus PC 2009\bzip2.dll
%ProgramFiles%\Antivirus PC 2009\libltdl3.dll
%ProgramFiles%\Antivirus PC 2009\pthreadVC2.dll
%ProgramFiles%\Antivirus PC 2009\Uninstaller.exe
%ProgramFiles%\Antivirus PC 2009\data\daily.cvd
%ProgramFiles%\Antivirus PC 2009\data\self.hdb
%ProgramFiles%\Antivirus PC 2009\data\
%ProgramFiles%\Antivirus PC 2009\quarantine\
%UserProfile%\Desktop\Antivirus PC 2009.lnk
%UserProfile%\Start Menu\Programs\Antivirus PC 2009.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Antivirus PC 2009
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “Antivirus PC 2009″
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “Antivirus PC 2009″

Screenshots:

How to remove the infection of Antivirus PC 2009 (Adware.Win32.AntivirusPC2009)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Antispyware Shield Pro Adware Removal Instructions

emsi — Mon, 28 Dec 2009 19:39:29 +0000

The Emsi Software malware research team has discoverd a new outbreak of the Antispyware Shield Pro adware. a-squared Anti-Malware detects this malware as Adware.Win32.AntispywareShieldPro.

Antispyware Shield Pro is a rogue scanner program. Once installed, this application will be immediately perform scan action without prior notice. This fake scanner application tries to trick you by displaying misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you buy this fraud application. Be careful with this program, because it not going to protect your computer but will only spend your money.

When installing, it try to make HTTP GET to the following url:

hxxp://scanner.entiresafescripts.net/installation/

The entiresafescripts.net itself will look like this:

Then you will be redirected to the fake scanner:

When running the application, you can see “Official web site” button on the top of the form, and if you click this button, it take you to hxxp://systemcleanerspro.net, and this site will offer you another rogue application, called “SystemCleanerPro“, a-squared Anti-Malware know this as Adware.Win32.SystemCleanerPro.

Create new files and directories:

%ProgramFiles%\Antispyware Shield Pro\License.rtf
%ProgramFiles%\Antispyware Shield Pro\uninst.exe
%ProgramFiles%\Antispyware Shield Pro\antispyshield.exe
%UserProfile%\Desktop\Antispyware Shield Pro.lnk
%UserProfile%\Start Menu\Programs\Antispyware Shield Pro\Antispyware Shield Pro.lnk
%UserProfile%\Start Menu\Programs\Antispyware Shield Pro\Uninstall.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\App Paths\antispyshield.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Antispyware Shield Pro
HKEY_CURRENT_USER\software\Entire Safe Scripts Ltd
HKEY_CURRENT_USER\software\Entire Safe Scripts Ltd\Antispyware Shield Pro

Screenshots:

How to remove the infection of Antispyware Shield Pro (Adware.Win32.AntispywareShieldPro)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

SystemCleanerPro Adware Removal Instructions

emsi — Mon, 28 Dec 2009 18:30:07 +0000

The Emsi Software malware research team has discoverd a new outbreak of the SystemCleanerPro adware. a-squared Anti-Malware detects this malware as Adware.Win32.SystemCleanerPro.

SystemCleanerPro is a rogue scanner program. Once installed, this application will be immediately perform scan action without prior notice. This fake scanner application tries to trick you by displaying misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you buy this fraud application. Be careful with this program, because it not going to protect your computer but will only spend your money.

Create new files and directories:

%ProgramFiles%\SystemCleanerPRO\sysclpro.exe
%ProgramFiles%\SystemCleanerPRO\unins000.dat
%ProgramFiles%\SystemCleanerPRO\unins000.exe
%ProgramFiles%\SystemCleanerPRO\killtask.bat
%AllUsersProfile%\Start Menu\Programs\SystemCleanerPRO\Uninstall SystemCleanerPRO.lnk
%AllUsersProfile%\Start Menu\Programs\SystemCleanerPRO\SystemCleanerPRO.lnk
%AllUsersProfile%\Application Data\AuxCo\
%AllUsersProfile%\Application Data\AuxCo\SystemCleanerPRO\

Create new registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\SystemCleanerPRO_is1
HKEY_CURRENT_USER\software\AuxCo
HKEY_CURRENT_USER\software\AuxCo\SystemCleanerPRO
HKEY_CURRENT_USER\software\AuxCo\SystemCleanerPRO\2.2
HKEY_CURRENT_USER\software\AuxCo\SystemCleanerPRO\2.2\config
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “SystemCleanerPRO”

Screenshots:

How to remove the infection of SystemCleanerPro (Adware.Win32.SystemCleanerPro)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

APCProtect Adware Removal Instructions

emsi — Thu, 24 Dec 2009 18:49:36 +0000

The Emsi Software malware research team has discoverd a new outbreak of the APCProtect adware. a-squared Anti-Malware detects this malware as Adware.Win32.APCProtect.

APCProtect, come from hxxp://www.apcprotect.com, is a rogue scanner program, it shows a fake security center window, shows misleading scan results and fake security alerts. The author of APCProtect also made ProtectPcs, SysDefence, TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldier, SoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc. To further convince victims, APCProtect will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

%ProgramFiles%\APCProtect Software\APCProtect\APCProtect.exe
%ProgramFiles%\APCProtect Software\APCProtect\main_config.xml
%ProgramFiles%\APCProtect Software\APCProtect\uninstall.exe
%AllUsersProfile%\Desktop\APCProtect.lnk
%AllUsersProfile%\Start Menu\Programs\APCProtect\2 Homepage.lnk
%AllUsersProfile%\Start Menu\Programs\APCProtect\3 Uninstall.lnk
%AllUsersProfile%\Start Menu\Programs\APCProtect\1 APCProtect.lnk
%UserProfile%\Cookies\userdemo@apcprotect[1].txt

Create new registry entries:

HKEY_LOCAL_MACHINE\software\APCProtect
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\APCProtect
HKEY_CURRENT_USER\software\APCProtect
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “APCProtect”
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “APCProtect.exe”
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “APCProtect”

Screenshots:

How to remove the infection of APCProtect (Adware.Win32.APCProtect)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

ProtectPcs Adware Removal Instructions

emsi — Mon, 21 Dec 2009 17:22:05 +0000

The Emsi Software malware research team has discoverd a new outbreak of the ProtectPcs adware. a-squared Anti-Malware detects this malware as Adware.Win32.ProtectPcs.

ProtectPcs, come from hxxp://www.protectpcs.com, is a rogue scanner program, it shows a fake security center window, shows misleading scan results and fake security alerts. The author of ProtectPcs also made SysDefence, TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldier, SoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc. To further convince victims, ProtectPcs will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

%ProgramFiles%\ProtectPcs Software\ProtectPcs\ProtectPcs.exe
%ProgramFiles%\ProtectPcs Software\ProtectPcs\uninstall.exe
%ProgramFiles%\ProtectPcs Software\ProtectPcs\main_config.xml
%AllUsersProfile%\Desktop\ProtectPcs.lnk
%AllUsersProfile%\Start Menu\Programs\ProtectPcs\2 Homepage.lnk
%AllUsersProfile%\Start Menu\Programs\ProtectPcs\3 Uninstall.lnk
%AllUsersProfile%\Start Menu\Programs\ProtectPcs\1 ProtectPcs.lnk
%UserProfile%\Cookies\userdemo@protectpcs.txt

Create new registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\ProtectPcs
HKEY_LOCAL_MACHINE\software\ProtectPcs
HKEY_CURRENT_USER\software\ProtectPcs
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “ProtectPcs”
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “ProtectPcs.exe”
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “ProtectPcs”

Screenshots:

How to remove the infection of ProtectPcs (Adware.Win32.ProtectPcs)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Malware Defense Adware Removal Instructions

emsi — Mon, 21 Dec 2009 17:08:45 +0000

The Emsi Software malware research team has discoverd a new outbreak of the Malware Defense adware. a-squared Anti-Malware detects this malware as Adware.Win32.MalwareDefense.

Malware Defense is a rogue scanner program. Once installed, this application will be immediately perform scan action without prior notice. This fake scanner application tries to trick you by displaying misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you buy this fraud application. Be careful with this program, because it not going to protect your computer but will only spend your money.

Create new files:

%ProgramFiles%\Malware Defense\md.db
%ProgramFiles%\Malware Defense\mdefense.exe
%ProgramFiles%\Malware Defense\mdext.dll
%ProgramFiles%\Malware Defense\uninstall.exe
%ProgramFiles%\Malware Defense\help.ico
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Defense.lnk
%UserProfile%\Desktop\Malware Defense ReadMe.txt
%UserProfile%\Desktop\Malware Defense Support.lnk
%UserProfile%\Desktop\Malware Defense.lnk
%UserProfile%\Local Settings\Temp\av.dat
%UserProfile%\Local Settings\Temp\dv.dat
%UserProfile%\Local Settings\Temp\4otjesjty.mof
%UserProfile%\Start Menu\Programs\Malware Defense\Malware Defense Support.lnk
%UserProfile%\Start Menu\Programs\Malware Defense\Uninstall Malware Defense.lnk
%UserProfile%\Start Menu\Programs\Malware Defense\Malware Defense.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\Malware Defense
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Malware Defense
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “Malware Defense”

Screenshots:

How to remove the infection of Malware Defense (Adware.Win32.MalwareDefense)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

SysDefence Adware Removal Instructions

emsi — Fri, 18 Dec 2009 20:01:04 +0000

The Emsi Software malware research team has discoverd a new outbreak of the SysDefence adware. a-squared Anti-Malware detects this malware as Adware.Win32.SysDefence.

SysDefence, come from hxxp://www.sysdefence.com, is a rogue scanner program, it shows a fake security center window, shows misleading scan results and fake security alerts. The author of SysDefence also made TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldier, SoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc. To further convince victims, SysDefence will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

%ProgramFiles%\SysDefence Software\SysDefence\SysDefence.exe
%ProgramFiles%\SysDefence Software\SysDefence\uninstall.exe
%ProgramFiles%\SysDefence Software\SysDefence\main_config.xml
%AllUsersProfile%\Desktop\SysDefence.lnk
%AllUsersProfile%\Start Menu\Programs\SysDefence\1 SysDefence.lnk
%AllUsersProfile%\Start Menu\Programs\SysDefence\2 Homepage.lnk
%AllUsersProfile%\Start Menu\Programs\SysDefence\3 Uninstall.lnk
%UserProfile%\Cookies\userdemo@sysdefence[1].txt
%UserProfile%\Local Settings\Temp\nsq6.tmp\nsProcess.dll

Create new registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\SysDefence
HKEY_LOCAL_MACHINE\software\SysDefence
HKEY_CURRENT_USER\software\SysDefence
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “SysDefence”
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “SysDefence.exe”
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “SysDefence”

Screenshots:

How to remove the infection of SysDefence (Adware.Win32.SysDefence)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

System Adware Scanner 2010 Adware Removal Instructions

emsi — Thu, 17 Dec 2009 15:58:06 +0000

The Emsi Software malware research team has discoverd a new outbreak of the System Adware Scanner 2010 adware. a-squared Anti-Malware detects this malware as Adware.Win32.SystemAdwareScanner2010.

System Adware Scanner 2010, come from hxxp://sysadscanner.com, is a rogue scanner program. Once installed, this application will be immediately perform scan action without prior notice. This fake scanner application tries to trick you by displaying fake warning messages and misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you buy this fraud application. Be careful with this program, because it not going to protect your computer but will only spend your money.

Their site also have a funny things. When we look at the System Adware Scanner 2010 Management Team (hxxp://sysadscanner.com/about.php), we can see this information:

This page tell us some people behind this product. Do not believe it, it’s fake! How do we know it’s fake? Let we do some search on Google from sentence that we found on that page. Example, we try to search “Dale Fuller is a leading technology executive with extensive experience in starting up and growing both technology and consumer businesses”. Then we got this results:

The first results is a page from AVG antivirus company. So, lets click it. Then,

Looks very similar hah? Now, you have proven that the System Adware Scanner 2010 Management Team is a fake!

Interested with this rogue, we decided to dig a little deeper, and loaded it into the debugger. Yep, this rogue is packed and encrypted. The run-time packer will rebuild a new unpacked PE file on the memory. Running this application on virtual environment will get no results, because it have some protection. And this is one of its protection, checking presence of VMware.

This rogue also check the presence of anti-virus/anti-malware on the victim machine, then kill them. Here’s the list (left side are encrypted, and the right side are decrypted):

The encryption algorithm is pretty simple, Caesar Cipher using a left rotation of one places.

And here’s another strings:

The last but not least, we also found this strings:

What is that? Hmmm…let’s check it:

Yes, you’re right! It is their registration key.

“System Adware Scanner 2010: Complete protection for everything you do. For only $25.95“. No, thanks!

Create new files (some name of files/directory are random):

%SystemRoot%\system32\drivers\m4f4a0×0.sys (random)
%AllUsersProfile%\Application Data\m4f4a0×0\m4f4a0×0 (random)
%AllUsersProfile%\Application Data\m4f4a0×0\m4f4a0×0.exe (random)
%AllUsersProfile%\Application Data\m4f4a0×0\m4f4a0×0.i (random)
%UserProfile%\Desktop\System Adware Scanner 2010.lnk
%UserProfile%\Start Menu\Programs\System Adware Scanner\System Adware Scanner 2010.lnk

Create new registry entries (some name of registry entry are random):

HKEY_LOCAL_MACHINE\software\m4f4a0×0 (random)
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\SystemAdwareScanner2010
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\noterminate
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “m4f4a0×0″ (random)

Screenshots:

How to remove the infection of System Adware Scanner 2010 (Adware.Win32.SystemAdwareScanner2010)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

TheDefend Adware Removal Instructions

emsi — Wed, 16 Dec 2009 21:03:35 +0000

The Emsi Software malware research team has discoverd a new outbreak of the TheDefend adware. a-squared Anti-Malware detects this malware as Adware.Win32.TheDefend.

TheDefend, come from hxxp://www.thedefend.com, is a rogue scanner program, it shows a fake security center window, shows misleading scan results and fake security alerts. The author of TheDefend also made GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldier, SoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc. To further convince victims, TheDefend will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

%ProgramFiles%\TheDefend Software\TheDefend\main_config.xml
%ProgramFiles%\TheDefend Software\TheDefend\TheDefend.exe
%ProgramFiles%\TheDefend Software\TheDefend\uninstall.exe
%AllUsersProfile%\Desktop\TheDefend.lnk
%AllUsersProfile%\Start Menu\Programs\TheDefend\3 Uninstall.lnk
%AllUsersProfile%\Start Menu\Programs\TheDefend\1 TheDefend.lnk
%AllUsersProfile%\Start Menu\Programs\TheDefend\2 Homepage.lnk
%UserProfile%\Local Settings\Temp\nsbB.tmp\nsProcess.dll

Create new registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\TheDefend
HKEY_LOCAL_MACHINE\software\TheDefend
HKEY_CURRENT_USER\software\TheDefend
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “TheDefend”
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “TheDefend.exe”
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “TheDefend”

Screenshots:

How to remove the infection of TheDefend (Adware.Win32.TheDefend)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

GuardPcs Adware Removal Instructions

admin — Tue, 15 Dec 2009 18:17:00 +0000

The Emsi Software malware research team has discoverd a new outbreak of the GuardPcs adware. a-squared Anti-Malware detects this malware as Adware.Win32.GuardPcs.

