Emsisoft New Malware Blog

Windows Pro Safety Release Rogue Removal Instructions

emsi — Fri, 18 May 2012 11:54:22 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Pro Safety Release. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsProSafetyRelease.

Windows Pro Safety Release is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Pro Safety Release.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Pro Safety Release.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows Pro Safety Release (Rogue.Win32.WindowsProSafetyRelease)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Safeguard Upgrade Rogue Removal Instructions

emsi — Thu, 17 May 2012 09:38:08 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Safeguard Upgrade. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsSafeguardUpgrade.

Windows Safeguard Upgrade is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Safeguard Upgrade.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Safeguard Upgrade.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows Safeguard Upgrade (Rogue.Win32.WindowsSafeguardUpgrade)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Secure Surfer Rogue Removal Instructions

emsi — Mon, 14 May 2012 02:21:08 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Secure Surfer. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsSecureSurfer.

Windows Secure Surfer is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Secure Surfer.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Secure Surfer.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows Secure Surfer (Rogue.Win32.WindowsSecureSurfer)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Be-on Guard Edition Rogue Removal Instructions

emsi — Sun, 13 May 2012 03:36:59 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Be-on Guard Edition. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsBeOnGuardEdition.

Windows Be-on Guard Edition is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Be-on-Guard Edition.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Be-on-Guard Edition.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows Be-on Guard Edition (Rogue.Win32.WindowsBeOnGuardEdition)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Abnormality Checker Rogue Removal Instructions

emsi — Fri, 11 May 2012 08:37:09 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Abnormality Checker. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsAbnormalityChecker.

Windows Abnormality Checker is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Abnormality Checker.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Abnormality Checker.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows Abnormality Checker (Rogue.Win32.WindowsAbnormalityChecker)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Pro Solutions Rogue Removal Instructions

emsi — Thu, 10 May 2012 10:53:00 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Pro Solutions. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsProSolutions.

Windows Pro Solutions is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Pro Solutions.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Pro Solutions.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows Pro Solutions (Rogue.Win32.WindowsProSolutions)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Sleek Performance Rogue Removal Instructions

emsi — Wed, 09 May 2012 11:26:37 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Sleek Performance. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsSleekPerformance.

Windows Sleek Performance is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Sleek Performance.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Sleek Performance.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows Sleek Performance (Rogue.Win32.WindowsSleekPerformance)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows ProSecurity Scanner Rogue Removal Instructions

emsi — Tue, 08 May 2012 11:24:42 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows ProSecurity Scanner. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsProSecurityScanner.

Windows ProSecurity Scanner is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows ProSecurity Scanner.lnk
%AllUsersProfile%\Start Menu\Programs\Windows ProSecurity Scanner.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows ProSecurity Scanner (Rogue.Win32.WindowsProSecurityScanner)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Total Anti Malware Protection Rogue Removal Instructions

emsi — Mon, 07 May 2012 09:00:27 +0000

The Emsisoft malware research team has discovered a new outbreak of the Total Anti Malware Protection. Emsisoft Anti-Malware detects this malware as Rogue.Win32.TotalAntiMalwareProtection.

Total Anti Malware Protection is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AllUsersProfile%\Application Data\2a967e\
%AllUsersProfile%\Application Data\2a967e\TAMPSys\
%AllUsersProfile%\Application Data\2a967e\BackUp\
%AllUsersProfile%\Application Data\2a967e\Quarantine Items\
%AllUsersProfile%\Application Data\2a967e\84.mof
%AllUsersProfile%\Application Data\2a967e\TAe0e_8011.exe
%AllUsersProfile%\Application Data\2a967e\TAMP.ico
%AllUsersProfile%\Application Data\TANAMNGQMP\
%AllUsersProfile%\Application Data\TANAMNGQMP\TASGMP.cfg
%AppData%\Total Anti Malware Protection\
%AppData%\Microsoft\Internet Explorer\Quick Launch\Total Anti Malware Protection.lnk
%UserProfile%\Desktop\Total Anti Malware Protection.lnk
%UserProfile%\Recent\CLSV.drv
%UserProfile%\Recent\CLSV.exe
%UserProfile%\Recent\CLSV.tmp
%UserProfile%\Recent\energy.tmp
%UserProfile%\Recent\exec.tmp
%UserProfile%\Recent\fan.exe
%UserProfile%\Recent\hymt.sys
%UserProfile%\Recent\kernel32.exe
%UserProfile%\Recent\PE.dll
%UserProfile%\Recent\ppal.exe
%UserProfile%\Recent\sld.exe
%UserProfile%\Recent\ANTIGEN.sys
%UserProfile%\Start Menu\Total Anti Malware Protection.lnk
%UserProfile%\Start Menu\Programs\Total Anti Malware Protection.lnk

Create/modify registry entries:

HKEY_LOCAL_MACHINE\Software\Classes\TAe0e_8011.DocHostUIHandler
Default = Implements DocHostUIHandler
Clsid = {3F2BBC05-40DF-11D2-9455-00104BC936FF}

HKEY_LOCAL_MACHINE\Software\Classes\clsid\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
Default = Implements DocHostUIHandler
LocalServer32 = %AllUsersProfile%\Application Data\2a967e\TAe0e_8011.exe
ProgID = TAe0e_8011.DocHostUIHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Total Anti Malware Protection = “%AllUsersProfile%\Application Data\2a967e\TAe0e_8011.exe” /s /d

HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes
URL = http://findgala.com/?&uid=8001&q={searchTerms}

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
MSCompatibilityMode = 0×00000000

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download
CheckExeSignatures = no
RunInvalidSignatures = 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer
IIL = 0×00000000
ltHI = 0×00000000
ltTST =0x00005f9f
PRS = ”http://127.0.0.1:27777/?inj=%ORIGINAL%”
RGF =0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
URL = http://findgala.com/?&uid=8001&q={searchTerms}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
MigrateProxy = 0×00000001
ProxyEnable = 0×00000000
UID = “8001″

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyByPass = 0×00000001
IntranetName = 0×00000001
UNCAsIntranet = 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Total Anti Malware Protection
DisplayName = “Total Anti Malware Protection”
DisplayIcon = “%AllUsersProfile%\Application Data\2a967e\TAe0e_8011.exe,0″
DisplayVersion = “1.1.0.1010″
InstallLocation = “%AllUsersProfile%\Application Data\2a967e\”
Publisher = “UIS Inc.”
UninstallString = “%AllUsersProfile%\Application Data\2a967e\TAe0e_8011.exe” /del”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe
Debugger = “svchost.exe”

many similar entries…

Screenshots:

To register and uninstall this rogue application, you can try the following serial number:

U2FD-S2LA-H4KA-UEPB

How to remove the infection of Total Anti Malware Protection (Rogue.Win32.TotalAntiMalwareProtection)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Best Antivirus Software Rogue Removal Instructions

emsi — Mon, 07 May 2012 07:53:40 +0000

The Emsisoft malware research team has discovered a new outbreak of the Best Antivirus Software. Emsisoft Anti-Malware detects this malware as Rogue.Win32.BestAntivirusSoftware.