GuardPcs, come from hxxp://www.guardpcs.com, is a rogue scanner program, it shows a fake security center window, shows misleading scan results and fake security alerts. The author of GuardPcs also made TheDefend, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldier, SoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc. To further convince victims, GuardPcs will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

%ProgramFiles%\GuardPcs Software\GuardPcs\GuardPcs.exe
%ProgramFiles%\GuardPcs Software\GuardPcs\main_config.xml
%ProgramFiles%\GuardPcs Software\GuardPcs\uninstall.exe
%AllUsersProfile%\Desktop\GuardPcs.lnk
%AllUsersProfile%\Start Menu\Programs\GuardPcs\2 Homepage.lnk
%AllUsersProfile%\Start Menu\Programs\GuardPcs\3 Uninstall.lnk
%AllUsersProfile%\Start Menu\Programs\GuardPcs\1 GuardPcs.lnk
%UserProfile%\Local Settings\Temp\nsh4.tmp\nsProcess.dll
%UserProfile%\Local Settings\Temp\nsj2.tmp\time.dll

Create new registry entries:

HKEY_LOCAL_MACHINE\software\GuardPcs
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\GuardPcs
HKEY_CURRENT_USER\software\GuardPcs
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “GuardPcs”
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “GuardPcs.exe”
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “GuardPcs”

Screenshots:

How to remove the infection of GuardPcs (Adware.Win32.GuardPcs)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

IGuardPc Adware Removal Instructions

admin — Fri, 11 Dec 2009 20:18:00 +0000

The Emsi Software malware research team has discoverd a new outbreak of the IGuardPc adware. a-squared Anti-Malware detects this malware as Adware.Win32.IGuardPc.

IGuardPc, come from hxxp://www.iguardpc.com, is a rogue scanner program, it shows a fake security center window, shows misleading scan results and fake security alerts. The author of IGuardPc also made TheDefend, GuardPcs, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldier, SoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc. To further convince victims, IGuardPc will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

%ProgramFiles%\IGuardPc Software\IGuardPc\IGuardPc.exe
%ProgramFiles%\IGuardPc Software\IGuardPc\main_config.xml
%ProgramFiles%\IGuardPc Software\IGuardPc\uninstall.exe
%AllUsersProfile%\Desktop\IGuardPc.lnk
%AllUsersProfile%\Start Menu\Programs\IGuardPc\1 IGuardPc.lnk
%AllUsersProfile%\Start Menu\Programs\IGuardPc\2 Homepage.lnk
%AllUsersProfile%\Start Menu\Programs\IGuardPc\3 Uninstall.lnk
%UserProfile%\Cookies\userdemo@iguardpc[1].txt
%UserProfile%\Local Settings\Temp\nsz4.tmp\nsProcess.dll

Create new registry entries:

HKEY_LOCAL_MACHINE|\software\IGuardPc
HKEY_LOCAL_MACHINE|\software\microsoft\Windows\CurrentVersion\Uninstall\IGuardPc
HKEY_CURRENT_USER|\software\IGuardPc
HKEY_LOCAL_MACHINE|\software\microsoft\Windows\CurrentVersion\Run, “IGuardPc”
HKEY_CURRENT_USER|\software\Microsoft\Windows\CurrentVersion\Run, “IGuardPc.exe”
HKEY_CURRENT_USER|\software\Microsoft\Windows\CurrentVersion\Run, “IGuardPc.exe”
HKEY_CURRENT_USER|\software\Microsoft\Windows\CurrentVersion\Run, “IGuardPc”

Screenshots:

How to remove the infection of IGuardPc (Adware.Win32.IGuardPc)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

SiteAdware Adware Removal Instructions

admin — Thu, 10 Dec 2009 19:21:00 +0000

The Emsi Software malware research team has discoverd a new outbreak of the SiteAdware adware. a-squared Anti-Malware detects this malware as Adware.Win32.SiteAdware.

SiteAdware, come from hxxp://www.siteadware.com, is a rogue scanner program, it shows a fake security center window, shows misleading scan results and fake security alerts. The author of SiteAdware also made TheDefend, GuardPcs, IGuardPc, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldier, SoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc. To further convince victims, SiteAdware will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

%ProgramFiles%\SiteAdware Software\SiteAdware\SiteAdware.exe
%ProgramFiles%\SiteAdware Software\SiteAdware\uninstall.exe
%ProgramFiles%\SiteAdware Software\SiteAdware\main_config.xml
%AllUsersProfile%\Desktop\SiteAdware.lnk
%AllUsersProfile%\Start Menu\Programs\SiteAdware\2 Homepage.lnk
%AllUsersProfile%\Start Menu\Programs\SiteAdware\3 Uninstall.lnk
%AllUsersProfile%\Start Menu\Programs\SiteAdware\1 SiteAdware.lnk
%UserProfile%\Local Settings\Temp\nseA.tmp\nsProcess.dll

Create new registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\SiteAdware
HKEY_LOCAL_MACHINE\software\SiteAdware
HKEY_CURRENT_USER\software\SiteAdware
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “SiteAdware”
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “SiteAdware.exe”
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “SiteAdware”

Screenshots:

How to remove the infection of SiteAdware (Adware.Win32.SiteAdware)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Safety Anti-Spyware Adware Removal Instructions

admin — Thu, 10 Dec 2009 19:08:00 +0000

The Emsi Software malware research team has discoverd a new outbreak of the Safety Anti-Spyware adware. a-squared Anti-Malware detects this malware as Adware.Win32.SafetyAntiSpyware.

Safety Anti-Spyware, come from hxxp://safetyantispywareshop.com, is a rogue scanner program. Once installed, this application will be immediately perform scan action without prior notice. This fake scanner application tries to trick you by displaying misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you buy this fraud application. Be careful with this program, because it not going to protect your computer but will only spend your money.

Create new files:

%ProgramFiles%\Safety Anti-Spyware 3\Safety Anti-Spyware 3.exe
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Safety Anti-Spyware 3.lnk
%UserProfile%\Desktop\Safety Anti-Spyware 3.lnk
%UserProfile%\Start Menu\Safety Anti-Spyware 3\Safety Anti-Spyware 3.lnk

Create new registry entries:

HKEY_CURRENT_USER\software\B449DC9C39F1FF5AE14979CE086BB3CA
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Uninstall\Safety Anti-Spyware 3
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “Safety Anti-Spyware 3″

Screenshots:

How to remove the infection of Safety Anti-Spyware (Adware.Win32.SafetyAntiSpyware)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Internet Security 2010 Adware Removal Instructions

admin — Wed, 09 Dec 2009 18:39:00 +0000

The Emsi Software malware research team has discoverd a new outbreak of the Internet Security 2010 adware. a-squared Anti-Malware detects this malware as Adware.Win32.InternetSecurity2010.

Internet Security 2010 is a rogue scanner program. Once installed, this application will be immediately perform scan action without prior notice. This fake scanner application tries to trick you by displaying misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you buy this fraud application. Be careful with this program, because it not going to protect your computer but will only spend your money.

Create new files:

%ProgramFiles%\InternetSecurity2010\IS2010.exe
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnk
%UserProfile%\Desktop\Internet Security 2010.lnk
%UserProfile%\Start Menu\Internet Security 2010.lnk

Create new registry entries:

HKEY_CURRENT_USER\software\IS2010
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “Internet Security 2010″

Screenshots:

How to remove the infection of Internet Security 2010 (Adware.Win32.InternetSecurity2010)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Live PC Care Adware Removal Instructions

emsi — Tue, 08 Dec 2009 16:55:41 +0000

The Emsi Software malware research team has discoverd a new outbreak of the Live PC Care adware. a-squared Anti-Malware detects this malware as Adware.Win32.LivePCCare.

Live PC Care (hxxp://livepcguard.com) is a fraud application that shows false warning messages and misleading scan results. Come from the following family: PC Live Guard, Additional Guard, Enterprise Suite, System Defender, Windows Enterprise Defender, Windows PC Defender, etc. This adware create numerous junk files on your computer, usually at Recent folder, that are used to impersonate malware files. Once the program is running it will scan your computer and then display these files as infections, but will not allow you to remove them until you purchase the program.

The main program will extract several files to (some name of the files and directory for this rogue are random):

%SystemRoot%\system32\DOSX.EXE
%SystemRoot%\system32\HIMEM.SYS
%SystemRoot%\system32\MSCDEXNT.EXE
%SystemRoot%\system32\REDIR.EXE
%SystemRoot%\system32\COMMAND.COM
%SystemRoot%\system32\drivers\etc\hosts
%AllUsersProfile%\Application Data\58969\LPCG.ico
%AllUsersProfile%\Application Data\58969\LPf4c.exe
%AllUsersProfile%\Application Data\LPCGSys\lpcg.cfg
%UserProfile%\Application Data\Live PC Care\cookies.sqlite
%UserProfile%\Application Data\Live PC Care\Instructions.ini
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Live PC Care.lnk
%UserProfile%\Desktop\Live PC Care.lnk
%UserProfile%\Recent\ANTIGEN.sys
%UserProfile%\Recent\energy.tmp
%UserProfile%\Recent\exec.drv
%UserProfile%\Recent\exec.exe
%UserProfile%\Recent\exec.tmp
%UserProfile%\Recent\fan.dll
%UserProfile%\Recent\fan.drv
%UserProfile%\Recent\fan.exe
%UserProfile%\Recent\FS.dll
%UserProfile%\Recent\gid.sys
%UserProfile%\Recent\kernel32.sys
%UserProfile%\Recent\pal.dll
%UserProfile%\Recent\PE.drv
%UserProfile%\Recent\runddl.dll
%UserProfile%\Recent\runddlkey.tmp
%UserProfile%\Recent\ANTIGEN.drv
%UserProfile%\Start Menu\Live PC Care.lnk
%UserProfile%\Start Menu\Programs\Live PC Care.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID
HKEY_LOCAL_MACHINE\software\Classes\xp_aa215.DocHostUIHandler
HKEY_LOCAL_MACHINE\software\Classes\xp_aa215.DocHostUIHandler\Clsid
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\a.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aAvgApi.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AAWTray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\About.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ackwin32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Ad-Aware.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\adaware.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\advxdwin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AdwarePrj.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\agent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\agentsvr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\agentw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\alertsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\alevir.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\alogserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AlphaAV
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AlphaAV.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AluSchedulerSvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\amon9x.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\anti-trojan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Anti-Virus Professional.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntispywarXP2009.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\antivirus.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusPlus
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusPlus.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusPro_2010.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusXP
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusXP.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\antivirusxppro2009.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntiVirus_Pro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ants.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\apimonitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aplica32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\apvxdwin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\arr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Arrakis3.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashAvast.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashBug.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashChest.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashCnsnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashDisp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashLogV.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashMaiSv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashPopWz.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashQuick.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashServ.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashSimp2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashSimpl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashSkPcc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashSkPck.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashUpd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashWebSv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aswChLic.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aswRegSvr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aswRunDll.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aswUpdSv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atcon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atguard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atro55en.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atupdater.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atwatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\au.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aupdate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\auto-protect.nav80try.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\autodown.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\autotrace.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\autoupdate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\av360.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avadmin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AVCare.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avcenter.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avciman.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avconfig.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avconsol.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ave32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AVENGINE.EXE
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgcc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgchk.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgcmgr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgcsrvx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgctrl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgdumpx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgemc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgiproxy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgnsx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgrsx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgscanx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgserv9.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgsrmax.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgtray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgupd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgwdsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avkpop.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avkserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avkservice.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avkwctl9.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avltmain.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avmailc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avmcdlg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avnotify.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avp32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avpcc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avpdos32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avpm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avptc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avpupd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avsched32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avsynmgr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avupgsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AVWEBGRD.EXE
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwin95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwinnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwsc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwupd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwupd32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwupsrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avxmonitor9x.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avxmonitornt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avxquar.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\b.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\backweb.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bargains.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdfvcl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdfvwiz.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\BDInProcPatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdmcon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\BDMsnScan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdreinit.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdsubwiz.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\BDSurvey.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdtkexec.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdwizreg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bd_professional.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\beagle.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\belt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bidef.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bidserver.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bipcp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bipcpevalsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bisp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\blackd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\blackice.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\blink.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\blss.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bootconf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bootwarn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\borg2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bpc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\brasil.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\brastk.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\brw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bs120.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bspatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bundle.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bvt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\c.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cavscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ccapp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ccevtmgr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ccpxysvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ccSvcHst.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cdp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfgwiz.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfiadmin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfiaudit.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfinet.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfinet32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfpconfg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfplogvw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfpupdat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Cl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\claw95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\claw95cf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\clean.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cleaner.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cleaner3.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cleanIELow.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cleanpc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\click.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmd32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmdagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmesys.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmgrdian.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmon016.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\connectionmonitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\control
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cpd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cpf9×206.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cpfnt206.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\crashrep.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\csc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cssconfg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cssupdat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cssurf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ctrl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cwnb181.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cwntdwmo.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\d.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\datemanager.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dcomx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\defalert.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\defscangui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\defwatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\deloeminfs.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\deputy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dllcache.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dllreg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\doors.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dop.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dpf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dpfsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dpps2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\driverctrl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\drwatson.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\drweb32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\drwebupw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dssagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dvp95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dvp95_0.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ecengine.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\efpeadm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\emsw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\esafe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\escanhnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\escanv95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\espwatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ethereal.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\etrustcipe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\evpn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\exantivirus-cnet.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\exe.avxw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\expert.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\explore.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\f-agnt95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\f-prot.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\f-prot95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\f-stopw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fact.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fameh32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fast.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fch32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fih32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\findviru.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\firewall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fixcfg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fixfp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fnrb32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fp-win.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fp-win_trial.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fprot.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\frmwrk32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\frw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsaa.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav530stbyb.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav530wtbyb.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsgk32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsm32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsma32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsmb32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gator.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gbmenu.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gbn976rl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gbpoll.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\generics.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gmt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\guard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\guarddog.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\guardgui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hacktracersetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hbinst.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hbsrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\History.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\homeav2010.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hotactio.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hotpatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\htlog.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\htpatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hwpe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hxdl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hxiul.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iamapp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iamserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iamstats.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ibmasn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ibmavsp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icload95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icloadnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icsupp95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icsuppnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Identity.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\idle.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iedll.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iedriver.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\IEShow.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iface.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ifw2000.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\inetlnfo.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\infus.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\infwin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\init.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\init32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\intdel.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\intren.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iomon98.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\istsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\jammer.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\jdbgmrg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\jedi.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\JsRcGen.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kavlite40eng.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kavpers40eng.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kavpf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kazza.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\keenvalue.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kerio-pf-213-en-win.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kerio-wrl-421-en-win.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kerio-wrp-421-en-win.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\killprocesssetup161.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\launcher.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ldnetmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ldpro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ldpromenu.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ldscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\licmgr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\livesrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lnetinfo.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\loader.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\localnet.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lockdown.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lockdown2000.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lookout.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lordpe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\luall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\luau.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lucomserver.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\luinit.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\luspt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\MalwareRemoval.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mapisvc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcmnhdlr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcmscsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcnasvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcproxy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\McSACore.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcshell.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcshield.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcsysmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mctool.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcupdate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcvsrte.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcvsshld.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\md.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mfin32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mfw2en.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mfweng3.02d30.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mgavrtcl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mgavrte.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mghtml.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mgui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\minilog.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mmod.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\monitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\moolive.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mostat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mpfagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mpfservice.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\MPFSrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mpftray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mrflux.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msa.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msapp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msbb.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msblast.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mscache.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msccn32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mscman.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msconfig
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msdm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msdos.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msiexec16.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mslaugh.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmgt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmsgri32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mssmmc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mssys.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msvxd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mu0311ad.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mwatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\n32scanw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navap.navapsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navapsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navapw32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navdx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navlu32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navstub.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navw32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navwnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nc2000.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ncinst4.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ndd32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\neomonitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\neowatchlog.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netarmor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netd32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netinfo.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netscanpro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netspyhunter-1.2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netutils.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nisserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nisum.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nmain.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nod32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\normist.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\norton_internet_secu_3.0_407.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\notstart.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\npf40_tw_98_nt_me_2k.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\npfmessenger.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nprotect.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\npscheck.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\npssvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nsched32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nssys32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nstask32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nsupdate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ntrtscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ntvdm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ntxconfig.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nupgrade.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nvarch16.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nvc95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nvsvc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nwinst4.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nwservice.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nwtool16.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\OAcat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\OAhlp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\OAReg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\oasrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\oaui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\oaview.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ODSW.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ollydbg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\onsrvr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\optimize.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ostronet.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\otfix.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\outpost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\outpostinstall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\outpostproinstall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ozn695m5.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\padmin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\panixk.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\patch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavcl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PavFnSvr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavproxy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavprsrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavsched.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavsrv51.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pccwin98.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pcfwallicon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pcip10117_0.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pcscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsAuxs.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsGui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsSvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsTray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PC_Antispyware2010.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pdfndr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pdsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PerAvir.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\periscope.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\persfw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\personalguard
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\personalguard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\perswf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pf2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pfwadmin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pgmonitr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pingscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\platin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pop3trap.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\poproxy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\popscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\portdetective.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\portmonitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\powerscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ppinupdt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pptbc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ppvstop.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\prizesurfer.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\prmt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\prmvr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\procdump.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\processmonitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\procexplorerv1.0.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\programauditor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\proport.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\protector.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\protectx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PSANCU.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PSANHost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PSANToManager.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PsCtrls.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PsImSvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PskSvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pspf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PSUNMain.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\purge.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\qconsole.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\qh.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\qserver.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Quick Heal.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\QuickHealCleaner.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rapapp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rav7.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rav7win.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rav8win32eng.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rb32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rcsync.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\realmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\reged.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\regedt32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rescue.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rescue32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rrguard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rscdwld.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rshell.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rtvscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rtvscn95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rulaunch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rwg
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rwg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SafetyKeeper.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\safeweb.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sahagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Save.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SaveArmor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SaveDefense.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SaveKeep.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\savenow.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sbserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scam32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scan32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scan95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scanpm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scrscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\seccenter.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Secure Veteran.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\secureveteran.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Security Center.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SecurityFighter.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\securitysoldier.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\serv95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\setloadorder.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\setupvameeval.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\setup_flowprotector_us.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sgssfw32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sh.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\shellspyinstall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\shield.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\shn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\showbehind.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\signcheck.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smart.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smartprotector.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smrtdefp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sms.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smss32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\snetcfg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\soap.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sofi.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SoftSafeness.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sperm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sphinx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spoler.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spoolcv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spoolsv32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spywarexpguard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spyxx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\srexe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\srng.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ss3edit.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ssgrate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ssg_4104.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\st2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\start.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\stcloader.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\supftrl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\support.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\supporter5.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\svc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\svchostc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\svchosts.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\svshost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sweep95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sweepnet.sweepsrv.sys.swnetsup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\symlcsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\symproxysvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\symtray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\system.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\system32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sysupd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\taskmgr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\taumon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tbscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tca.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tcm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tds-3.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tds2-98.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tds2-nt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\teekids.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tfak.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tfak5.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tgbob.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\titanin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\titaninxp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\TPSrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\trickler.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\trjscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\trjsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\trojantrap3.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\TrustWarrior.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tsadbot.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tsc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tvmd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tvtmd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\uiscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\undoboot.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\updat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\upgrad.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\upgrepl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\utpost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbcmserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbcons.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbust.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbwin9x.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbwinntw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vcsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vet32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vet95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vettray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vfsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vir-help.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\virusmdpersonalfirewall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\VisthAux.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\VisthLic.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\VisthUpd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vnlan300.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vnpc3000.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vpc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vpc42.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vpfw30s.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vptray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vscan40.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vscenu6.02d30.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsched.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsecomr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vshwin32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsisetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsmain.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsstat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vswin9xe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vswinntse.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vswinperse.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\w32dsm89.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\W3asbas.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\w9x.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\watchdog.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\webdav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\WebProxy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\webscanx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\webtrap.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wfindv32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\whoswatchingme.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wimmun32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\win-bugsfix.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\win32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\win32us.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winactive.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\windll32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\window.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\windows Police Pro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\windows.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wininetd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wininitx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winlogin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winmain.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winppr32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winrecon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winservn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winssk32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winstart.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winstart001.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wintsk32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winupdate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wkufind.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wnad.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wradmin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wrctrl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wsbgate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wscfxas.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wscfxav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wscfxfw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wsctool.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wupdater.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wupdt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wyvernworksfirewall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\xpdeluxe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\xpf202en.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\xp_antispyware.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zapro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zapsetup3001.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zatutor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zonalm2601.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zonealarm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\_avpcc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\_avpm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\~1.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\~2.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “Live PC Care”

This rogue application also changes the hosts file:

127.0.0.1 localhost
74.125.45.100 4-open-davinci.com
74.125.45.100 securitysoftwarepayments.com
74.125.45.100 privatesecuredpayments.com
74.125.45.100 secure.privatesecuredpayments.com
74.125.45.100 getantivirusplusnow.com
74.125.45.100 secure-plus-payments.com
74.125.45.100 www.getantivirusplusnow.com
74.125.45.100 www.secure-plus-payments.com
74.125.45.100 www.getavplusnow.com
74.125.45.100 safebrowsing-cache.google.com
74.125.45.100 www.securesoftwarebill.com
74.125.45.100 secure.paysecuresystem.com
74.125.45.100 paysoftbillsolution.com
89.248.168.186 google.ae
89.248.168.186 google.as
89.248.168.186 google.at
89.248.168.186 google.az
89.248.168.186 google.ba
89.248.168.186 google.be
89.248.168.186 google.bg
89.248.168.186 google.bs
89.248.168.186 google.ca
89.248.168.186 google.cd
89.248.168.186 google.com.gh
89.248.168.186 google.com.hk
89.248.168.186 google.com.jm
89.248.168.186 google.com.mx
89.248.168.186 google.com.my
89.248.168.186 google.com.na
89.248.168.186 google.com.nf
89.248.168.186 google.com.ng
89.248.168.186 google.ch
89.248.168.186 google.com.np
89.248.168.186 google.com.pr
89.248.168.186 google.com.qa
89.248.168.186 google.com.sg
89.248.168.186 google.com.tj
89.248.168.186 google.com.tw
89.248.168.186 google.dj
89.248.168.186 google.de
89.248.168.186 google.dk
89.248.168.186 google.dm
89.248.168.186 google.ee
89.248.168.186 google.fi
89.248.168.186 google.fm
89.248.168.186 google.fr
89.248.168.186 google.ge
89.248.168.186 google.gg
89.248.168.186 google.gm
89.248.168.186 google.gr
89.248.168.186 google.ht
89.248.168.186 google.ie
89.248.168.186 google.im
89.248.168.186 google.in
89.248.168.186 google.it
89.248.168.186 google.ki
89.248.168.186 google.la
89.248.168.186 google.li
89.248.168.186 google.lv
89.248.168.186 google.ma
89.248.168.186 google.ms
89.248.168.186 google.mu
89.248.168.186 google.mw
89.248.168.186 google.nl
89.248.168.186 google.no
89.248.168.186 google.nr
89.248.168.186 google.nu
89.248.168.186 google.pl
89.248.168.186 google.pn
89.248.168.186 google.pt
89.248.168.186 google.ro
89.248.168.186 google.ru
89.248.168.186 google.rw
89.248.168.186 google.sc
89.248.168.186 google.se
89.248.168.186 google.sh
89.248.168.186 google.si
89.248.168.186 google.sm
89.248.168.186 google.sn
89.248.168.186 google.st
89.248.168.186 google.tl
89.248.168.186 google.tm
89.248.168.186 google.tt
89.248.168.186 google.us
89.248.168.186 google.vu
89.248.168.186 google.ws
89.248.168.186 google.co.ck
89.248.168.186 google.co.id
89.248.168.186 google.co.il
89.248.168.186 google.co.in
89.248.168.186 google.co.jp
89.248.168.186 google.co.kr
89.248.168.186 google.co.ls
89.248.168.186 google.co.ma
89.248.168.186 google.co.nz
89.248.168.186 google.co.tz
89.248.168.186 google.co.ug
89.248.168.186 google.co.uk
89.248.168.186 google.co.za
89.248.168.186 google.co.zm
89.248.168.186 google.com
89.248.168.186 google.com.af
89.248.168.186 google.com.ag
89.248.168.186 google.com.ar
89.248.168.186 google.com.au
89.248.168.186 google.com.bn
89.248.168.186 google.com.br
89.248.168.186 google.com.by
89.248.168.186 google.com.bz
89.248.168.186 google.com.cu
89.248.168.186 google.com.ec
89.248.168.186 google.com.fj
89.248.168.186 www.google.ae
89.248.168.186 www.google.as
89.248.168.186 www.google.at
89.248.168.186 www.google.az
89.248.168.186 www.google.ba
89.248.168.186 www.google.be
89.248.168.186 www.google.bg
89.248.168.186 www.google.bs
89.248.168.186 www.google.ca
89.248.168.186 www.google.cd
89.248.168.186 www.google.com.gh
89.248.168.186 www.google.com.hk
89.248.168.186 www.google.com.jm
89.248.168.186 www.google.com.mx
89.248.168.186 www.google.com.my
89.248.168.186 www.google.com.na
89.248.168.186 www.google.com.nf
89.248.168.186 www.google.com.ng
89.248.168.186 www.google.ch
89.248.168.186 www.google.com.np
89.248.168.186 www.google.com.pr
89.248.168.186 www.google.com.qa
89.248.168.186 www.google.com.sg
89.248.168.186 www.google.com.tj
89.248.168.186 www.google.com.tw
89.248.168.186 www.google.dj
89.248.168.186 www.google.de
89.248.168.186 www.google.dk
89.248.168.186 www.google.dm
89.248.168.186 www.google.ee
89.248.168.186 www.google.fi
89.248.168.186 www.google.fm
89.248.168.186 www.google.fr
89.248.168.186 www.google.ge
89.248.168.186 www.google.gg
89.248.168.186 www.google.gm
89.248.168.186 www.google.gr
89.248.168.186 www.google.ht
89.248.168.186 www.google.ie
89.248.168.186 www.google.im
89.248.168.186 www.google.in
89.248.168.186 www.google.it
89.248.168.186 www.google.ki
89.248.168.186 www.google.la
89.248.168.186 www.google.li
89.248.168.186 www.google.lv
89.248.168.186 www.google.ma
89.248.168.186 www.google.ms
89.248.168.186 www.google.mu
89.248.168.186 www.google.mw
89.248.168.186 www.google.nl
89.248.168.186 www.google.no
89.248.168.186 www.google.nr
89.248.168.186 www.google.nu
89.248.168.186 www.google.pl
89.248.168.186 www.google.pn
89.248.168.186 www.google.pt
89.248.168.186 www.google.ro
89.248.168.186 www.google.ru
89.248.168.186 www.google.rw
89.248.168.186 www.google.sc
89.248.168.186 www.google.se
89.248.168.186 www.google.sh
89.248.168.186 www.google.si
89.248.168.186 www.google.sm
89.248.168.186 www.google.sn
89.248.168.186 www.google.st
89.248.168.186 www.google.tl
89.248.168.186 www.google.tm
89.248.168.186 www.google.tt
89.248.168.186 www.google.us
89.248.168.186 www.google.vu
89.248.168.186 www.google.ws
89.248.168.186 www.google.co.ck
89.248.168.186 www.google.co.id
89.248.168.186 www.google.co.il
89.248.168.186 www.google.co.in
89.248.168.186 www.google.co.jp
89.248.168.186 www.google.co.kr
89.248.168.186 www.google.co.ls
89.248.168.186 www.google.co.ma
89.248.168.186 www.google.co.nz
89.248.168.186 www.google.co.tz
89.248.168.186 www.google.co.ug
89.248.168.186 www.google.co.uk
89.248.168.186 www.google.co.za
89.248.168.186 www.google.co.zm
89.248.168.186 www.google.com
89.248.168.186 www.google.com.af
89.248.168.186 www.google.com.ag
89.248.168.186 www.google.com.ar
89.248.168.186 www.google.com.au
89.248.168.186 www.google.com.bn
89.248.168.186 www.google.com.br
89.248.168.186 www.google.com.by
89.248.168.186 www.google.com.bz
89.248.168.186 www.google.com.cu
89.248.168.186 www.google.com.ec
89.248.168.186 www.google.com.fj
89.248.168.186 google.com
89.248.168.186 www.google.com
89.248.168.186 bing.com
89.248.168.186 www.bing.com
89.248.168.186 search.yahoo.com
89.248.168.186 www.search.yahoo.com
89.248.168.186 search.live.com
89.248.168.186 search.msn.com

Screenshots:

How to remove the infection of Live PC Care (Adware.Win32.LivePCCare)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

PC Live Guard Adware Removal Instructions

emsi — Tue, 08 Dec 2009 16:36:17 +0000

The Emsi Software malware research team has discoverd a new outbreak of the PC Live Guard adware. a-squared Anti-Malware detects this malware as Adware.Win32.PCLiveGuard.

PC Live Guard (hxxp://pcliveguard.com) is a fraud application that shows false warning messages and misleading scan results. Come from the following family: Live PC Care, Additional Guard, Enterprise Suite, System Defender, Windows Enterprise Defender, Windows PC Defender, etc. This adware create numerous junk files on your computer, usually at Recent folder, that are used to impersonate malware files. Once the program is running it will scan your computer and then display these files as infections, but will not allow you to remove them until you purchase the program.

The main program will extract several files to (some name of the files and directory for this rogue are random):