Best Antivirus Software is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AllUsersProfile%\Application Data\2a967e\
%AllUsersProfile%\Application Data\2a967e\Quarantine Items\
%AllUsersProfile%\Application Data\2a967e\BackUp\
%AllUsersProfile%\Application Data\2a967e\BASSys\
%AllUsersProfile%\Application Data\2a967e\22.mof
%AllUsersProfile%\Application Data\2a967e\BA2a9_8001.exe
%AllUsersProfile%\Application Data\2a967e\BAS.ico
%AllUsersProfile%\Application Data\2a967e\bestantivirus.exe
%AllUsersProfile%\Application Data\BASVS\
%AllUsersProfile%\Application Data\BASVS\BAYZS.cfg
%AppData%\Best Antivirus Software\
%AppData%\Microsoft\Internet Explorer\Quick Launch\Best Antivirus Software.lnk
%UserProfile%\Desktop\Best Antivirus Software.lnk
%UserProfile%\Recent\DBOLE.tmp
%UserProfile%\Recent\dudl.drv
%UserProfile%\Recent\eb.exe
%UserProfile%\Recent\energy.exe
%UserProfile%\Recent\energy.sys
%UserProfile%\Recent\exec.dll
%UserProfile%\Recent\fan.exe
%UserProfile%\Recent\fix.dll
%UserProfile%\Recent\gid.dll
%UserProfile%\Recent\PE.exe
%UserProfile%\Recent\snl2w.tmp
%UserProfile%\Recent\std.dll
%UserProfile%\Recent\tjd.tmp
%UserProfile%\Recent\cb.drv
%UserProfile%\Recent\CLSV.exe
%UserProfile%\Start Menu\Best Antivirus Software.lnk
%UserProfile%\Start Menu\Programs\Best Antivirus Software.lnk
%Temp%\scandsk211d_8001.exe

Create/modify registry entries:

HKEY_LOCAL_MACHINE\Software\Classes\BA2a9_8001.DocHostUIHandler
Default = Implements DocHostUIHandler
Clsid = {3F2BBC05-40DF-11D2-9455-00104BC936FF}

HKEY_LOCAL_MACHINE\Software\Classes\clsid\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
Default = Implements DocHostUIHandler
LocalServer32 = %AllUsersProfile%\Application Data\2a967e\BA2a9_8001.exe
ProgID = BA2a9_8001.DocHostUIHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
BAS = “%AllUsersProfile%\Application Data\2a967e\BA2a9_8001.exe” /s
Best Antivirus Software = “%AllUsersProfile%\Application Data\2a967e\BA2a9_8001.exe” /s /d

HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes
URL = http://findgala.com/?&uid=8001&q={searchTerms}

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
MSCompatibilityMode = 0×00000000

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download
CheckExeSignatures = no
RunInvalidSignatures = 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer
IIL = 0×00000000
ltHI = 0×00000000
ltTST =0x00005f9f
PRS =”http://127.0.0.1:27777/?inj=%ORIGINAL%”
RGF =0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
URL = http://findgala.com/?&uid=8001&q={searchTerms}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
MigrateProxy = 0×00000001
ProxyEnable = 0×00000000
UID = “8001″

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyByPass = 0×00000001
IntranetName = 0×00000001
UNCAsIntranet = 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Best Antivirus Software
DisplayName = “Best Antivirus Software”
DisplayIcon = “%AllUsersProfile%\Application Data\2a967e\BA2a9_8001.exe,0″
DisplayVersion = “1.1.0.1010″
InstallLocation = “%AllUsersProfile%\Application Data\2a967e\”
Publisher = “UIS Inc.”
UninstallString = “%AllUsersProfile%\Application Data\2a967e\BA2a9_8001.exe” /del”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV
Debugger = “svchost.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe
Debugger = “svchost.exe”

many similar entries…

Screenshots:

To register and uninstall this rogue application, you can try the following serial number:

U2FD-S2LA-H4KA-UEPB

How to remove the infection of Best Antivirus Software (Rogue.Win32.BestAntivirusSoftware)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Advanced User Patch Rogue Removal Instructions

emsi — Mon, 07 May 2012 03:54:04 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Advanced User Patch. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsAdvancedUserPatch.

Windows Advanced User Patch is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Advanced User Patch.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Advanced User Patch.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows Advanced User Patch (Rogue.Win32.WindowsAdvancedUserPatch)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Pro Web Helper Rogue Removal Instructions

emsi — Mon, 07 May 2012 03:41:45 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Pro Web Helper. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsProWebHelper.

Windows Pro Web Helper is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Pro Web Helper.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Pro Web Helper.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows Pro Web Helper (Rogue.Win32.WindowsProWebHelper)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Internet Booster Rogue Removal Instructions

emsi — Mon, 07 May 2012 03:28:39 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Internet Booster. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsInternetBooster.

Windows Internet Booster is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Internet Booster.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Internet Booster.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows Internet Booster (Rogue.Win32.WindowsInternetBooster)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Safety Module Rogue Removal Instructions

emsi — Tue, 01 May 2012 13:41:33 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Safety Module. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsSafetyModule.

Windows Safety Module is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Safety Module.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Safety Module.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows Safety Module (Rogue.Win32.WindowsSafetyModule)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Recovery Series Rogue Removal Instructions

emsi — Mon, 30 Apr 2012 09:26:07 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Recovery Series. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsRecoverySeries.

Windows Recovery Series is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Recovery Series.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Recovery Series.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows Recovery Series (Rogue.Win32.WindowsRecoverySeries)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Data Recovery Rogue Removal Instructions

emsi — Mon, 30 Apr 2012 03:49:23 +0000

The Emsisoft malware research team has discovered a new outbreak of the Data Recovery. Emsisoft Anti-Malware detects this malware as Rogue.Win32.DataRecovery.b.