%SystemRoot%\system32\COMMAND.COM
%SystemRoot%\system32\DOSX.EXE
%SystemRoot%\system32\HIMEM.SYS
%SystemRoot%\system32\MSCDEXNT.EXE
%SystemRoot%\system32\REDIR.EXE
%SystemRoot%\system32\drivers\etc\hosts
%AllUsersProfile%\Application Data\58969\PCLG.ico
%AllUsersProfile%\Application Data\58969\PCf4c.exe
%AllUsersProfile%\Application Data\PCOSOXTLLG\PCYKMWLG.cfg
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Live Guard.lnk
%UserProfile%\Application Data\PC Live Guard\Instructions.ini
%UserProfile%\Application Data\PC Live Guard\cookies.sqlite
%UserProfile%\Desktop\PC Live Guard.lnk
%UserProfile%\Recent\ddv.sys
%UserProfile%\Recent\exec.exe
%UserProfile%\Recent\fix.drv
%UserProfile%\Recent\gid.exe
%UserProfile%\Recent\grid.dll
%UserProfile%\Recent\pal.dll
%UserProfile%\Recent\pal.exe
%UserProfile%\Recent\PE.drv
%UserProfile%\Recent\PE.sys
%UserProfile%\Recent\SICKBOY.sys
%UserProfile%\Recent\ANTIGEN.sys
%UserProfile%\Recent\cb.drv
%UserProfile%\Start Menu\PC Live Guard.lnk
%UserProfile%\Start Menu\Programs\PC Live Guard.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID
HKEY_LOCAL_MACHINE\software\Classes\xp_a1147.DocHostUIHandler
HKEY_LOCAL_MACHINE\software\Classes\xp_a1147.DocHostUIHandler\Clsid
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\a.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aAvgApi.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AAWTray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\About.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ackwin32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Ad-Aware.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\adaware.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\advxdwin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AdwarePrj.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\agent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\agentsvr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\agentw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\alertsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\alevir.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\alogserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AlphaAV
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AlphaAV.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AluSchedulerSvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\amon9x.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\anti-trojan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Anti-Virus Professional.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntispywarXP2009.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\antivirus.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusPlus
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusPlus.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusPro_2010.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusXP
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusXP.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\antivirusxppro2009.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntiVirus_Pro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ants.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\apimonitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aplica32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\apvxdwin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\arr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Arrakis3.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashAvast.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashBug.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashChest.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashCnsnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashDisp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashLogV.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashMaiSv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashPopWz.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashQuick.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashServ.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashSimp2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashSimpl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashSkPcc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashSkPck.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashUpd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashWebSv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aswChLic.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aswRegSvr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aswRunDll.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aswUpdSv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atcon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atguard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atro55en.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atupdater.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atwatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\au.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aupdate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\auto-protect.nav80try.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\autodown.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\autotrace.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\autoupdate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\av360.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avadmin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AVCare.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avcenter.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avciman.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avconfig.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avconsol.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ave32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AVENGINE.EXE
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgcc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgchk.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgcmgr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgcsrvx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgctrl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgdumpx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgemc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgiproxy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgnsx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgrsx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgscanx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgserv9.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgsrmax.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgtray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgupd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgwdsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avkpop.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avkserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avkservice.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avkwctl9.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avltmain.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avmailc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avmcdlg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avnotify.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avp32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avpcc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avpdos32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avpm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avptc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avpupd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avsched32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avsynmgr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avupgsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AVWEBGRD.EXE
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwin95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwinnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwsc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwupd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwupd32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwupsrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avxmonitor9x.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avxmonitornt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avxquar.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\b.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\backweb.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bargains.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdfvcl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdfvwiz.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\BDInProcPatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdmcon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\BDMsnScan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdreinit.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdsubwiz.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\BDSurvey.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdtkexec.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdwizreg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bd_professional.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\beagle.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\belt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bidef.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bidserver.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bipcp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bipcpevalsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bisp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\blackd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\blackice.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\blink.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\blss.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bootconf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bootwarn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\borg2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bpc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\brasil.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\brastk.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\brw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bs120.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bspatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bundle.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bvt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\c.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cavscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ccapp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ccevtmgr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ccpxysvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ccSvcHst.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cdp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfgwiz.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfiadmin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfiaudit.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfinet.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfinet32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfpconfg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfplogvw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfpupdat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Cl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\claw95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\claw95cf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\clean.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cleaner.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cleaner3.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cleanIELow.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cleanpc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\click.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmd32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmdagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmesys.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmgrdian.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmon016.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\connectionmonitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\control
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cpd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cpf9×206.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cpfnt206.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\crashrep.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\csc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cssconfg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cssupdat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cssurf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ctrl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cwnb181.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cwntdwmo.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\d.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\datemanager.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dcomx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\defalert.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\defscangui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\defwatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\deloeminfs.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\deputy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dllcache.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dllreg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\doors.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dop.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dpf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dpfsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dpps2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\driverctrl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\drwatson.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\drweb32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\drwebupw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dssagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dvp95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dvp95_0.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ecengine.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\efpeadm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\emsw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\esafe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\escanhnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\escanv95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\espwatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ethereal.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\etrustcipe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\evpn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\exantivirus-cnet.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\exe.avxw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\expert.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\explore.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\f-agnt95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\f-prot.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\f-prot95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\f-stopw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fact.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fameh32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fast.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fch32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fih32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\findviru.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\firewall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fixcfg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fixfp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fnrb32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fp-win.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fp-win_trial.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fprot.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\frmwrk32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\frw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsaa.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav530stbyb.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav530wtbyb.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsgk32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsm32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsma32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsmb32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gator.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gbmenu.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gbn976rl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gbpoll.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\generics.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gmt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\guard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\guarddog.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\guardgui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hacktracersetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hbinst.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hbsrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\History.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\homeav2010.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hotactio.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hotpatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\htlog.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\htpatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hwpe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hxdl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hxiul.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iamapp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iamserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iamstats.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ibmasn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ibmavsp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icload95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icloadnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icsupp95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icsuppnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Identity.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\idle.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iedll.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iedriver.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\IEShow.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iface.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ifw2000.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\inetlnfo.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\infus.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\infwin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\init.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\init32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\intdel.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\intren.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iomon98.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\istsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\jammer.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\jdbgmrg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\jedi.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\JsRcGen.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kavlite40eng.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kavpers40eng.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kavpf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kazza.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\keenvalue.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kerio-pf-213-en-win.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kerio-wrl-421-en-win.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kerio-wrp-421-en-win.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\killprocesssetup161.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\launcher.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ldnetmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ldpro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ldpromenu.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ldscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\licmgr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\livesrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lnetinfo.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\loader.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\localnet.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lockdown.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lockdown2000.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lookout.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lordpe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\luall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\luau.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lucomserver.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\luinit.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\luspt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\MalwareRemoval.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mapisvc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcmnhdlr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcmscsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcnasvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcproxy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\McSACore.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcshell.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcshield.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcsysmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mctool.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcupdate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcvsrte.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcvsshld.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\md.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mfin32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mfw2en.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mfweng3.02d30.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mgavrtcl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mgavrte.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mghtml.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mgui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\minilog.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mmod.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\monitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\moolive.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mostat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mpfagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mpfservice.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\MPFSrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mpftray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mrflux.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msa.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msapp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msbb.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msblast.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mscache.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msccn32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mscman.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msconfig
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msdm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msdos.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msiexec16.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mslaugh.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmgt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmsgri32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mssmmc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mssys.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msvxd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mu0311ad.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mwatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\n32scanw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navap.navapsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navapsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navapw32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navdx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navlu32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navstub.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navw32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navwnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nc2000.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ncinst4.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ndd32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\neomonitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\neowatchlog.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netarmor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netd32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netinfo.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netscanpro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netspyhunter-1.2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netutils.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nisserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nisum.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nmain.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nod32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\normist.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\norton_internet_secu_3.0_407.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\notstart.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\npf40_tw_98_nt_me_2k.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\npfmessenger.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nprotect.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\npscheck.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\npssvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nsched32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nssys32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nstask32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nsupdate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ntrtscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ntvdm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ntxconfig.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nupgrade.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nvarch16.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nvc95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nvsvc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nwinst4.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nwservice.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nwtool16.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\OAcat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\OAhlp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\OAReg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\oasrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\oaui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\oaview.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ODSW.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ollydbg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\onsrvr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\optimize.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ostronet.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\otfix.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\outpost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\outpostinstall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\outpostproinstall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ozn695m5.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\padmin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\panixk.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\patch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavcl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PavFnSvr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavproxy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavprsrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavsched.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavsrv51.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pccwin98.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pcfwallicon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pcip10117_0.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pcscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsAuxs.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsGui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsSvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsTray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PC_Antispyware2010.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pdfndr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pdsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PerAvir.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\periscope.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\persfw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\personalguard
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\personalguard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\perswf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pf2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pfwadmin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pgmonitr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pingscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\platin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pop3trap.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\poproxy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\popscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\portdetective.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\portmonitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\powerscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ppinupdt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pptbc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ppvstop.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\prizesurfer.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\prmt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\prmvr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\procdump.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\processmonitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\procexplorerv1.0.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\programauditor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\proport.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\protector.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\protectx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PSANCU.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PSANHost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PSANToManager.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PsCtrls.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PsImSvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PskSvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pspf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PSUNMain.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\purge.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\qconsole.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\qh.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\qserver.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Quick Heal.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\QuickHealCleaner.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rapapp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rav7.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rav7win.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rav8win32eng.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rb32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rcsync.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\realmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\reged.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\regedt32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rescue.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rescue32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rrguard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rscdwld.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rshell.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rtvscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rtvscn95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rulaunch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rwg
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rwg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SafetyKeeper.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\safeweb.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sahagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Save.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SaveArmor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SaveDefense.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SaveKeep.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\savenow.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sbserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scam32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scan32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scan95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scanpm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scrscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\seccenter.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Secure Veteran.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\secureveteran.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Security Center.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SecurityFighter.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\securitysoldier.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\serv95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\setloadorder.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\setupvameeval.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\setup_flowprotector_us.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sgssfw32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sh.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\shellspyinstall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\shield.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\shn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\showbehind.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\signcheck.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smart.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smartprotector.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smrtdefp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sms.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smss32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\snetcfg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\soap.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sofi.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SoftSafeness.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sperm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sphinx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spoler.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spoolcv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spoolsv32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spywarexpguard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spyxx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\srexe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\srng.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ss3edit.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ssgrate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ssg_4104.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\st2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\start.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\stcloader.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\supftrl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\support.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\supporter5.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\svc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\svchostc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\svchosts.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\svshost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sweep95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sweepnet.sweepsrv.sys.swnetsup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\symlcsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\symproxysvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\symtray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\system.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\system32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sysupd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\taskmgr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\taumon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tbscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tca.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tcm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tds-3.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tds2-98.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tds2-nt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\teekids.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tfak.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tfak5.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tgbob.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\titanin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\titaninxp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\TPSrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\trickler.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\trjscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\trjsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\trojantrap3.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\TrustWarrior.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tsadbot.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tsc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tvmd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tvtmd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\uiscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\undoboot.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\updat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\upgrad.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\upgrepl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\utpost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbcmserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbcons.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbust.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbwin9x.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbwinntw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vcsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vet32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vet95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vettray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vfsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vir-help.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\virusmdpersonalfirewall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\VisthAux.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\VisthLic.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\VisthUpd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vnlan300.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vnpc3000.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vpc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vpc42.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vpfw30s.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vptray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vscan40.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vscenu6.02d30.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsched.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsecomr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vshwin32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsisetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsmain.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsstat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vswin9xe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vswinntse.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vswinperse.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\w32dsm89.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\W3asbas.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\w9x.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\watchdog.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\webdav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\WebProxy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\webscanx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\webtrap.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wfindv32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\whoswatchingme.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wimmun32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\win-bugsfix.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\win32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\win32us.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winactive.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\windll32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\window.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\windows Police Pro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\windows.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wininetd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wininitx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winlogin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winmain.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winppr32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winrecon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winservn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winssk32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winstart.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winstart001.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wintsk32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winupdate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wkufind.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wnad.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wradmin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wrctrl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wsbgate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wscfxas.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wscfxav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wscfxfw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wsctool.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wupdater.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wupdt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wyvernworksfirewall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\xpdeluxe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\xpf202en.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\xp_antispyware.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zapro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zapsetup3001.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zatutor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zonalm2601.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zonealarm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\_avpcc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\_avpm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\~1.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\~2.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “PC Live Guard”

This rogue application also changes the hosts file:

127.0.0.1 localhost
74.125.45.100 4-open-davinci.com
74.125.45.100 securitysoftwarepayments.com
74.125.45.100 privatesecuredpayments.com
74.125.45.100 secure.privatesecuredpayments.com
74.125.45.100 getantivirusplusnow.com
74.125.45.100 secure-plus-payments.com
74.125.45.100 www.getantivirusplusnow.com
74.125.45.100 www.secure-plus-payments.com
74.125.45.100 www.getavplusnow.com
74.125.45.100 safebrowsing-cache.google.com
74.125.45.100 urs.microsoft.com
74.125.45.100 www.securesoftwarebill.com
74.125.45.100 secure.paysecuresystem.com
74.125.45.100 paysoftbillsolution.com
74.125.45.100 protected.maxisoftwaremart.com
93.174.89.11 google.ae
93.174.89.11 google.as
93.174.89.11 google.at
93.174.89.11 google.az
93.174.89.11 google.ba
93.174.89.11 google.be
93.174.89.11 google.bg
93.174.89.11 google.bs
93.174.89.11 google.ca
93.174.89.11 google.cd
93.174.89.11 google.com.gh
93.174.89.11 google.com.hk
93.174.89.11 google.com.jm
93.174.89.11 google.com.mx
93.174.89.11 google.com.my
93.174.89.11 google.com.na
93.174.89.11 google.com.nf
93.174.89.11 google.com.ng
93.174.89.11 google.ch
93.174.89.11 google.com.np
93.174.89.11 google.com.pr
93.174.89.11 google.com.qa
93.174.89.11 google.com.sg
93.174.89.11 google.com.tj
93.174.89.11 google.com.tw
93.174.89.11 google.dj
93.174.89.11 google.de
93.174.89.11 google.dk
93.174.89.11 google.dm
93.174.89.11 google.ee
93.174.89.11 google.fi
93.174.89.11 google.fm
93.174.89.11 google.fr
93.174.89.11 google.ge
93.174.89.11 google.gg
93.174.89.11 google.gm
93.174.89.11 google.gr
93.174.89.11 google.ht
93.174.89.11 google.ie
93.174.89.11 google.im
93.174.89.11 google.in
93.174.89.11 google.it
93.174.89.11 google.ki
93.174.89.11 google.la
93.174.89.11 google.li
93.174.89.11 google.lv
93.174.89.11 google.ma
93.174.89.11 google.ms
93.174.89.11 google.mu
93.174.89.11 google.mw
93.174.89.11 google.nl
93.174.89.11 google.no
93.174.89.11 google.nr
93.174.89.11 google.nu
93.174.89.11 google.pl
93.174.89.11 google.pn
93.174.89.11 google.pt
93.174.89.11 google.ro
93.174.89.11 google.ru
93.174.89.11 google.rw
93.174.89.11 google.sc
93.174.89.11 google.se
93.174.89.11 google.sh
93.174.89.11 google.si
93.174.89.11 google.sm
93.174.89.11 google.sn
93.174.89.11 google.st
93.174.89.11 google.tl
93.174.89.11 google.tm
93.174.89.11 google.tt
93.174.89.11 google.us
93.174.89.11 google.vu
93.174.89.11 google.ws
93.174.89.11 google.co.ck
93.174.89.11 google.co.id
93.174.89.11 google.co.il
93.174.89.11 google.co.in
93.174.89.11 google.co.jp
93.174.89.11 google.co.kr
93.174.89.11 google.co.ls
93.174.89.11 google.co.ma
93.174.89.11 google.co.nz
93.174.89.11 google.co.tz
93.174.89.11 google.co.ug
93.174.89.11 google.co.uk
93.174.89.11 google.co.za
93.174.89.11 google.co.zm
93.174.89.11 google.com
93.174.89.11 google.com.af
93.174.89.11 google.com.ag
93.174.89.11 google.com.ar
93.174.89.11 google.com.au
93.174.89.11 google.com.bn
93.174.89.11 google.com.br
93.174.89.11 google.com.by
93.174.89.11 google.com.bz
93.174.89.11 google.com.cu
93.174.89.11 google.com.ec
93.174.89.11 google.com.fj
93.174.89.11 www.google.ae
93.174.89.11 www.google.as
93.174.89.11 www.google.at
93.174.89.11 www.google.az
93.174.89.11 www.google.ba
93.174.89.11 www.google.be
93.174.89.11 www.google.bg
93.174.89.11 www.google.bs
93.174.89.11 www.google.ca
93.174.89.11 www.google.cd
93.174.89.11 www.google.com.gh
93.174.89.11 www.google.com.hk
93.174.89.11 www.google.com.jm
93.174.89.11 www.google.com.mx
93.174.89.11 www.google.com.my
93.174.89.11 www.google.com.na
93.174.89.11 www.google.com.nf
93.174.89.11 www.google.com.ng
93.174.89.11 www.google.ch
93.174.89.11 www.google.com.np
93.174.89.11 www.google.com.pr
93.174.89.11 www.google.com.qa
93.174.89.11 www.google.com.sg
93.174.89.11 www.google.com.tj
93.174.89.11 www.google.com.tw
93.174.89.11 www.google.dj
93.174.89.11 www.google.de
93.174.89.11 www.google.dk
93.174.89.11 www.google.dm
93.174.89.11 www.google.ee
93.174.89.11 www.google.fi
93.174.89.11 www.google.fm
93.174.89.11 www.google.fr
93.174.89.11 www.google.ge
93.174.89.11 www.google.gg
93.174.89.11 www.google.gm
93.174.89.11 www.google.gr
93.174.89.11 www.google.ht
93.174.89.11 www.google.ie
93.174.89.11 www.google.im
93.174.89.11 www.google.in
93.174.89.11 www.google.it
93.174.89.11 www.google.ki
93.174.89.11 www.google.la
93.174.89.11 www.google.li
93.174.89.11 www.google.lv
93.174.89.11 www.google.ma
93.174.89.11 www.google.ms
93.174.89.11 www.google.mu
93.174.89.11 www.google.mw
93.174.89.11 www.google.nl
93.174.89.11 www.google.no
93.174.89.11 www.google.nr
93.174.89.11 www.google.nu
93.174.89.11 www.google.pl
93.174.89.11 www.google.pn
93.174.89.11 www.google.pt
93.174.89.11 www.google.ro
93.174.89.11 www.google.ru
93.174.89.11 www.google.rw
93.174.89.11 www.google.sc
93.174.89.11 www.google.se
93.174.89.11 www.google.sh
93.174.89.11 www.google.si
93.174.89.11 www.google.sm
93.174.89.11 www.google.sn
93.174.89.11 www.google.st
93.174.89.11 www.google.tl
93.174.89.11 www.google.tm
93.174.89.11 www.google.tt
93.174.89.11 www.google.us
93.174.89.11 www.google.vu
93.174.89.11 www.google.ws
93.174.89.11 www.google.co.ck
93.174.89.11 www.google.co.id
93.174.89.11 www.google.co.il
93.174.89.11 www.google.co.in
93.174.89.11 www.google.co.jp
93.174.89.11 www.google.co.kr
93.174.89.11 www.google.co.ls
93.174.89.11 www.google.co.ma
93.174.89.11 www.google.co.nz
93.174.89.11 www.google.co.tz
93.174.89.11 www.google.co.ug
93.174.89.11 www.google.co.uk
93.174.89.11 www.google.co.za
93.174.89.11 www.google.co.zm
93.174.89.11 www.google.com
93.174.89.11 www.google.com.af
93.174.89.11 www.google.com.ag
93.174.89.11 www.google.com.ar
93.174.89.11 www.google.com.au
93.174.89.11 www.google.com.bn
93.174.89.11 www.google.com.br
93.174.89.11 www.google.com.by
93.174.89.11 www.google.com.bz
93.174.89.11 www.google.com.cu
93.174.89.11 www.google.com.ec
93.174.89.11 www.google.com.fj
93.174.89.11 google.com
93.174.89.11 www.google.com
93.174.89.11 bing.com
93.174.89.11 www.bing.com
93.174.89.11 search.yahoo.com
93.174.89.11 www.search.yahoo.com
93.174.89.11 search.live.com
93.174.89.11 search.msn.com

Screenshots:

How to remove the infection of PC Live Guard (Adware.Win32.PCLiveGuard)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

AntiTroy Adware Removal Instructions

admin — Tue, 08 Dec 2009 17:11:00 +0000

The Emsi Software malware research team has discoverd a new outbreak of the AntiTroy adware. a-squared Anti-Malware detects this malware as Adware.Win32.AntiTroy.

AntiTroy, come from antitroy.com, is a rogue scanner program, it shows a fake security center window, shows misleading scan results and fake security alerts. The author of AntiTroy also made TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldier, SoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc. To further convince victims, AntiTroy will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

%ProgramFiles%\AntiTroy Software\AntiTroy\AntiTroy.exe
%ProgramFiles%\AntiTroy Software\AntiTroy\main_config.xml
%ProgramFiles%\AntiTroy Software\AntiTroy\uninstall.exe
%AllUsersProfile%\Desktop\AntiTroy.lnk
%AllUsersProfile%\Start Menu\Programs\AntiTroy\2 Homepage.lnk
%AllUsersProfile%\Start Menu\Programs\AntiTroy\3 Uninstall.lnk
%AllUsersProfile%\Start Menu\Programs\AntiTroy\1 AntiTroy.lnk
%UserProfile%\Cookies\userdemo@antitroy[1].txt
%UserProfile%\Local Settings\Temp\nsg19.tmp\nsProcess.dll

Create new registry entries:

HKEY_LOCAL_MACHINE|\software\AntiTroy
HKEY_LOCAL_MACHINE|\software\microsoft\Windows\CurrentVersion\Uninstall\AntiTroy
HKEY_CURRENT_USER|\software\AntiTroy
HKEY_LOCAL_MACHINE|\software\microsoft\Windows\CurrentVersion\Run, “AntiTroy”
HKEY_CURRENT_USER|\software\Microsoft\Windows\CurrentVersion\Run, “AntiTroy.exe”
HKEY_CURRENT_USER|\software\Microsoft\Windows\CurrentVersion\Run, “AntiTroy”

Screenshots:

How to remove the infection of Adware.Win32.AntiTroy?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

AntiKeep Adware Removal Instructions

admin — Thu, 03 Dec 2009 17:56:00 +0000

The Emsi Software malware research team has discoverd a new outbreak of the AntiKeep adware. a-squared Anti-Malware detects this malware as Adware.Win32.AntiKeep.

AntiKeep, come from antikeep.com, is a rogue scanner program, it shows a fake security center window, shows misleading scan results and fake security alerts. The author of AntiKeep also made TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldier, SoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc. To further convince victims, AntiKeep will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

%ProgramFiles%\AntiKeep Software\AntiKeep\uninstall.exe
%ProgramFiles%\AntiKeep Software\AntiKeep\AntiKeep.exe
%AllUsersProfile%\Desktop\AntiKeep.lnk
%AllUsersProfile%\Start Menu\Programs\AntiKeep\2 Homepage.lnk
%AllUsersProfile%\Start Menu\Programs\AntiKeep\3 Uninstall.lnk
%AllUsersProfile%\Start Menu\Programs\AntiKeep\1 AntiKeep.lnk
%UserProfile%\Cookies\userdemo@antikeep[1].txt
%UserProfile%\Local Settings\Temp\nsr12.tmp\nsProcess.dll

Create new registry entries:

HKEY_LOCAL_MACHINE\software\AntiKeep
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\AntiKeep
HKEY_CURRENT_USER\software\AntiKeep
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “AntiKeep.exe”

Screenshots:

How to remove the infection of Adware.Win32.AntiKeep?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Personal Security Adware Removal Instructions

admin — Tue, 01 Dec 2009 17:49:00 +0000

The Emsi Software malware research team has discoverd a new outbreak of the Personal Security adware. a-squared Anti-Malware detects this malware as Adware.Win32.PersonalSecurity.

Personal Security is a new rogue scanner program. It shows fake warning messages, shows misleading scan results, and fake security alerts, to convince the user that their computer infected with malware. The author of Personal Security also have made another rogue applications, such as Cyber Security and TotalSecurity. Additional, Personal Security will also install a new BHO (Browser Helper Objects) on the victim machine.

This rogue scanner also has the ability to avoid Virtual Machine, so, it won’t run on the virtual environments, and will displays fake error messages.

Once the installer file is clicked, it will immediately download other file from this address:

After installed, this application will be immediately perform scan action without prior notice. This fake scanner application tries to trick you by displaying misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you buy this fraud application. Be careful with this program, because it not going to protect your computer but will only spend your money.

Create new files:

%ProgramFiles%\PSecurity\psecurity.exe
%ProgramFiles%\Common Files\PSecurityUninstall\Uninstall.lnk
%SystemRoot%\system32\win32extension.dll
%AllUsersProfile%\Start Menu\PSecurity\Help.lnk
%AllUsersProfile%\Start Menu\PSecurity\Personal Security.lnk
%AllUsersProfile%\Start Menu\PSecurity\Registration.lnk
%AllUsersProfile%\Start Menu\PSecurity\Security Center.lnk
%AllUsersProfile%\Start Menu\PSecurity\Settings.lnk
%AllUsersProfile%\Start Menu\PSecurity\Update.lnk
%AllUsersProfile%\Start Menu\PSecurity\Computer Scan.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\PSecurity.lnk
%UserProfile%\Desktop\Personal Security.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\256537C7AD95AFE5C50084ABD7767AE9
HKEY_LOCAL_MACHINE\software\Classes\clsid\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
HKEY_LOCAL_MACHINE\software\Classes\clsid\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}\InprocServer32
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Uninstall\PSecurity
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “PSecurity”

Screenshots:

How to remove the infection of Adware.Win32.PersonalSecurity?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

AntiAdd Adware Removal Instructions

admin — Tue, 01 Dec 2009 17:37:00 +0000

The Emsi Software malware research team has discoverd a new outbreak of the AntiAdd adware. a-squared Anti-Malware detects this malware as Adware.Win32.AntiAdd.

AntiAdd, come from antiadd.com, is a rogue scanner program, it shows a fake security center window, shows misleading scan results and fake security alerts. The author of AntiAdd also made TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldier, SoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc. To further convince victims, AntiAdd will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

%ProgramFiles%\AntiAdd Software\AntiAdd\AntiAdd.exe
%ProgramFiles%\AntiAdd Software\AntiAdd\uninstall.exe
%AllUsersProfile%\Desktop\AntiAdd.lnk
%AllUsersProfile%\Start Menu\Programs\AntiAdd\2 Homepage.lnk
%AllUsersProfile%\Start Menu\Programs\AntiAdd\3 Uninstall.lnk
%AllUsersProfile%\Start Menu\Programs\AntiAdd\1 AntiAdd.lnk
%UserProfile%\Cookies\userdemo@antiadd[1].txt
%UserProfile%\Local Settings\Temp\nsc2.tmp\nsProcess.dll

Create new registry entries:

HKEY_LOCAL_MACHINE\software\AntiAdd
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\AntiAdd
HKEY_CURRENT_USER\software\AntiAdd

Screenshots:

How to remove the infection of Adware.Win32.AntiAdd?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

FakeAntivir Adware Removal Instructions

admin — Tue, 01 Dec 2009 06:12:00 +0000

The Emsi Software malware research team has discoverd a new outbreak of the FakeAntivir adware. a-squared Anti-Malware detects this malware as Adware.Win32.FakeAntivir.

FakeAntivir is an new rogue scanner program named “Antivir”. It shows fake warning messages, shows misleading scan results, and fake security alerts to convince the user that their computer infected with malware. This rogue scanner has the ability to avoid Virtual Machine, so, it won’t run on the virtual environments, and will displays fake error messages.

Once the installer file is clicked, it will immediately download other file from this address:

hxxp://winupdateserver2.com

Create new files:

%ProgramFiles%\AV\antivir.exe
%ProgramFiles%\Common Files\Uninstall\AV\Uninstall.lnk
%SystemRoot%\system32\UpdateCheck.dll
%AllUsersProfile%\Start Menu\AV\Antivir.lnk
%AllUsersProfile%\Start Menu\AV\Uninstall.lnk
%UserProfile%\Desktop\Antivir.lnk

Create new registry entry:

HKEY_CURRENT_USER\software\EVA50C

Screenshots:

How to remove the infection of Adware.Win32.FakeAntivir?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

RESpyWare Adware Removal Instructions

admin — Fri, 27 Nov 2009 20:46:00 +0000

The Emsi Software malware research team has discoverd a new outbreak of the RESpyWare adware. a-squared Anti-Malware detects this malware as Adware.Win32.RESpyWare.

RESpyWare, come from respyware.com, is a rogue scanner program, it shows a fake security center window, shows misleading scan results and fake security alerts. The author of RESpyWare also made TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldier, SoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc. To further convince victims, RESpyWare will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

%ProgramFiles%\RESpyWare Software\RESpyWare\RESpyWare.exe
%ProgramFiles%\RESpyWare Software\RESpyWare\uninstall.exe
%AllUsersProfile%\Desktop\RESpyWare.lnk
%AllUsersProfile%\Start Menu\Programs\RESpyWare\2 Homepage.lnk
%AllUsersProfile%\Start Menu\Programs\RESpyWare\3 Uninstall.lnk
%AllUsersProfile%\Start Menu\Programs\RESpyWare\1 RESpyWare.lnk
%UserProfile%\Cookies\userdemo@respyware[1].txt
%UserProfile%\Local Settings\Temp\nsk1A.tmp\nsProcess.dll

Create new registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\RESpyWare
HKEY_LOCAL_MACHINE\software\RESpyWare
HKEY_CURRENT_USER\software\RESpyWare
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “RESpyWare.exe”

Screenshots:

How to remove the infection of Adware.Win32.RESpyWare?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

REAnti Adware Removal Instructions

admin — Thu, 26 Nov 2009 17:16:00 +0000

The Emsi Software malware research team has discoverd a new outbreak of the REAnti adware. a-squared Anti-Malware detects this malware as Adware.Win32.REAnti.

REAnti, come from reanti.com, is a rogue scanner program, it shows a fake security center window, shows misleading scan results and fake security alerts. The author of REAnti also made TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldier, SoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc. To further convince victims, REAnti will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

%ProgramFiles%\REAnti Software\REAnti\REAnti.exe
%ProgramFiles%\REAnti Software\REAnti\uninstall.exe
%AllUsersProfile%\Desktop\REAnti.lnk
%AllUsersProfile%\Start Menu\Programs\REAnti\2 Homepage.lnk
%AllUsersProfile%\Start Menu\Programs\REAnti\3 Uninstall.lnk
%AllUsersProfile%\Start Menu\Programs\REAnti\1 REAnti.lnk
%UserProfile%\Cookies\userdemo@reanti[1].txt
%UserProfile%\Local Settings\Temp\nsr3.tmp\nsProcess.dll

Create new registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\REAnti
HKEY_LOCAL_MACHINE\software\REAnti
HKEY_CURRENT_USER\software\REAnti
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “REAnti.exe”

Screenshots:

How to remove the infection of Adware.Win32.REAnti?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Additional Guard Adware Removal Instructions

emsi — Wed, 25 Nov 2009 18:52:10 +0000

The Emsi Software malware research team has discoverd a new outbreak of the Additional Guard adware. a-squared Anti-Malware detects this malware as Adware.Win32.AdditionalGuard.

Additional Guard (hxxp://www.additional-guard.com) is a fraud application that shows false warning messages and misleading scan results. Come from the following family: Live PC Care, Enterprise Suite, System Defender, Windows Enterprise Defender, Windows PC Defender, etc. This adware create numerous junk files on your computer, usually at Recent folder, that are used to impersonate malware files. Once the program is running it will scan your computer and then display these files as infections, but will not allow you to remove them until you purchase the program.

The main program will extract several files to (some name of the files and directory for this rogue are random):