Data Recovery is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AllUsersProfile%\Application Data\peNIiagqcfvoe9
%AllUsersProfile%\Application Data\peNIiagqcfvoe9.exe
%AllUsersProfile%\Application Data\-peNIiagqcfvoe9
%AllUsersProfile%\Application Data\-peNIiagqcfvoe9r
%AppData%\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
%UserProfile%\Desktop\Data_Recovery.lnk
%UserProfile%\Desktop\Data_Recovery_License.txt
%UserProfile%\Local Settings\Temp\license.dat
%UserProfile%\Local Settings\Temp\RZQQnkXDzMfhGS.exe.tmp
%UserProfile%\Start Menu\Programs\Data Recovery\
%UserProfile%\Start Menu\Programs\Data Recovery\Data Recovery.lnk
%UserProfile%\Start Menu\Programs\Data Recovery\Uninstall Data Recovery.lnk

Create/modify registry entries:

HKEY_CURRENT_USER\software\
nsreg = 00000000
pth = 43003A005C0044006F00630075006D0065006E0074007300200061006E…

HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\Download\
CheckExeSignatures = no

HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\Main\
Use FormSuggest = Yes

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
TaskbarGlomming = empty
TaskbarGlomLevel = 0×02000000
Hidden = empty
ShowSuperHidden = empty
Start_ShowUser = 0×01000000
Start_ShowControlPanel = 0×01000000
Start_ShowHelp = 0×01000000
Start_ShowMyComputer = 0×01000000
Start_ShowMyDocs = 0×01000000
Start_ShowMyMusic = 0×01000000
Start_ShowMyGames = 0×01000000
Start_ShowMyPics = 0×01000000
Start_ShowPrinters = 0×01000000
Start_ShowRecentDocs = 0×01000000
Start_ShowRun = 0×01000000
Start_ShowSearch = 0×01000000
Start_ShowSetProgramAccessAndDefaults = 0×01000000
Start_ShowNetConn = 0×01000000
Start_ShowNetPlaces = 0×01000000

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Policies\Associations\
LowRiskFileTypes = .zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;…

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Policies\Attachments\
SaveZoneInformation = 0×01000000

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run\
peNIiagqcfvoe9 = %AllUsersProfile%\Application Data\peNIiagqcfvoe9.exe

Screenshosts:

To register this rogue application you can try the following serial number and enter any email:

08869246386344953972969146034087

How to remove the infection of Data Recovery (Rogue.Win32.DataRecovery.b)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Safety Checkpoint Rogue Removal Instructions

emsi — Fri, 27 Apr 2012 13:01:08 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Safety Checkpoint. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsSafetyCheckpoint.

Windows Safety Checkpoint is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Safety Checkpoint.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Safety Checkpoint.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows Safety Checkpoint (Rogue.Win32.WindowsSafetyCheckpoint)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Premium Guard Rogue Removal Instructions

emsi — Thu, 26 Apr 2012 06:44:16 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Premium Guard. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsPremiumGuard.

Windows Premium Guard is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Premium Guard.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Premium Guard.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows Premium Guard (Rogue.Win32.WindowsPremiumGuard)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Efficiency Accelerator Rogue Removal Instructions

emsi — Wed, 25 Apr 2012 14:03:46 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Efficiency Accelerator. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsEfficiencyAccelerator.

Windows Efficiency Accelerator is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Efficiency Accelerator.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Efficiency Accelerator.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows Efficiency Accelerator (Rogue.Win32.WindowsEfficiencyAccelerator)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Performance Adviser Rogue Removal Instructions

emsi — Wed, 25 Apr 2012 05:14:48 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Performance Adviser. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsPerformanceAdviser.

Windows Performance Adviser is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Performance Adviser.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Performance Adviser.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows Performance Adviser (Rogue.Win32.WindowsPerformanceAdviser)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Safety Toolkit Rogue Removal Instructions

emsi — Mon, 23 Apr 2012 02:59:26 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Safety Toolkit. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsSafetyToolkit.

Windows Safety Toolkit is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Safety Toolkit.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Safety Toolkit.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows Safety Toolkit (Rogue.Win32.WindowsSafetyToolkit)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Foolproof Protector Rogue Removal Instructions

emsi — Fri, 20 Apr 2012 08:49:53 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Foolproof Protector. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsFoolproofProtector.

Windows Foolproof Protector is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Foolproof Protector.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Foolproof Protector.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows Foolproof Protector (Rogue.Win32.WindowsFoolproofProtector)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Guard Solutions Rogue Removal Instructions

emsi — Wed, 18 Apr 2012 11:12:11 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Guard Solutions. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsGuardSolutions.

Windows Guard Solutions is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Guard Solutions.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Guard Solutions.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows Guard Solutions (Rogue.Win32.WindowsGuardSolutions)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Crucial Scanner Rogue Removal Instructions

emsi — Wed, 18 Apr 2012 02:22:15 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Crucial Scanner. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsCrucialScanner.

Windows Crucial Scanner is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Crucial Scanner.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Crucial Scanner.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows Crucial Scanner (Rogue.Win32.WindowsCrucialScanner)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Safety Manager Rogue Removal Instructions

emsi — Tue, 17 Apr 2012 10:35:37 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Safety Manager. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsSafetyManager.

Windows Safety Manager is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Safety Manager.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Safety Manager.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows Safety Manager (Rogue.Win32.WindowsSafetyManager)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Antivirus Patch Rogue Removal Instructions

emsi — Tue, 17 Apr 2012 05:23:28 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Antivirus Patch. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsAntivirusPatch.

Windows Antivirus Patch is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Antivirus Patch.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Antivirus Patch.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows Antivirus Patch (Rogue.Win32.WindowsAntivirusPatch)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Protection Unit Rogue Removal Instructions

emsi — Tue, 17 Apr 2012 05:14:21 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Protection Unit. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsProtectionUnit.

Windows Protection Unit is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Protection Unit.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Protection Unit.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows Protection Unit (Rogue.Win32.WindowsProtectionUnit)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Antibreaking System Rogue Removal Instructions

emsi — Wed, 11 Apr 2012 08:33:32 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Antibreaking System. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsAntibreakingSystem.

Windows Antibreaking System is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Antibreaking System.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Antibreaking System.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows Antibreaking System (Rogue.Win32.WindowsAntibreakingSystem)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Component Protector Rogue Removal Instructions

emsi — Tue, 10 Apr 2012 10:13:23 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Component Protector. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsComponentProtector.

Windows Component Protector is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Component Protector.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Component Protector.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows Component Protector (Rogue.Win32.WindowsComponentProtector)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Stability Maximizer Rogue Removal Instructions

emsi — Mon, 09 Apr 2012 14:42:22 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Stability Maximizer. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsStabilityMaximizer.

Windows Stability Maximizer is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Stability Maximizer.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Stability Maximizer.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows Stability Maximizer (Rogue.Win32.WindowsStabilityMaximizer)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Cleaning Tools Rogue Removal Instructions

emsi — Mon, 09 Apr 2012 13:45:30 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Cleaning Tools. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsCleaningTools.

Windows Cleaning Tools is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Cleaning Tools.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Cleaning Tools.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows Cleaning Tools (Rogue.Win32.WindowsCleaningTools)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Efficiency Reservoir Rogue Removal Instructions

emsi — Mon, 09 Apr 2012 04:01:44 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Efficiency Reservoir. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsEfficiencyReservoir.