%SystemRoot%\system32\drivers\etc\hosts
%AllUsersProfile%\Application Data\58969\WIf4c.exe
%AllUsersProfile%\Application Data\58969\WINAG.ico
%AllUsersProfile%\Application Data\WINAGSys\winag.cfg
%UserProfile%\Application Data\Additional Guard\cookies.sqlite
%UserProfile%\Application Data\Additional Guard\Instructions.ini
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Additional Guard.lnk
%UserProfile%\Desktop\Additional Guard.lnk
%UserProfile%\Recent\grid.dll
%UserProfile%\Recent\PE.dll
%UserProfile%\Recent\PE.exe
%UserProfile%\Recent\sld.dll
%UserProfile%\Recent\ANTIGEN.drv
%UserProfile%\Recent\cid.sys
%UserProfile%\Recent\CLSV.dll
%UserProfile%\Recent\DBOLE.dll
%UserProfile%\Recent\DBOLE.drv
%UserProfile%\Recent\DBOLE.sys
%UserProfile%\Recent\eb.dll
%UserProfile%\Recent\eb.exe
%UserProfile%\Recent\eb.sys
%UserProfile%\Recent\eb.tmp
%UserProfile%\Recent\energy.drv
%UserProfile%\Recent\exec.drv
%UserProfile%\Start Menu\Additional Guard.lnk
%UserProfile%\Start Menu\Programs\Additional Guard.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID
HKEY_LOCAL_MACHINE\software\Classes\Setup.DocHostUIHandler
HKEY_LOCAL_MACHINE\software\Classes\Setup.DocHostUIHandler\Clsid
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\a.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aAvgApi.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AAWTray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\About.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ackwin32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Ad-Aware.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\adaware.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\advxdwin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AdwarePrj.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\agent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\agentsvr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\agentw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\alertsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\alevir.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\alogserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AlphaAV
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AlphaAV.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AluSchedulerSvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\amon9x.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\anti-trojan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Anti-Virus Professional.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntispywarXP2009.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\antivirus.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusPlus
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusPlus.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusPro_2010.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusXP
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusXP.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\antivirusxppro2009.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntiVirus_Pro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ants.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\apimonitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aplica32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\apvxdwin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\arr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Arrakis3.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashAvast.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashBug.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashChest.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashCnsnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashDisp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashLogV.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashMaiSv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashPopWz.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashQuick.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashServ.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashSimp2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashSimpl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashSkPcc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashSkPck.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashUpd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashWebSv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aswChLic.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aswRegSvr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aswRunDll.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aswUpdSv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atcon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atguard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atro55en.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atupdater.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atwatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\au.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aupdate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\auto-protect.nav80try.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\autodown.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\autotrace.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\autoupdate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\av360.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avadmin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AVCare.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avcenter.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avciman.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avconfig.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avconsol.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ave32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AVENGINE.EXE
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgcc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgchk.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgcmgr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgcsrvx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgctrl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgdumpx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgemc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgiproxy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgnsx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgrsx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgscanx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgserv9.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgsrmax.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgtray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgupd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgwdsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avkpop.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avkserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avkservice.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avkwctl9.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avltmain.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avmailc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avmcdlg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avnotify.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avp32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avpcc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avpdos32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avpm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avptc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avpupd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avsched32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avsynmgr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avupgsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AVWEBGRD.EXE
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwin95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwinnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwsc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwupd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwupd32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwupsrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avxmonitor9x.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avxmonitornt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avxquar.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\b.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\backweb.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bargains.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdfvcl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdfvwiz.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\BDInProcPatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdmcon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\BDMsnScan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdreinit.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdsubwiz.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\BDSurvey.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdtkexec.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdwizreg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bd_professional.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\beagle.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\belt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bidef.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bidserver.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bipcp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bipcpevalsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bisp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\blackd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\blackice.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\blink.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\blss.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bootconf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bootwarn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\borg2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bpc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\brasil.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\brastk.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\brw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bs120.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bspatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bundle.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bvt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\c.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cavscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ccapp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ccevtmgr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ccpxysvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ccSvcHst.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cdp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfgwiz.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfiadmin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfiaudit.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfinet.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfinet32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfpconfg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfplogvw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfpupdat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Cl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\claw95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\claw95cf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\clean.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cleaner.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cleaner3.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cleanIELow.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cleanpc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\click.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmd32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmdagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmesys.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmgrdian.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmon016.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\connectionmonitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\control
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cpd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cpf9×206.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cpfnt206.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\crashrep.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\csc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cssconfg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cssupdat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cssurf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ctrl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cwnb181.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cwntdwmo.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\d.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\datemanager.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dcomx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\defalert.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\defscangui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\defwatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\deloeminfs.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\deputy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dllcache.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dllreg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\doors.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dop.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dpf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dpfsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dpps2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\driverctrl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\drwatson.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\drweb32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\drwebupw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dssagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dvp95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dvp95_0.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ecengine.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\efpeadm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\emsw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\esafe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\escanhnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\escanv95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\espwatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ethereal.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\etrustcipe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\evpn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\exantivirus-cnet.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\exe.avxw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\expert.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\explore.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\f-agnt95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\f-prot.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\f-prot95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\f-stopw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fact.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fameh32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fast.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fch32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fih32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\findviru.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\firewall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fixcfg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fixfp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fnrb32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fp-win.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fp-win_trial.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fprot.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\frmwrk32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\frw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsaa.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav530stbyb.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav530wtbyb.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsgk32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsm32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsma32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsmb32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gator.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gbmenu.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gbn976rl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gbpoll.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\generics.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gmt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\guard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\guarddog.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\guardgui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hacktracersetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hbinst.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hbsrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\History.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\homeav2010.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hotactio.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hotpatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\htlog.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\htpatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hwpe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hxdl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hxiul.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iamapp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iamserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iamstats.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ibmasn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ibmavsp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icload95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icloadnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icsupp95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icsuppnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Identity.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\idle.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iedll.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iedriver.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\IEShow.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iface.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ifw2000.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\inetlnfo.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\infus.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\infwin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\init.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\init32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\intdel.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\intren.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iomon98.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\istsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\jammer.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\jdbgmrg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\jedi.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\JsRcGen.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kavlite40eng.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kavpers40eng.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kavpf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kazza.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\keenvalue.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kerio-pf-213-en-win.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kerio-wrl-421-en-win.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kerio-wrp-421-en-win.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\killprocesssetup161.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\launcher.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ldnetmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ldpro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ldpromenu.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ldscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\licmgr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\livesrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lnetinfo.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\loader.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\localnet.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lockdown.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lockdown2000.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lookout.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lordpe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\luall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\luau.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lucomserver.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\luinit.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\luspt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\MalwareRemoval.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mapisvc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcmnhdlr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcmscsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcnasvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcproxy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\McSACore.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcshell.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcshield.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcsysmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mctool.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcupdate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcvsrte.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcvsshld.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\md.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mfin32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mfw2en.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mfweng3.02d30.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mgavrtcl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mgavrte.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mghtml.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mgui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\minilog.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mmod.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\monitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\moolive.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mostat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mpfagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mpfservice.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\MPFSrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mpftray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mrflux.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msa.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msapp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msbb.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msblast.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mscache.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msccn32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mscman.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msconfig
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msdm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msdos.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msiexec16.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mslaugh.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmgt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmsgri32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mssmmc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mssys.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msvxd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mu0311ad.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mwatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\n32scanw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navap.navapsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navapsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navapw32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navdx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navlu32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navstub.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navw32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navwnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nc2000.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ncinst4.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ndd32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\neomonitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\neowatchlog.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netarmor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netd32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netinfo.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netscanpro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netspyhunter-1.2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netutils.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nisserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nisum.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nmain.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nod32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\normist.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\norton_internet_secu_3.0_407.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\notstart.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\npf40_tw_98_nt_me_2k.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\npfmessenger.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nprotect.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\npscheck.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\npssvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nsched32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nssys32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nstask32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nsupdate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ntrtscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ntvdm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ntxconfig.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nupgrade.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nvarch16.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nvc95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nvsvc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nwinst4.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nwservice.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nwtool16.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\OAcat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\OAhlp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\OAReg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\oasrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\oaui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\oaview.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ODSW.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ollydbg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\onsrvr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\optimize.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ostronet.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\otfix.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\outpost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\outpostinstall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\outpostproinstall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ozn695m5.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\padmin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\panixk.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\patch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavcl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PavFnSvr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavproxy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavprsrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavsched.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavsrv51.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pccwin98.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pcfwallicon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pcip10117_0.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pcscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsAuxs.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsGui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsSvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsTray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PC_Antispyware2010.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pdfndr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pdsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PerAvir.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\periscope.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\persfw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\personalguard
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\personalguard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\perswf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pf2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pfwadmin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pgmonitr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pingscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\platin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pop3trap.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\poproxy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\popscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\portdetective.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\portmonitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\powerscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ppinupdt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pptbc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ppvstop.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\prizesurfer.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\prmt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\prmvr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\procdump.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\processmonitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\procexplorerv1.0.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\programauditor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\proport.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\protector.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\protectx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PSANCU.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PSANHost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PSANToManager.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PsCtrls.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PsImSvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PskSvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pspf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PSUNMain.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\purge.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\qconsole.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\qh.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\qserver.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Quick Heal.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\QuickHealCleaner.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rapapp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rav7.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rav7win.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rav8win32eng.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rb32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rcsync.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\realmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\reged.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\regedt32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rescue.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rescue32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rrguard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rscdwld.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rshell.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rtvscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rtvscn95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rulaunch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rwg
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rwg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SafetyKeeper.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\safeweb.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sahagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Save.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SaveArmor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SaveDefense.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SaveKeep.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\savenow.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sbserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scam32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scan32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scan95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scanpm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scrscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\seccenter.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Secure Veteran.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\secureveteran.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Security Center.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SecurityFighter.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\securitysoldier.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\serv95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\setloadorder.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\setupvameeval.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\setup_flowprotector_us.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sgssfw32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sh.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\shellspyinstall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\shield.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\shn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\showbehind.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\signcheck.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smart.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smartprotector.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smrtdefp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sms.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smss32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\snetcfg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\soap.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sofi.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SoftSafeness.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sperm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sphinx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spoler.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spoolcv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spoolsv32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spywarexpguard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spyxx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\srexe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\srng.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ss3edit.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ssgrate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ssg_4104.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\st2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\start.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\stcloader.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\supftrl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\support.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\supporter5.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\svc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\svchostc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\svchosts.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\svshost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sweep95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sweepnet.sweepsrv.sys.swnetsup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\symlcsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\symproxysvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\symtray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\system.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\system32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sysupd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\taskmgr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\taumon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tbscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tca.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tcm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tds-3.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tds2-98.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tds2-nt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\teekids.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tfak.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tfak5.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tgbob.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\titanin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\titaninxp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\TPSrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\trickler.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\trjscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\trjsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\trojantrap3.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\TrustWarrior.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tsadbot.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tsc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tvmd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tvtmd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\uiscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\undoboot.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\updat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\upgrad.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\upgrepl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\utpost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbcmserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbcons.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbust.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbwin9x.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbwinntw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vcsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vet32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vet95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vettray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vfsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vir-help.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\virusmdpersonalfirewall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\VisthAux.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\VisthLic.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\VisthUpd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vnlan300.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vnpc3000.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vpc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vpc42.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vpfw30s.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vptray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vscan40.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vscenu6.02d30.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsched.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsecomr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vshwin32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsisetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsmain.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsstat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vswin9xe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vswinntse.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vswinperse.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\w32dsm89.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\W3asbas.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\w9x.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\watchdog.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\webdav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\WebProxy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\webscanx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\webtrap.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wfindv32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\whoswatchingme.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wimmun32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\win-bugsfix.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\win32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\win32us.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winactive.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\windll32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\window.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\windows Police Pro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\windows.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wininetd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wininitx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winlogin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winmain.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winppr32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winrecon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winservn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winssk32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winstart.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winstart001.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wintsk32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winupdate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wkufind.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wnad.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wradmin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wrctrl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wsbgate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wscfxas.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wscfxav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wscfxfw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wsctool.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wupdater.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wupdt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wyvernworksfirewall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\xpdeluxe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\xpf202en.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\xp_antispyware.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zapro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zapsetup3001.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zatutor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zonalm2601.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zonealarm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\_avpcc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\_avpm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\~1.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\~2.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “Additional Guard”

This rogue application also changes the hosts file:

127.0.0.1 localhost
74.125.45.100 4-open-davinci.com
74.125.45.100 securitysoftwarepayments.com
74.125.45.100 privatesecuredpayments.com
74.125.45.100 secure.privatesecuredpayments.com
74.125.45.100 getantivirusplusnow.com
74.125.45.100 secure-plus-payments.com
74.125.45.100 www.getantivirusplusnow.com
74.125.45.100 www.secure-plus-payments.com
74.125.45.100 www.getavplusnow.com
74.125.45.100 safebrowsing-cache.google.com
74.125.45.100 www.securesoftwarebill.com
74.125.45.100 secure.paysecuresystem.com
74.125.45.100 paysoftbillsolution.com
89.248.168.186 google.ae
89.248.168.186 google.as
89.248.168.186 google.at
89.248.168.186 google.az
89.248.168.186 google.ba
89.248.168.186 google.be
89.248.168.186 google.bg
89.248.168.186 google.bs
89.248.168.186 google.ca
89.248.168.186 google.cd
89.248.168.186 google.com.gh
89.248.168.186 google.com.hk
89.248.168.186 google.com.jm
89.248.168.186 google.com.mx
89.248.168.186 google.com.my
89.248.168.186 google.com.na
89.248.168.186 google.com.nf
89.248.168.186 google.com.ng
89.248.168.186 google.ch
89.248.168.186 google.com.np
89.248.168.186 google.com.pr
89.248.168.186 google.com.qa
89.248.168.186 google.com.sg
89.248.168.186 google.com.tj
89.248.168.186 google.com.tw
89.248.168.186 google.dj
89.248.168.186 google.de
89.248.168.186 google.dk
89.248.168.186 google.dm
89.248.168.186 google.ee
89.248.168.186 google.fi
89.248.168.186 google.fm
89.248.168.186 google.fr
89.248.168.186 google.ge
89.248.168.186 google.gg
89.248.168.186 google.gm
89.248.168.186 google.gr
89.248.168.186 google.ht
89.248.168.186 google.ie
89.248.168.186 google.im
89.248.168.186 google.in
89.248.168.186 google.it
89.248.168.186 google.ki
89.248.168.186 google.la
89.248.168.186 google.li
89.248.168.186 google.lv
89.248.168.186 google.ma
89.248.168.186 google.ms
89.248.168.186 google.mu
89.248.168.186 google.mw
89.248.168.186 google.nl
89.248.168.186 google.no
89.248.168.186 google.nr
89.248.168.186 google.nu
89.248.168.186 google.pl
89.248.168.186 google.pn
89.248.168.186 google.pt
89.248.168.186 google.ro
89.248.168.186 google.ru
89.248.168.186 google.rw
89.248.168.186 google.sc
89.248.168.186 google.se
89.248.168.186 google.sh
89.248.168.186 google.si
89.248.168.186 google.sm
89.248.168.186 google.sn
89.248.168.186 google.st
89.248.168.186 google.tl
89.248.168.186 google.tm
89.248.168.186 google.tt
89.248.168.186 google.us
89.248.168.186 google.vu
89.248.168.186 google.ws
89.248.168.186 google.co.ck
89.248.168.186 google.co.id
89.248.168.186 google.co.il
89.248.168.186 google.co.in
89.248.168.186 google.co.jp
89.248.168.186 google.co.kr
89.248.168.186 google.co.ls
89.248.168.186 google.co.ma
89.248.168.186 google.co.nz
89.248.168.186 google.co.tz
89.248.168.186 google.co.ug
89.248.168.186 google.co.uk
89.248.168.186 google.co.za
89.248.168.186 google.co.zm
89.248.168.186 google.com
89.248.168.186 google.com.af
89.248.168.186 google.com.ag
89.248.168.186 google.com.ar
89.248.168.186 google.com.au
89.248.168.186 google.com.bn
89.248.168.186 google.com.br
89.248.168.186 google.com.by
89.248.168.186 google.com.bz
89.248.168.186 google.com.cu
89.248.168.186 google.com.ec
89.248.168.186 google.com.fj
89.248.168.186 www.google.ae
89.248.168.186 www.google.as
89.248.168.186 www.google.at
89.248.168.186 www.google.az
89.248.168.186 www.google.ba
89.248.168.186 www.google.be
89.248.168.186 www.google.bg
89.248.168.186 www.google.bs
89.248.168.186 www.google.ca
89.248.168.186 www.google.cd
89.248.168.186 www.google.com.gh
89.248.168.186 www.google.com.hk
89.248.168.186 www.google.com.jm
89.248.168.186 www.google.com.mx
89.248.168.186 www.google.com.my
89.248.168.186 www.google.com.na
89.248.168.186 www.google.com.nf
89.248.168.186 www.google.com.ng
89.248.168.186 www.google.ch
89.248.168.186 www.google.com.np
89.248.168.186 www.google.com.pr
89.248.168.186 www.google.com.qa
89.248.168.186 www.google.com.sg
89.248.168.186 www.google.com.tj
89.248.168.186 www.google.com.tw
89.248.168.186 www.google.dj
89.248.168.186 www.google.de
89.248.168.186 www.google.dk
89.248.168.186 www.google.dm
89.248.168.186 www.google.ee
89.248.168.186 www.google.fi
89.248.168.186 www.google.fm
89.248.168.186 www.google.fr
89.248.168.186 www.google.ge
89.248.168.186 www.google.gg
89.248.168.186 www.google.gm
89.248.168.186 www.google.gr
89.248.168.186 www.google.ht
89.248.168.186 www.google.ie
89.248.168.186 www.google.im
89.248.168.186 www.google.in
89.248.168.186 www.google.it
89.248.168.186 www.google.ki
89.248.168.186 www.google.la
89.248.168.186 www.google.li
89.248.168.186 www.google.lv
89.248.168.186 www.google.ma
89.248.168.186 www.google.ms
89.248.168.186 www.google.mu
89.248.168.186 www.google.mw
89.248.168.186 www.google.nl
89.248.168.186 www.google.no
89.248.168.186 www.google.nr
89.248.168.186 www.google.nu
89.248.168.186 www.google.pl
89.248.168.186 www.google.pn
89.248.168.186 www.google.pt
89.248.168.186 www.google.ro
89.248.168.186 www.google.ru
89.248.168.186 www.google.rw
89.248.168.186 www.google.sc
89.248.168.186 www.google.se
89.248.168.186 www.google.sh
89.248.168.186 www.google.si
89.248.168.186 www.google.sm
89.248.168.186 www.google.sn
89.248.168.186 www.google.st
89.248.168.186 www.google.tl
89.248.168.186 www.google.tm
89.248.168.186 www.google.tt
89.248.168.186 www.google.us
89.248.168.186 www.google.vu
89.248.168.186 www.google.ws
89.248.168.186 www.google.co.ck
89.248.168.186 www.google.co.id
89.248.168.186 www.google.co.il
89.248.168.186 www.google.co.in
89.248.168.186 www.google.co.jp
89.248.168.186 www.google.co.kr
89.248.168.186 www.google.co.ls
89.248.168.186 www.google.co.ma
89.248.168.186 www.google.co.nz
89.248.168.186 www.google.co.tz
89.248.168.186 www.google.co.ug
89.248.168.186 www.google.co.uk
89.248.168.186 www.google.co.za
89.248.168.186 www.google.co.zm
89.248.168.186 www.google.com
89.248.168.186 www.google.com.af
89.248.168.186 www.google.com.ag
89.248.168.186 www.google.com.ar
89.248.168.186 www.google.com.au
89.248.168.186 www.google.com.bn
89.248.168.186 www.google.com.br
89.248.168.186 www.google.com.by
89.248.168.186 www.google.com.bz
89.248.168.186 www.google.com.cu
89.248.168.186 www.google.com.ec
89.248.168.186 www.google.com.fj
89.248.168.186 google.com
89.248.168.186 www.google.com
89.248.168.186 bing.com
89.248.168.186 www.bing.com
89.248.168.186 search.yahoo.com
89.248.168.186 www.search.yahoo.com
89.248.168.186 search.live.com
89.248.168.186 search.msn.com

Screenshots:

How to remove the infection of Additional Guard (Adware.Win32.AdditionalGuard)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

KeepCop Adware Removal Instructions

admin — Wed, 25 Nov 2009 19:16:00 +0000

The Emsi Software malware research team has discoverd a new outbreak of the KeepCop adware. a-squared Anti-Malware detects this malware as Adware.Win32.KeepCop.