Windows Efficiency Reservoir is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Efficiency Reservoir.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Efficiency Reservoir.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows Efficiency Reservoir (Rogue.Win32.WindowsEfficiencyReservoir)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Care Taker Rogue Removal Instructions

emsi — Fri, 06 Apr 2012 03:31:24 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Care Taker. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsCareTaker.

Windows Care Taker is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Care Taker.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Care Taker.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows Care Taker (Rogue.Win32.WindowsCareTaker)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Custodian Utility Rogue Removal Instructions

emsi — Wed, 04 Apr 2012 11:36:53 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Custodian Utility. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsCustodianUtility.

Windows Custodian Utility is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Custodian Utility.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Custodian Utility.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows Custodian Utility (Rogue.Win32.WindowsCustodianUtility)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Advanced Antispyware Solution Rogue Removal Instructions

emsi — Tue, 03 Apr 2012 19:42:29 +0000

The Emsisoft malware research team has discovered a new outbreak of the Advanced Antispyware Solution. Emsisoft Anti-Malware detects this malware as Rogue.Win32.AdvancedAntispywareSolution.

Advanced Antispyware Solution is a rogue scanner application, another variant of Home Malware Cleaner, SmartAntiMalwareProtection, Antivirus Smart Protection, Malware Protection Center and Internet Security Guard. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Advanced Antispyware Solution
%AppData%\Microsoft\Internet Explorer\Quick Launch\Advanced Antispyware Solution.lnk
%UserProfile%\Desktop\Advanced Antispyware Solution.lnk
%UserProfile%\Recent\ANTIGEN.sys
%UserProfile%\Recent\CLSV.dll
%UserProfile%\Recent\CLSV.drv
%UserProfile%\Recent\ddv.sys
%UserProfile%\Recent\dudl.tmp
%UserProfile%\Recent\eb.dll
%UserProfile%\Recent\energy.sys
%UserProfile%\Recent\exec.exe
%UserProfile%\Recent\FW.dll
%UserProfile%\Recent\grid.dll
%UserProfile%\Recent\hymt.sys
%UserProfile%\Recent\pal.dll
%UserProfile%\Recent\PE.dll
%UserProfile%\Recent\PE.drv
%UserProfile%\Recent\ppal.tmp
%UserProfile%\Recent\SM.tmp
%UserProfile%\Recent\tempdoc.tmp
%UserProfile%\Start Menu\Advanced Antispyware Solution.lnk
%UserProfile%\Start Menu\Programs\Advanced Antispyware Solution.lnk
%AllUsersProfile%\Application Data\2a967e
%AllUsersProfile%\Application Data\2a967e\75.mof
%AllUsersProfile%\Application Data\2a967e\AA2a9_8010.exe
%AllUsersProfile%\Application Data\2a967e\AAS.ico
%AllUsersProfile%\Application Data\2a967e\aasolution.exe
%AllUsersProfile%\Application Data\2a967e\AASSys
%AllUsersProfile%\Application Data\2a967e\Quarantine Items
%AllUsersProfile%\Application Data\AAETFS
%AllUsersProfile%\Application Data\AAETFS\AALYASUAS.cfg

Create/modify registry entries:

HKEY_LOCAL_MACHINE\Software\Classes\AA2a9_8010.DocHostUIHandler
Default = Implements DocHostUIHandler
Clsid = {3F2BBC05-40DF-11D2-9455-00104BC936FF}

HKEY_LOCAL_MACHINE\Software\Classes\clsid\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
Default = Implements DocHostUIHandler
LocalServer32 = %AllUsersProfile%\Application Data\2a967e\AA2a9_8010.exe
ProgID = AA2a9_8010.DocHostUIHandler

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Anti-Virus Professional.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntispywarXP2009.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPro_2010.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxppro2009.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus_Pro.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cl.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\frmwrk32.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gav.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe \
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MalwareRemoval.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pav.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pc.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsAuxs.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsGui.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsTray.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PC_Antispyware2010.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdfndr.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PerAvir.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\qh.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quick Heal.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\QuickHealCleaner.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Save.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveArmor.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveDefense.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveKeep.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secure Veteran.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\secureveteran.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Security Center.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityFighter.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\securitysoldier.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smart.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartprotector.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smrtdefp.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SoftSafeness.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spywarexpguard.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrustWarrior.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsc.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\W3asbas.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winav.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windll32.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows Police Pro.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpdeluxe.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp_antispyware.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe\
Debugger = svchost.exe

HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\Download\
CheckExeSignatures = no
RunInvalidSignatures = 01000000

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run\
AAS = “%AllUsersProfile%\Application Data\2a967e\AA2a9_8010.exe” /s
Advanced Antispyware Solution = “%AllUsersProfile%\Application Data\2a967e\AA2a9_8010.exe” /s /d

Screenshots:

To register and uninstall this rogue application, you can try the following serial number:

U2FD-S2LA-H4KA-UEPB

How to remove the infection of Advanced Antispyware Solution (Rogue.Win32.AdvancedAntispywareSolution)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Shielding Utility Rogue Removal Instructions

emsi — Tue, 03 Apr 2012 09:39:09 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Shielding Utility. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsShieldingUtility.

Windows Shielding Utility is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Shielding Utility.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Shielding Utility.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows Shielding Utility (Rogue.Win32.WindowsShieldingUtility)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

SMART HDD Rogue Removal Instructions

emsi — Mon, 02 Apr 2012 14:20:15 +0000

The Emsisoft malware research team has discovered a new outbreak of the SMART HDD. Emsisoft Anti-Malware detects this malware as Rogue.Win32.SmartHDD.b.

SMART HDD (or S.M.A.R.T HDD) is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AllUsersProfile%\Application Data\-ch1+6T~]V&zN,
%AllUsersProfile%\Application Data\-ch1+6T~]V&zN,r
%AllUsersProfile%\Application Data\ch1+6T~]V&zN,
%AllUsersProfile%\Application Data\ch1+6T~]V&zN,.exe
%AppData%\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
%UserProfile%\Desktop\SMART_HDD.lnk
%UserProfile%\Desktop\SMART_HDD_License.txt
%UserProfile%\Start Menu\Programs\SMART HDD\
%UserProfile%\Start Menu\Programs\SMART HDD\SMART HDD.lnk
%UserProfile%\Start Menu\Programs\SMART HDD\Uninstall SMART HDD.lnk

Create / modify registry entries:

HKEY_CURRENT_USER|\Software\Microsoft\Windows\CurrentVersion\Run
ch1+6T~]V&zN, = %AllUsersProfile%\Application Data\ch1+6T~]V&zN,.exe

HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\Main\
Use FormSuggest = Yes

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
WarnOnZoneCrossing = 0×00000000
WarnonBadCertRecving = 0×00000000
CertificateRevocation = 0×00000000

Screenshots:

To register this rogue application you can try the following serial number and enter any email:

15801587234612645205224631045976

How to remove the infection of SMART HDD (Rogue.Win32.SmartHDD.b)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Warding System Rogue Removal Instructions

emsi — Mon, 02 Apr 2012 13:29:20 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Warding System. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsWardingSystem.