KeepCop is a rogue scanner program, it shows a fake security center window, shows misleading scan results and fake security alerts. The author KeepCop also made TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldier, SoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc. To further convince victims, KeepCop will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

%ProgramFiles%\KeepCop Software\KeepCop\KeepCop.exe
%ProgramFiles%\KeepCop Software\KeepCop\uninstall.exe
%AllUsersProfile%\Desktop\KeepCop.lnk
%AllUsersProfile%\Start Menu\Programs\KeepCop\2 Homepage.lnk
%AllUsersProfile%\Start Menu\Programs\KeepCop\3 Uninstall.lnk
%AllUsersProfile%\Start Menu\Programs\KeepCop\1 KeepCop.lnk
%UserProfile%\Cookies\userdemo@keepcop[1].txt
%UserProfile%\Local Settings\Temp\nsk2.tmp\nsProcess.dll

Create new registry entries:

HKEY_LOCAL_MACHINE\software\KeepCop
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\KeepCop
HKEY_CURRENT_USER\software\KeepCop
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “KeepCop”

Screenshots:

How to remove the infection of Adware.Win32.KeepCop?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Malware Professional Adware Removal Instructions

admin — Tue, 24 Nov 2009 19:15:00 +0000

The Emsi Software malware research team has discoverd a new outbreak of the Malware Professional adware. a-squared Anti-Malware detects this malware as Adware.Win32.MalwareProfessional.

Malware Professional is a rogue scanner program. Once installed, this application will be immediately perform scan action without prior notice. This fake scanner application tries to trick you by displaying misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you buy this fraud application. Be careful with this program, because it not going to protect your computer but will only spend your money.

Create new files:

%ProgramFiles%\Malware Professional\noadware4_021709.na
%ProgramFiles%\Malware Professional\nutilities.dll
%ProgramFiles%\Malware Professional\unins000.dat
%ProgramFiles%\Malware Professional\unins000.exe
%ProgramFiles%\Malware Professional\UninstlDll.dll
%ProgramFiles%\Malware Professional\Malware Professional.exe
%AllUsersProfile%\Start Menu\Programs\Malware Professional\Uninstall Malware Professional .lnk
%AllUsersProfile%\Start Menu\Programs\Malware Professional\Malware Professional .lnk
%UserProfile%\Desktop\Malware Professional.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Malware Professional 5.0_is1
HKEY_CURRENT_USER\software\Malware Professional

Screenshots:

How to remove the infection of Adware.Win32.MalwareProfessional?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

SecureKeeper Adware Removal Instructions

admin — Thu, 19 Nov 2009 19:03:00 +0000

The Emsi Software malware research team has discoverd a new outbreak of the SecureKeeper adware. a-squared Anti-Malware detects this malware as Adware.Win32.SecureKeeper.

SecureKeeper is a rogue scanner program, it shows a fake security center window, shows misleading scan results and fake security alerts. The author SecureKeeper also made TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldier, SoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc. To further convince victims, SecureKeeper will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

%ProgramFiles%\SecureKeeper Software\SecureKeeper\SecureKeeper.exe
%ProgramFiles%\SecureKeeper Software\SecureKeeper\uninstall.exe
%AllUsersProfile%\Desktop\SecureKeeper.lnk
%AllUsersProfile%\Start Menu\Programs\SecureKeeper\2 Homepage.lnk
%AllUsersProfile%\Start Menu\Programs\SecureKeeper\3 Uninstall.lnk
%AllUsersProfile%\Start Menu\Programs\SecureKeeper\1 SecureKeeper.lnk
%UserProfile%\Cookies\user@securekeeper[1].txt
%UserProfile%\Local Settings\Temp\nsk18.tmp\nsProcess.dll

Create new registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\SecureKeeper
HKEY_LOCAL_MACHINE\software\SecureKeeper
HKEY_CURRENT_USER\software\SecureKeeper
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “SecureKeeper”

Screenshots:

How to remove the infection of Adware.Win32.SecureKeeper?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

SiteVillain Adware Removal Instructions

admin — Tue, 17 Nov 2009 19:28:00 +0000

The Emsi Software malware research team has discoverd a new outbreak of the SiteVillain adware. a-squared Anti-Malware detects this malware as Adware.Win32.SiteVillain.

SiteVillain is a rogue scanner program, it shows a fake security center window, shows misleading scan results and fake security alerts. The author SiteVillain also made TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldier, SoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc. To further convince victims, SiteVillain will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

%ProgramFiles%\SiteVillain Software\SiteVillain\SiteVillain.exe
%ProgramFiles%\SiteVillain Software\SiteVillain\uninstall.exe
%AllUsersProfile%\Desktop\SiteVillain.lnk
%AllUsersProfile%\Start Menu\Programs\SiteVillain\1 SiteVillain.lnk
%AllUsersProfile%\Start Menu\Programs\SiteVillain\2 Homepage.lnk
%AllUsersProfile%\Start Menu\Programs\SiteVillain\3 Uninstall.lnk
%UserProfile%\Cookies\virus demo@sitevillain[1].txt
%UserProfile%\Local Settings\Temp\nsh11.tmp\nsProcess.dll

Create new registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\SiteVillain
HKEY_LOCAL_MACHINE\software\SiteVillain
HKEY_CURRENT_USER\software\SiteVillain
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “SiteVillain”

Screenshots:

How to remove the infection of Adware.Win32.SiteVillain?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Personal Protector Adware Removal Instructions

admin — Tue, 17 Nov 2009 18:49:00 +0000

The Emsi Software malware research team has discoverd a new outbreak of the Personal Protector adware. a-squared Anti-Malware detects this malware as Adware.Win32.PersonalProtector.

Personal Protector is a rogue scanner program. Once you click the setup file, the application will be immediately installed and scan without prior notice. This fake scanner application tries to trick you by displaying misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you buy this fraud application. Be careful with this program, because it not going to protect your computer but will only spend your money. Additionally, on the computers that are already infected, Personal Protector will be running automatically when starting Windows.

Create new files:

%ProgramFiles%\Personal Protector\baseadd.wdb
%ProgramFiles%\Personal Protector\conf.wcf
%ProgramFiles%\Personal Protector\personalprotector.exe
%ProgramFiles%\Personal Protector\quarant.wdb
%ProgramFiles%\Personal Protector\queue.wdb
%ProgramFiles%\Personal Protector\un.exe
%ProgramFiles%\Personal Protector\base.wdb
%SystemRoot%\tempfile2.bat
%AllUsersProfile%\Microsoft PData\inetprovider.dll
%UserProfile%\Desktop\Personal Protector.lnk
%UserProfile%\Start Menu\Programs\Personal Protector\Personal Protector.lnk
%UserProfile%\Start Menu\Programs\Personal Protector\Uninstall.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Personal Protector
HKEY_LOCAL_MACHINE\software\Personal Protector
HKEY_LOCAL_MACHINE\software\Personal Protector\Soft
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “personalprotector”
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\RunOnce, “suicide”

Screenshots:

How to remove the infection of Adware.Win32.PersonalProtector?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

LinkSafeness Adware Removal Instructions

admin — Tue, 17 Nov 2009 18:33:00 +0000

The Emsi Software malware research team has discoverd a new outbreak of the LinkSafeness adware. a-squared Anti-Malware detects this malware as Adware.Win32.LinkSafeness.

LinkSafeness is a rogue scanner program, it shows a fake security center window, shows misleading scan results and fake security alerts. The author LinkSafeness also made TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldier, SoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc. To further convince victims, LinkSafeness will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

%ProgramFiles%\LinkSafeness Software\LinkSafeness\LinkSafeness.exe
%ProgramFiles%\LinkSafeness Software\LinkSafeness\uninstall.exe
%AllUsersProfile%\Desktop\LinkSafeness.lnk
%AllUsersProfile%\Start Menu\Programs\LinkSafeness\1 LinkSafeness.lnk
%AllUsersProfile%\Start Menu\Programs\LinkSafeness\2 Homepage.lnk
%AllUsersProfile%\Start Menu\Programs\LinkSafeness\3 Uninstall.lnk
%UserProfile%\Cookies\user@linksafeness[2].txt
%UserProfile%\Local Settings\Temp\t5bgc2co
%UserProfile%\Local Settings\Temp\t5bgc2co.exe
%UserProfile%\Local Settings\Temp\nscC.tmp\nsProcess.dll
%UserProfile%\Local Settings\Temp\nsqA.tmp\time.dll
%UserProfile%\Local Settings\Temp\nsr8.tmp\time.dll

Create new registry entries:

HKEY_LOCAL_MACHINE\software\LinkSafeness
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\LinkSafeness
HKEY_CURRENT_USER\software\LinkSafeness
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “LinkSafeness”

Screenshots:

How to remove the infection of Adware.Win32.LinkSafeness?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Warning of the new Russian Connection: Million dollar hoax from the Kremlin!

admin — Tue, 17 Nov 2009 13:18:00 +0000

Who doesn’t want to be a millionaire? The so-called “Nigeria Connection” takes advantage of such dreams and has been making good money for years with pumped-up emails. The security software development specialists Emsi Software are now warning of a new “Russian Connection”. The millions are now being promised from the Kremlin.

What is the Nigeria Connection?

Since 1988, large numbers of emails have been sent over the whole world, mostly from Nigeria. The tone of these mails is always the same: Someone has “found” a few million dollars lying in an orphaned bank account and is looking for a partner willing to make their bank account available for transferring the money out of the country. The account holder is offered a commission of up to 10 percent for their help.

With several million dollars, this commission is naturally worth the effort. This temptation has resulted in many users falling for this trick offer. Anyone taking up this offer without considering the illegal money-laundering nature of the whole process will not become rich but rather cleaned out. The victims must always first front up with a few thousand dollars – for expenses, bribes, documents. In the end it is always the same – no money, just expenses.

Christian Mairoll, the General Manager of Emsi Software GmbH, says: “When an email offer sounds too good to be true, then it is definitely not true.”

Emsi Software warns of the “Russian Connection”

Same approach, different source. Emsi Software warns of the first mails from the newly established “Russian Connection”. The mails currently in circulation claim to come from Russia – directly from Moscow and Kremlin circles, where millions are in fact invested in oil, heavy industry and other raw materials.

Christian Mairoll says: “The Russians are not taking half measures. In the mails we have seen, up to 52 million Euros are to be smuggled out of the country. Anyone willing to allow their bank account to be used for this is promised a commission of 8 percent. Since a warning is always necessary, we therefore provide the following warning: This is a hoax and completely fraudulent. Anyone answering this type of mail is immediately asked for payment for non-existent expenses. Any and all such mails from the “Russian Connection” must be immediately deleted.”

Example of a “Russian Connection” email

Good Day,
I am Andrei Raz***hov, I have a business brief which might interest you on the instruction of a business tycoon in Moscow whose business interest spans crude oil refining, mining, construction, real estate and tourism.

Over the past years the policies of the Kremlin has not been favorable towards his business and more importantly towards his person who seem to have a different political view from that of the Kremlin. Without boring you with politics of Russia, I will go straight to the point to ask for your cooperation to discreetly re-profile funds worth 52.2 Million euro own by this business tycoon from its present location via a bank in eastern Europe to a new investment location.

You will be paid 8% for your ‘management consultancy fees’, if we are able to reach terms. If you are interested, please write back to my senior colleague Mr. Andrev Sl**vik at **** and provide your telephone number and private e-mail address and he will provide further details.

Write back, we wait for your response.
Regards,
Andrei Raz***hov

A new hobby: Bother crooks

There is not much you can do about such scams, because still many users believe these emails. Some creative minds in the Web, however, thought that if we can not stop this nonsense, then at least we can try to steal the fraudsters as much time as possible to ensure that they don’t spend too much time on other victims. There are some very entertaining projects such as www.419eater.com und www.thescambaiter.com where you can find lots of funny stories and hall of shame picture galleries.

Article from a-squared Knowledgebase

Enterprise Suite Adware Removal Instructions

emsi — Mon, 16 Nov 2009 17:36:53 +0000

The Emsi Software malware research team has discoverd a new outbreak of the Enterprise Suite adware. a-squared Anti-Malware detects this malware as Adware.Win32.EnterpriseSuite.

Enterprise Suite is a fraud application that shows false warning messages and misleading scan results. Come from the following family: Additional Guard, PC Live Guard, Live PC Care, Additional Guard, Enterprise Suite, System Defender, Windows Enterprise Defender, Windows PC Defender, etc. This adware create numerous junk files on your computer, usually at Recent folder, that are used to impersonate malware files. Once the program is running it will scan your computer and then display these files as infections, but will not allow you to remove them until you purchase the program.