Windows Warding System is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Warding System.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Warding System.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows Warding System (Rogue.Win32.WindowsWardingSystem)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows First-Class Protector Rogue Removal Instructions

emsi — Mon, 02 Apr 2012 13:23:12 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows First-Class Protector. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsFirstClassProtector.

Windows First-Class Protector is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows First-Class Protector.lnk
%AllUsersProfile%\Start Menu\Programs\Windows First-Class Protector.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows First-Class Protector (Rogue.Win32.WindowsFirstClassProtector)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Activity Debugger Rogue Removal Instructions

emsi — Mon, 02 Apr 2012 13:05:24 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Activity Debugger. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsActivityDebugger.

Windows Activity Debugger is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Activity Debugger.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Activity Debugger.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows Activity Debugger (Rogue.Win32.WindowsActivityDebugger)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Trouble Taker Rogue Removal Instructions

emsi — Fri, 30 Mar 2012 09:37:18 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Trouble Taker. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsTroubleTaker.

Windows Trouble Taker is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Trouble Taker.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Trouble Taker.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

To register this rogue application you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows Trouble Taker (Rogue.Win32.WindowsTroubleTaker)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Defending Center Rogue Removal Instructions

emsi — Wed, 28 Mar 2012 08:49:31 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Defending Center. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsDefendingCenter.

Windows Defending Center is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Defending Center.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Defending Center.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

To register this rogue application, you can try the following serial number:

0W000-000B0-00T00-E0020

How to remove the infection of Windows Defending Center (Rogue.Win32.WindowsDefendingCenter)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows No-Risk Agent Rogue Removal Instructions

emsi — Tue, 27 Mar 2012 13:14:32 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows No-Risk Agent. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsNoRiskAgent.

Windows No-Risk Agent is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows No-Risk Agent.lnk
%AllUsersProfile%\Start Menu\Programs\Windows No-Risk Agent.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

How to remove the infection of Windows No-Risk Agent (Rogue.Win32.WindowsNoRiskAgent)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Debug Center Rogue Removal Instructions

emsi — Tue, 27 Mar 2012 07:09:06 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Debug Center. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsDebugCenter.

Windows Debug Center is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Debug Center.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Debug Center.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

How to remove the infection of Windows Debug Center (Rogue.Win32.WindowsDebugCenter)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows AntiHazard Helper Rogue Removal Instructions

emsi — Tue, 27 Mar 2012 06:58:53 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows AntiHazard Helper. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsAntiHazardHelper.

Windows AntiHazard Helper is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows AntiHazard Helper.lnk
%AllUsersProfile%\Start Menu\Programs\Windows AntiHazard Helper.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

How to remove the infection of Windows AntiHazard Helper (Rogue.Win32.WindowsAntiHazardHelper)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Software Saver Rogue Removal Instructions

emsi — Mon, 26 Mar 2012 08:20:50 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Software Saver. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsSoftwareSaver.

Windows Software Saver is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Software Saver.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Software Saver.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

How to remove the infection of Windows Software Saver (Rogue.Win32.WindowsSoftwareSaver)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Antihazard Center Rogue Removal Instructions

emsi — Fri, 23 Mar 2012 11:50:01 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows AntiHazard Center. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsAntiHazardCenter.

Windows AntiHazard Center is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows AntiHazard Center.lnk
%AllUsersProfile%\Start Menu\Programs\Windows AntiHazard Center.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

How to remove the infection of Windows AntiHazard Center (Rogue.Win32.WindowsAntiHazardCenter)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Process Director Rogue Removal Instructions

emsi — Thu, 22 Mar 2012 08:03:14 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Process Director. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsProcessDirector.

Windows Process Director is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Process Director.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Process Director.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

How to remove the infection of Windows Process Director (Rogue.Win32.WindowsProcessDirector)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Guardian Angel Rogue Removal Instructions

emsi — Wed, 21 Mar 2012 14:42:05 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Guardian Angel. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsGuardianAngel.

Windows Guardian Angel is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Guardian Angel.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Guardian Angel.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

How to remove the infection of Windows Guardian Angel (Rogue.Win32.WindowsGuardianAngel)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows No-Risk Center Rogue Removal Instructions

emsi — Tue, 20 Mar 2012 06:19:53 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows No-Risk Center. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsNoRiskCenter.

Windows No-Risk Center is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows No-Risk Center.lnk
%AllUsersProfile%\Start Menu\Programs\Windows No-Risk Center.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

How to remove the infection of Windows No-Risk Center (Rogue.Win32.WindowsNoRiskCenter)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Software Keeper Rogue Removal Instructions

emsi — Tue, 20 Mar 2012 06:02:55 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Software Keeper. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsSoftwareKeeper.

Windows Software Keeper is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Software Keeper.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Software Keeper.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

How to remove the infection of Windows Software Keeper (Rogue.Win32.WindowsSoftwareKeeper)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Problems Stopper Rogue Removal Instructions

emsi — Mon, 19 Mar 2012 08:22:56 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Problems Stopper. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsProblemsStopper.

Windows Problems Stopper is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Problems Stopper.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Problems Stopper.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

How to remove the infection of Windows Problems Stopper (Rogue.Win32.WindowsProblemsStopper)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Antihazard Solution Rogue Removal Instructions

emsi — Fri, 16 Mar 2012 11:42:27 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Antihazard Solution. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsAntihazardSolution.

Windows Antihazard Solution is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%UserProfile%\Local Settings\Application Data\Protector-[random].exe
%UserProfile%\Local Settings\Application Data\result.db
%UserProfile%\Desktop\Windows Antihazard Solution.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Antihazard Solution.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %UserProfile%\Local Settings\Application Data\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

How to remove the infection of Windows Antihazard Solution (Rogue.Win32.WindowsAntihazardSolution)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Risk Minimizer Rogue Removal Instructions

emsi — Thu, 15 Mar 2012 15:03:11 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Risk Minimizer. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsRiskMinimizer.

Windows Risk Minimizer is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%UserProfile%\Local Settings\Application Data\Protector-[random].exe
%UserProfile%\Local Settings\Application Data\result.db
%UserProfile%\Desktop\Windows Risk Minimizer.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Risk Minimizer.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %UserProfile%\Local Settings\Application Data\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

How to remove the infection of Windows Risk Minimizer (Rogue.Win32.WindowsRiskMinimizer)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Managing System Rogue Removal Instructions

emsi — Wed, 14 Mar 2012 13:47:50 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Managing System. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsManagingSystem.

Windows Managing System is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Managing System.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Managing System.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

How to remove the infection of Windows Managing System (Rogue.Win32.WindowsManagingSystem)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Tools Patch Rogue Removal Instructions

emsi — Tue, 13 Mar 2012 16:10:41 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Tools Patch. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsToolsPatch.

Windows Tools Patch is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Tools Patch.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Tools Patch.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

How to remove the infection of Windows Tools Patch (Rogue.Win32.WindowsToolsPatch)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Antimalware PC Safety Rogue Removal Instructions

emsi — Thu, 08 Mar 2012 08:10:24 +0000

The Emsisoft malware research team has discovered a new outbreak of the Antimalware PC Safety. Emsisoft Anti-Malware detects this malware as Rogue.Win32.AntimalwarePCSafety.

Antimalware PC Safety is a rogue scanner application, another variant of Best Virus Protection, Home Malware Cleaner, SmartAntiMalwareProtection, Antivirus Smart Protection, Malware Protection Center and Internet Security Guard. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AllUsersProfile%\Application Data\4f893a\
%AllUsersProfile%\Application Data\4f893a\873.mof
%AllUsersProfile%\Application Data\4f893a\AP4f8_8010.exe
%AllUsersProfile%\Application Data\4f893a\APCS.ico
%AllUsersProfile%\Application Data\4f893a\BackUp\
%AllUsersProfile%\Application Data\4f893a\Quarantine Items\
%AllUsersProfile%\Application Data\APGRBYPRCS\
%AllUsersProfile%\Application Data\APGRBYPRCS\APLHODBCS.cfg
%AppData%\Antimalware PC Safety\
%AppData%\Microsoft\Internet Explorer\Quick Launch\Antimalware PC Safety.lnk
%UserProfile%\Desktop\Antimalware PC Safety.lnk
%Temp%\scandsk211d_8010.exe
%Temp%\del.bat
%UserProfile%\Start Menu\Antimalware PC Safety.lnk
%UserProfile%\Start Menu\Programs\Antimalware PC Safety.lnk

Create/modify registry entries:

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\
URL = http://findgala.com/?&uid=8074&q={searchTerms}

HKEY_CURRENT_USER\software\3

HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\
ltTST = 91540000

HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\Download\
CheckExeSignatures = no
RunInvalidSignatures = 01000000

HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\SearchScopes\
URL = http://findgala.com/?&uid=8074&q={searchTerms}

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun = 01000000

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\
0 = msseces.exe
1 = MSASCui.exe
2 = ekrn.exe
3 = egui.exe
4 = avgnt.exe
5 = avcenter.exe
6 = avscan.exe
7 = avgfrw.exe
8 = avgui.exe
9 = avgtray.exe
10 = avgscanx.exe
11 = avgcfgex.exe
12 = avgemc.exe
13 = avgchsvx.exe
14 = avgcmgr.exe
15 = avgwdsvc.exe

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run\
BVP = “%AllUsersProfile%\Application Data\4f893a\AP4f8_8010.exe” /s
Best Virus Protection = “%AllUsersProfile%\Application Data\4f893a\AP4f8_8010.exe” /s /d

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\RunOnce\
BVP = “%Temp%\scandsk211d_8010.exe” /cs:0

HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\
URL = http://findgala.com/?&uid=8074&q={searchTerms}

HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\
URL = http://findgala.com/?&uid=8074&q={searchTerms}

HKEY_USERS\S-1-5-19_Classes\Software\Microsoft\Internet Explorer\SearchScopes\
URL = http://findgala.com/?&uid=8074&q={searchTerms}

HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\
URL = http://findgala.com/?&uid=8074&q={searchTerms}

HKEY_USERS\S-1-5-20_Classes\Software\Microsoft\Internet Explorer\SearchScopes\
URL = http://findgala.com/?&uid=8074&q={searchTerms}

HKEY_LOCAL_MACHINE\Software\Classes\AP4f8_8010.DocHostUIHandler
(Default) = Implements DocHostUIHandler
Clsid = {3F2BBC05-40DF-11D2-9455-00104BC936FF}

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
(Default) = Implements DocHostUIHandler
LocalServer32 = %AllUsersProfile%\Application Data\4f893a\AP4f8_8010.exe
ProgID = AP4f8_8010.DocHostUIHandler

HKEY_LOCAL_MACHINE\Software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\Software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\Software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\Software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\Software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\Software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\Software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\Software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\Software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe

many similar entries…

Screenshots:

To register and uninstall this rogue application, you can try the following serial number:

U2FD-S2LA-H4KA-UEPB

How to remove the infection of Antimalware PC Safety (Rogue.Win32.AntimalwarePCSafety)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Best Virus Protection Rogue Removal Instructions

emsi — Thu, 08 Mar 2012 07:09:39 +0000

The Emsisoft malware research team has discovered a new outbreak of the Best Virus Protection. Emsisoft Anti-Malware detects this malware as Rogue.Win32.BestVirusProtection.

Best Virus Protection is a rogue scanner application, another variant of Home Malware Cleaner, SmartAntiMalwareProtection, Antivirus Smart Protection, Malware Protection Center and Internet Security Guard. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AllUsersProfile%\Application Data\4f893a\
%AllUsersProfile%\Application Data\4f893a\BV4f8_8074.exe
%AllUsersProfile%\Application Data\4f893a\BVP.ico
%AllUsersProfile%\Application Data\4f893a\BackUp\
%AllUsersProfile%\Application Data\4f893a\BVPSys\
%AllUsersProfile%\Application Data\4f893a\Quarantine Items\
%AllUsersProfile%\Application Data\4f893a\7467.mof
%AllUsersProfile%\Application Data\BVJNZDSZHP\
%AllUsersProfile%\Application Data\BVJNZDSZHP\BVSUKYOP.cfg
%AppData%\Best Virus Protection\
%AppData%\Microsoft\Internet Explorer\Quick Launch\Best Virus Protection.lnk
%UserProfile%\Desktop\Best Virus Protection.lnk
%Temp%\scandsk1007d_8074.exe
%Temp%\del.bat
%UserProfile%\Recent\exec.exe
%UserProfile%\Recent\hymt.exe
%UserProfile%\Start Menu\Best Virus Protection.lnk
%UserProfile%\Start Menu\Programs\Best Virus Protection.lnk

Create/modify registry entries:

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\
URL = http://findgala.com/?&uid=8074&q={searchTerms}

HKEY_CURRENT_USER\software\3

HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\
ltTST = 91540000

HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\Download\
CheckExeSignatures = no
RunInvalidSignatures = 01000000

HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\SearchScopes\
URL = http://findgala.com/?&uid=8074&q={searchTerms}