Create new files:

%SystemRoot%\system32\COMMAND.COM
%SystemRoot%\system32\DOSX.EXE
%SystemRoot%\system32\HIMEM.SYS
%SystemRoot%\system32\MSCDEXNT.EXE
%SystemRoot%\system32\REDIR.EXE
%SystemRoot%\system32\drivers\etc\hosts
%SystemRoot%\system32\WBEM\Logs\mofcomp.log
%SystemRoot%\system32\WBEM\Logs\wbemprox.log
%AllUsersProfile%\Application Data\58969\WEf4c.exe
%AllUsersProfile%\Application Data\58969\WES.ico
%AllUsersProfile%\Application Data\WESSys\wes.cfg
%UserProfile%\Application Data\Enterprise Suite\cookies.sqlite
%UserProfile%\Application Data\Enterprise Suite\Instructions.ini
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Enterprise Suite.lnk
%UserProfile%\Desktop\322.mof
%UserProfile%\Desktop\Enterprise Suite.lnk
%UserProfile%\Desktop\mozcrt19.dll
%UserProfile%\Desktop\sqlite3.dll
%UserProfile%\Desktop\WESSys\vd952342.bd
%UserProfile%\Recent\ANTIGEN.tmp
%UserProfile%\Recent\cb.tmp
%UserProfile%\Recent\CLSV.dll
%UserProfile%\Recent\delfile.tmp
%UserProfile%\Recent\eb.dll
%UserProfile%\Recent\eb.drv
%UserProfile%\Recent\energy.tmp
%UserProfile%\Recent\exec.exe
%UserProfile%\Recent\gid.sys
%UserProfile%\Recent\hymt.tmp
%UserProfile%\Recent\pal.drv
%UserProfile%\Recent\PE.dll
%UserProfile%\Recent\PE.exe
%UserProfile%\Recent\PE.sys
%UserProfile%\Recent\PE.tmp
%UserProfile%\Recent\sld.exe
%UserProfile%\Recent\tjd.exe
%UserProfile%\Recent\tjd.tmp
%UserProfile%\Start Menu\Enterprise Suite.lnk
%UserProfile%\Start Menu\Programs\Enterprise Suite.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID
HKEY_LOCAL_MACHINE\software\Classes\xp_487c8.DocHostUIHandler
HKEY_LOCAL_MACHINE\software\Classes\xp_487c8.DocHostUIHandler\Clsid
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\a.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aAvgApi.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AAWTray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\About.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ackwin32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Ad-Aware.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\adaware.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\advxdwin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AdwarePrj.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\agent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\agentsvr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\agentw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\alertsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\alevir.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\alogserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AlphaAV
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AlphaAV.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AluSchedulerSvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\amon9x.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\anti-trojan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Anti-Virus Professional.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntispywarXP2009.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\antivirus.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusPlus
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusPlus.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusPro_2010.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusXP
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusXP.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\antivirusxppro2009.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntiVirus_Pro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ants.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\apimonitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aplica32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\apvxdwin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\arr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Arrakis3.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashAvast.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashBug.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashChest.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashCnsnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashDisp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashLogV.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashMaiSv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashPopWz.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashQuick.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashServ.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashSimp2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashSimpl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashSkPcc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashSkPck.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashUpd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashWebSv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aswChLic.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aswRegSvr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aswRunDll.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aswUpdSv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atcon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atguard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atro55en.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atupdater.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atwatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\au.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aupdate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\auto-protect.nav80try.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\autodown.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\autotrace.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\autoupdate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\av360.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avadmin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AVCare.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avcenter.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avciman.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avconfig.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avconsol.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ave32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AVENGINE.EXE
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgcc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgchk.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgcmgr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgcsrvx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgctrl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgdumpx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgemc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgiproxy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgnsx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgrsx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgscanx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgserv9.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgsrmax.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgtray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgupd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgwdsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avkpop.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avkserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avkservice.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avkwctl9.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avltmain.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avmailc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avmcdlg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avnotify.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avp32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avpcc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avpdos32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avpm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avptc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avpupd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avsched32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avsynmgr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avupgsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AVWEBGRD.EXE
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwin95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwinnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwsc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwupd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwupd32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwupsrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avxmonitor9x.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avxmonitornt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avxquar.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\b.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\backweb.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bargains.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdfvcl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdfvwiz.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\BDInProcPatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdmcon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\BDMsnScan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdreinit.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdsubwiz.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\BDSurvey.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdtkexec.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdwizreg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bd_professional.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\beagle.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\belt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bidef.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bidserver.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bipcp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bipcpevalsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bisp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\blackd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\blackice.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\blink.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\blss.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bootconf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bootwarn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\borg2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bpc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\brasil.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\brastk.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\brw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bs120.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bspatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bundle.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bvt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\c.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cavscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ccapp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ccevtmgr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ccpxysvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ccSvcHst.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cdp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfgwiz.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfiadmin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfiaudit.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfinet.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfinet32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfpconfg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfplogvw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfpupdat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Cl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\claw95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\claw95cf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\clean.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cleaner.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cleaner3.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cleanIELow.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cleanpc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\click.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmd32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmdagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmesys.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmgrdian.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmon016.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\connectionmonitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\control
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cpd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cpf9×206.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cpfnt206.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\crashrep.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\csc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cssconfg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cssupdat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cssurf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ctrl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cwnb181.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cwntdwmo.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\d.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\datemanager.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dcomx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\defalert.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\defscangui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\defwatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\deloeminfs.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\deputy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dllcache.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dllreg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\doors.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dop.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dpf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dpfsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dpps2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\driverctrl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\drwatson.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\drweb32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\drwebupw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dssagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dvp95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dvp95_0.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ecengine.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\efpeadm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\emsw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\esafe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\escanhnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\escanv95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\espwatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ethereal.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\etrustcipe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\evpn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\exantivirus-cnet.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\exe.avxw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\expert.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\explore.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\f-agnt95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\f-prot.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\f-prot95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\f-stopw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fact.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fameh32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fast.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fch32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fih32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\findviru.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\firewall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fixcfg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fixfp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fnrb32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fp-win.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fp-win_trial.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fprot.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\frmwrk32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\frw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsaa.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav530stbyb.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav530wtbyb.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsgk32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsm32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsma32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsmb32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gator.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gbmenu.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gbn976rl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gbpoll.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\generics.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gmt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\guard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\guarddog.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\guardgui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hacktracersetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hbinst.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hbsrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\History.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\homeav2010.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hotactio.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hotpatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\htlog.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\htpatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hwpe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hxdl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hxiul.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iamapp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iamserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iamstats.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ibmasn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ibmavsp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icload95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icloadnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icsupp95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icsuppnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Identity.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\idle.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iedll.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iedriver.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\IEShow.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iface.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ifw2000.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\inetlnfo.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\infus.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\infwin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\init.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\init32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\intdel.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\intren.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iomon98.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\istsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\jammer.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\jdbgmrg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\jedi.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\JsRcGen.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kavlite40eng.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kavpers40eng.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kavpf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kazza.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\keenvalue.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kerio-pf-213-en-win.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kerio-wrl-421-en-win.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kerio-wrp-421-en-win.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\killprocesssetup161.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\launcher.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ldnetmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ldpro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ldpromenu.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ldscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\licmgr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\livesrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lnetinfo.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\loader.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\localnet.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lockdown.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lockdown2000.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lookout.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lordpe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\luall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\luau.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lucomserver.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\luinit.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\luspt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\MalwareRemoval.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mapisvc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcmnhdlr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcmscsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcnasvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcproxy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\McSACore.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcshell.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcshield.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcsysmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mctool.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcupdate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcvsrte.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcvsshld.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\md.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mfin32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mfw2en.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mfweng3.02d30.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mgavrtcl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mgavrte.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mghtml.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mgui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\minilog.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mmod.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\monitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\moolive.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mostat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mpfagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mpfservice.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\MPFSrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mpftray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mrflux.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msa.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msapp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msbb.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msblast.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mscache.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msccn32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mscman.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msconfig
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msdm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msdos.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msiexec16.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mslaugh.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmgt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmsgri32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mssmmc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mssys.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msvxd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mu0311ad.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mwatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\n32scanw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navap.navapsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navapsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navapw32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navdx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navlu32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navstub.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navw32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navwnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nc2000.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ncinst4.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ndd32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\neomonitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\neowatchlog.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netarmor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netd32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netinfo.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netscanpro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netspyhunter-1.2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netutils.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nisserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nisum.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nmain.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nod32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\normist.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\norton_internet_secu_3.0_407.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\notstart.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\npf40_tw_98_nt_me_2k.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\npfmessenger.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nprotect.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\npscheck.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\npssvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nsched32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nssys32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nstask32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nsupdate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ntrtscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ntvdm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ntxconfig.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nupgrade.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nvarch16.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nvc95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nvsvc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nwinst4.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nwservice.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nwtool16.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\OAcat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\OAhlp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\OAReg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\oasrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\oaui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\oaview.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ODSW.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ollydbg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\onsrvr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\optimize.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ostronet.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\otfix.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\outpost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\outpostinstall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\outpostproinstall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ozn695m5.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\padmin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\panixk.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\patch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavcl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PavFnSvr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavproxy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavprsrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavsched.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavsrv51.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pccwin98.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pcfwallicon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pcip10117_0.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pcscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsAuxs.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsGui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsSvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsTray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PC_Antispyware2010.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pdfndr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pdsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PerAvir.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\periscope.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\persfw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\personalguard
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\personalguard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\perswf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pf2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pfwadmin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pgmonitr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pingscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\platin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pop3trap.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\poproxy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\popscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\portdetective.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\portmonitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\powerscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ppinupdt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pptbc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ppvstop.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\prizesurfer.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\prmt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\prmvr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\procdump.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\processmonitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\procexplorerv1.0.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\programauditor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\proport.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\protector.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\protectx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PSANCU.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PSANHost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PSANToManager.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PsCtrls.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PsImSvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PskSvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pspf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PSUNMain.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\purge.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\qconsole.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\qh.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\qserver.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Quick Heal.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\QuickHealCleaner.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rapapp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rav7.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rav7win.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rav8win32eng.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rb32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rcsync.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\realmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\reged.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\regedt32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rescue.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rescue32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rrguard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rscdwld.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rshell.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rtvscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rtvscn95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rulaunch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rwg
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rwg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SafetyKeeper.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\safeweb.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sahagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Save.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SaveArmor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SaveDefense.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SaveKeep.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\savenow.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sbserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scam32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scan32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scan95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scanpm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scrscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\seccenter.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Secure Veteran.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\secureveteran.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Security Center.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SecurityFighter.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\securitysoldier.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\serv95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\setloadorder.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\setupvameeval.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\setup_flowprotector_us.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sgssfw32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sh.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\shellspyinstall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\shield.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\shn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\showbehind.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\signcheck.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smart.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smartprotector.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smrtdefp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sms.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smss32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\snetcfg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\soap.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sofi.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SoftSafeness.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sperm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sphinx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spoler.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spoolcv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spoolsv32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spywarexpguard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spyxx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\srexe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\srng.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ss3edit.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ssgrate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ssg_4104.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\st2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\start.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\stcloader.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\supftrl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\support.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\supporter5.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\svc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\svchostc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\svchosts.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\svshost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sweep95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sweepnet.sweepsrv.sys.swnetsup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\symlcsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\symproxysvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\symtray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\system.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\system32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sysupd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\taskmgr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\taumon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tbscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tca.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tcm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tds-3.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tds2-98.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tds2-nt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\teekids.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tfak.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tfak5.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tgbob.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\titanin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\titaninxp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\TPSrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\trickler.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\trjscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\trjsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\trojantrap3.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\TrustWarrior.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tsadbot.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tsc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tvmd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tvtmd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\uiscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\undoboot.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\updat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\upgrad.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\upgrepl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\utpost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbcmserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbcons.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbust.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbwin9x.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbwinntw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vcsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vet32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vet95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vettray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vfsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vir-help.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\virusmdpersonalfirewall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\VisthAux.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\VisthLic.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\VisthUpd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vnlan300.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vnpc3000.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vpc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vpc42.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vpfw30s.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vptray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vscan40.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vscenu6.02d30.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsched.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsecomr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vshwin32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsisetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsmain.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsstat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vswin9xe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vswinntse.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vswinperse.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\w32dsm89.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\W3asbas.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\w9x.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\watchdog.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\webdav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\WebProxy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\webscanx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\webtrap.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wfindv32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\whoswatchingme.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wimmun32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\win-bugsfix.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\win32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\win32us.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winactive.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\windll32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\window.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\windows Police Pro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\windows.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wininetd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wininitx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winlogin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winmain.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winppr32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winrecon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winservn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winssk32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winstart.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winstart001.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wintsk32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winupdate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wkufind.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wnad.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wradmin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wrctrl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wsbgate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wscfxas.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wscfxav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wscfxfw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wsctool.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wupdater.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wupdt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wyvernworksfirewall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\xpdeluxe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\xpf202en.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\xp_antispyware.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zapro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zapsetup3001.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zatutor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zonalm2601.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zonealarm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\_avpcc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\_avpm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\~1.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\~2.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “Enterprise Suite”

Screenshots:

How to remove the infection of Enterprise Suite (Adware.Win32.EnterpriseSuite)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Control Center Adware Removal Instructions

admin — Mon, 16 Nov 2009 17:57:00 +0000

The Emsi Software malware research team has discoverd a new outbreak for the Control Center adware. a-squared Anti-Malware detect this malware as Adware.Win32.ControlCenter.

Control Center is a rogue application. It uses the misleading promotional methods to deceive their victims so willing to buy the program. When this application scan your computer, Control Center will shows you misleading scan results, but you will not be able to remove them until you purchase this fake application. And also, once installed, it will start automatically when starting Windows.

Create new files:

%UserProfile%\Application Data\CC\agent.exe
%UserProfile%\Application Data\CC\cc.exe
%UserProfile%\Application Data\CC\settings.ini
%UserProfile%\Application Data\CC\uninstall.exe
%UserProfile%\Application Data\CC\faq\guide.html
%UserProfile%\Application Data\CC\faq\images\05.png
%UserProfile%\Application Data\CC\faq\images\06.png
%UserProfile%\Application Data\CC\faq\images\07.png
%UserProfile%\Application Data\CC\faq\images\08.png
%UserProfile%\Application Data\CC\faq\images\09.png
%UserProfile%\Application Data\CC\faq\images\10.png
%UserProfile%\Desktop\Control center.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Control center
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “agent.exe”

Screenshots:

How to remove the infection of Adware.Win32.ControlCenter?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Emsisoft New Malware Blog

Antivir Solution Pro Adware Removal Instructions

Related Posts:

AntivirusGT Adware Removal Instructions

Related Posts:

Defense Center Adware Removal Instructions

Related Posts:

AV Security Suite Adware Removal Instructions

Related Posts:

Protection Center Adware Removal Instructions

Related Posts:

SysAntivirus Adware Removal Instructions

Related Posts:

Security Master AV Adware Removal Instructions

Related Posts:

Win Antispyware Center Adware Removal Instructions

Related Posts:

XJR Antivirus Adware Removal Instructions

Related Posts:

ByteDefender Adware Removal Instructions

Related Posts:

FakeCopyright Adware Removal Instructions

Related Posts:

Data Protection Adware Removal Instructions

Related Posts:

FakeSecurityEssentials Adware Removal Instructions

Related Posts:

RTS Antivirus 2010 Pro Adware Removal Instructions

Related Posts:

AKM Antivirus 2010 Pro Adware Removal Instructions

Related Posts:

PCommander Adware Removal Instructions

Related Posts:

A-fast Antivirus Adware Removal Instructions

Related Posts:

ACommander Adware Removal Instructions

Related Posts:

My Security Engine Adware Removal Instructions

Related Posts:

Digital Protection Adware Removal Instructions

Related Posts:

Antivirus Suite Adware Removal Instructions

Related Posts:

Control Components Adware Removal Instructions

Related Posts:

Antimalware Doctor Adware Removal Instructions

Related Posts:

Your Protection Adware Removal Instructions

Related Posts:

User Antivirus 2010 Adware Removal Instructions

Related Posts:

User Protection Adware Removal Instructions

Related Posts:

CleanUP Antivirus Adware Removal Instructions

Related Posts:

SystemIron Adware Removal Instructions

Related Posts:

Antivirus7 Adware Removal Instructions

Related Posts:

Smart Security Adware Removal Instructions

Related Posts:

Virus Protector Adware Removal Instructions

Related Posts:

Dr. Guard Adware Removal Instructions

Related Posts:

PC Defender Adware Removal Instructions

Related Posts:

Your PC Protector Adware Removal Instructions

Related Posts:

Desktop Security 2010 Adware Removal Instructions

Related Posts:

XP Micro Antivirus Adware Removal Instructions

Related Posts:

Security Essentials 2010 Adware Removal Instructions

Related Posts:

Security Antivirus Adware Removal Instructions

Related Posts:

XP Antivirus Pro 2010 Adware Removal Instructions

Related Posts:

SecurePcAv Adware Removal Instructions