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun = 01000000

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\
0 = msseces.exe
1 = MSASCui.exe
2 = ekrn.exe
3 = egui.exe
4 = avgnt.exe
5 = avcenter.exe
6 = avscan.exe
7 = avgfrw.exe
8 = avgui.exe
9 = avgtray.exe
10 = avgscanx.exe
11 = avgcfgex.exe
12 = avgemc.exe
13 = avgchsvx.exe
14 = avgcmgr.exe
15 = avgwdsvc.exe

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run\
BVP = “%AllUsersProfile%\Application Data\4f893a\BV4f8_8074.exe” /s
Best Virus Protection = “%AllUsersProfile%\Application Data\4f893a\BV4f8_8074.exe” /s /d

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\RunOnce\
BVP = “%Temp%\scandsk1007d_8074.exe” /cs:0

HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\
URL = http://findgala.com/?&uid=8074&q={searchTerms}

HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\
URL = http://findgala.com/?&uid=8074&q={searchTerms}

HKEY_USERS\S-1-5-19_Classes\Software\Microsoft\Internet Explorer\SearchScopes\
URL = http://findgala.com/?&uid=8074&q={searchTerms}

HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\
URL = http://findgala.com/?&uid=8074&q={searchTerms}

HKEY_USERS\S-1-5-20_Classes\Software\Microsoft\Internet Explorer\SearchScopes\
URL = http://findgala.com/?&uid=8074&q={searchTerms}

HKEY_LOCAL_MACHINE\Software\Classes\BV4f8_8074.DocHostUIHandler
(Default) = Implements DocHostUIHandler
Clsid = {3F2BBC05-40DF-11D2-9455-00104BC936FF}

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
(Default) = Implements DocHostUIHandler
LocalServer32 = %AllUsersProfile%\Application Data\4f893a\BV4f8_8074.exe
ProgID = BV4f8_8074.DocHostUIHandler

HKEY_LOCAL_MACHINE\Software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\Software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\Software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\Software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\Software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\Software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\Software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\Software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\Software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe

many similar entries…

Screenshots:

To register and uninstall this rogue application, you can try the following serial number:

U2FD-S2LA-H4KA-UEPB

How to remove the infection of Best Virus Protection (Rogue.Win32.BestVirusProtection)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Personal Doctor Rogue Removal Instructions

emsi — Thu, 08 Mar 2012 05:41:15 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Personal Doctor. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsPersonalDoctor.

Windows Personal Doctor is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%AppData%\NPSWF32.dll
%AppData%\npswf32.tmp
%UserProfile%\Desktop\Windows Personal Doctor.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Personal Doctor.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

How to remove the infection of Windows Personal Doctor (Rogue.Win32.WindowsPersonalDoctor)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Personal Detective Rogue Removal Instructions

emsi — Wed, 07 Mar 2012 18:40:40 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Personal Detective. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsPersonalDetective.

Windows Personal Detective is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-[random].exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Personal Detective.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Personal Detective.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

How to remove the infection of Windows Personal Detective (Rogue.Win32.WindowsPersonalDetective)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Malware Sleuth Rogue Removal Instructions

emsi — Tue, 06 Mar 2012 12:10:27 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Malware Sleuth. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsMalwareSleuth.

Windows Malware Sleuth is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-ogp.exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Malware Sleuth.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Malware Sleuth.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-ogp.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

How to remove the infection of Windows Malware Sleuth (Rogue.Win32.WindowsMalwareSleuth)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Trojans Inspector Rogue Removal Instructions

emsi — Tue, 06 Mar 2012 12:05:01 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Trojans Inspector. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsTrojansInspector.

Windows Trojans Inspector is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-thg.exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Trojans Inspector.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Trojans Inspector.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-thg.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

How to remove the infection of Windows Trojans Inspector (Rogue.Win32.WindowsTrojansInspector)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Attacks Defender Rogue Removal Instructions

emsi — Fri, 02 Mar 2012 12:17:26 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Attacks Defender. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsAttacksDefender.

Windows Attacks Defender is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-jtj.exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Attacks Defender.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Attacks Defender.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-jtj.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

How to remove the infection of Windows Attacks Defender (Rogue.Win32.WindowsAttacksDefender)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Attacks Preventor Rogue Removal Instructions

emsi — Fri, 02 Mar 2012 08:52:32 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Attacks Preventor. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsAttacksPreventor.

Windows Attacks Preventor is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-lcl.exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Attacks Preventor.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Attacks Preventor.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-lcl.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

How to remove the infection of Windows Attacks Preventor (Rogue.Win32.WindowsAttacksPreventor)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Threats Destroyer Rogue Removal Instructions

emsi — Fri, 02 Mar 2012 08:36:41 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Threats Destroyer. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsThreatsDestroyer.

Windows Threats Destroyer is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-jcl.exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Threats Destroyer.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Threats Destroyer.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-jcl.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

How to remove the infection of Windows Threats Destroyer (Rogue.Win32.WindowsThreatsDestroyer)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Firewall Constructor Rogue Removal Instructions

emsi — Fri, 02 Mar 2012 08:15:50 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Firewall Constructor. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsFirewallConstructor.

Windows Firewall Constructor is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-cyk.exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Firewall Constructor.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Firewall Constructor.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-cyk.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
many similar entries…

Screenshots:

How to remove the infection of Windows Firewall Constructor (Rogue.Win32.WindowsFirewallConstructor)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Smart Fortress 2012 Rogue Removal Instructions

emsi — Wed, 29 Feb 2012 10:15:11 +0000

The Emsisoft malware research team has discovered a new outbreak of the Smart Fortress 2012. Emsisoft Anti-Malware detects this malware as Rogue.Win32.SmartFortress2012.

Smart Fortress 2012 is a rogue application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AllUsersProfile%\Application Data\B7E85B320179A6C600266C1CD151FC4E\
%AllUsersProfile%\Application Data\B7E85B320179A6C600266C1CD151FC4E\B7E85B320179A6C600266C1CD151FC4E
%AllUsersProfile%\Application Data\B7E85B320179A6C600266C1CD151FC4E\B7E85B320179A6C600266C1CD151FC4E.exe
%UserProfile%\Desktop\Smart Fortress 2012.lnk
%UserProfile%\Start Menu\Programs\Smart Fortress 2012\
%UserProfile%\Start Menu\Programs\Smart Fortress 2012\Smart Fortress 2012.lnk

Create new registry entries:

HKEY_CURRENT_USER\Software\Classes\.exe\
(Default) = B7E85

HKEY_CURRENT_USER\Software\Classes\%s
(Default) = B7E85

HKEY_CURRENT_USER\Software\Classes\B7E85\
(Default) = Application
Content Type = application/x-msdownload

HKEY_CURRENT_USER\Software\Classes\B7E85\DefaultIcon
(Default) = %1

HKEY_CURRENT_USER\Software\Classes\B7E85\shell\open\command\
(Default) = %AllUsersProfile%\Application Data\B7E85B320179A6C600266C1CD151FC4E\B7E85B320179A6C600266C1CD151FC4E.exe
IsolatedCommand = “%1″ %*

HKEY_CURRENT_USER\Software\Classes\B7E85\shell\runas\command\
(Default) = “%1″ %*
IsolatedCommand = “%1″ %*

HKEY_CURRENT_USER\Software\Classes\B7E85\shell\start\command\
(Default) = “%1″ %*
IsolatedCommand = “%1″ %*

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\RunOnce\
B7E85B320179A6C600266C1CD151FC4E = %AllUsersProfile%\Application Data\B7E85B320179A6C600266C1CD151FC4E\B7E85B320179A6C600266C1CD151FC4E.exe

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Uninstall\Smart Fortress 2012\
DisplayName = Smart Fortress 2012
ShortcutPath = “%AllUsersProfile%\Application Data\B7E85B320179A6C600266C1CD151FC4E\B7E85B320179A6C600266C1CD151FC4E.exe” -u
UninstallString = “%AllUsersProfile%\Application Data\B7E85B320179A6C600266C1CD151FC4E\B7E85B320179A6C600266C1CD151FC4E.exe” -u
DisplayIcon = %AllUsersProfile%\Application Data\B7E85B320179A6C600266C1CD151FC4E\B7E85B320179A6C600266C1CD151FC4E.exe,0

Screenshots:

To register this rogue application, you try the following serial number:

AA39754E-715219CE

How to remove the infection of Smart Fortress 2012 (Rogue.Win32.SmartFortress2012)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Stability Guard Rogue Removal Instructions

emsi — Wed, 29 Feb 2012 09:49:54 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Stability Guard. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsStabilityGuard.

Windows Stability Guard is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-ode.exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Stability Guard.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Stability Guard.lnk

Create new registry entry:

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon9x.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti-trojan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Anti-Virus Professional.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntispywarXP2009.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirus.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPro_2010.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxppro2009.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus_Pro.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ants.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\apimonitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aplica32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\arr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashAvast.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashBug.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashChest.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashCnsnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashMaiSv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashPopWz.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashQuick.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimp2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimpl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPcc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPck.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashWebSv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswChLic.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRegSvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRunDll.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\atguard.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\atro55en.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\atupdater.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\atwatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\au.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aupdate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto-protect.nav80try.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\autodown.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\autotrace.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoupdate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avciman.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ave32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgchk.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcmgr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrvx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgctrl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgdumpx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgiproxy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnsx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgscanx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv9.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgsrmax.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgtray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgupd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkpop.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkservice.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwctl9.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avltmain.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmailc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmcdlg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpcc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpdos32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avptc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpupd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsched32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsynmgr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avupgsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwinnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwsc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupsrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitor9x.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitornt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxquar.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\b.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\backweb.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bargains.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvcl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvwiz.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDInProcPatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdmcon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDMsnScan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDSurvey.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bd_professional.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\belt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidef.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidserver.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcpevalsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bisp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackice.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\blink.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\blss.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootconf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootwarn.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\borg2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\brasil.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\brw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bs120.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bspatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundle.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bvt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\c.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cavscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccevtmgr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccpxysvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cdp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfgwiz.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiadmin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiaudit.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpconfg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfplogvw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95cf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\clean.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner3.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanIELow.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanpc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\click.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmesys.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmgrdian.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmon016.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\connectionmonitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\control\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf9x206.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpfnt206.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\crashrep.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssconfg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssupdat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssurf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctrl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwnb181.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwntdwmo.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\d.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\datemanager.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dcomx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\defalert.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\defscangui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\defwatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\deloeminfs.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\deputy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllcache.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllreg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\doors.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpfsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpps2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\driverctrl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwatson.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dssagent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95_0.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\efpeadm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\emsw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\esafe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanhnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanv95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\espwatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ethereal.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\etrustcipe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\evpn.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\exantivirus-cnet.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\exe.avxw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\expert.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\explore.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-agnt95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-stopw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fact.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fast.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fch32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fih32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\findviru.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\firewall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixcfg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixfp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win_trial.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\frmwrk32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\frw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsaa.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530stbyb.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530wtbyb.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsgk32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsm32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsma32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsmb32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gator.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbmenu.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbpoll.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\generics.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gmt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\guard.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\guarddog.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hacktracersetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbinst.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbsrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\History.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotactio.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotpatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\htlog.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\htpatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hwpe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxdl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxiul.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamapp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamstats.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmasn.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmavsp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\icload95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\icloadnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsupp95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsuppnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Identity.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\idle.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedll.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedriver.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEShow.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iface.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ifw2000.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\inetlnfo.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\infus.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\infwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\init.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe \
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[1].exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[2].exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[3].exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[4].exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[5].exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\intdel.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\intren.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iomon98.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\istsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\jammer.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\jdbgmrg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\JsRcGen.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavlite40eng.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpers40eng.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kazza.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\keenvalue.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-pf-213-en-win.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrl-421-en-win.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrp-421-en-win.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\killprocesssetup161.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldnetmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpro.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpromenu.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\licmgr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lnetinfo.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\loader.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\localnet.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown2000.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lookout.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lordpe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\luall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\luau.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lucomserver.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\luinit.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\luspt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MalwareRemoval.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mapisvc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcagent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmnhdlr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmscsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcnasvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcproxy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\McSACore.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshell.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mctool.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcupdate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsrte.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\md.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfw2en.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfweng3.02d30.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrtcl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrte.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mghtml.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\minilog.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmod.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\monitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\moolive.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfagent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfservice.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPFSrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpftray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrflux.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msapp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msbb.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msblast.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscache.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msccn32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscman.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msdm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msdos.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msiexec16.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mslaugh.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmgt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmsgri32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssmmc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssys.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msvxd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mu0311ad.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mwatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\n32scanw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navap.navapsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navdx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navlu32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navstub.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navwnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nc2000.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ncinst4.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndd32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\neomonitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\neowatchlog.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netarmor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netd32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netinfo.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netscanpro.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netspyhunter-1.2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netutils.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisum.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nmain.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\normist.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\norton_internet_secu_3.0_407.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\notstart.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\npf40_tw_98_nt_me_2k.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfmessenger.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nprotect.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\npscheck.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\npssvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsched32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nssys32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nstask32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsupdate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntrtscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntxconfig.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nupgrade.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvarch16.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvc95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvsvc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwinst4.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwservice.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwtool16.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAcat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAhlp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAReg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\oasrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaview.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ODSW.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ollydbg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\onsrvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\optimize.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ostronet.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\otfix.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostinstall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostproinstall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\padmin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\panixk.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\patch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavcl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PavFnSvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavproxy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavprsrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsched.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsrv51.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccwin98.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcfwallicon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcip10117_0.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsAuxs.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsGui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PC_Antispyware2010.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdfndr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PerAvir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\periscope.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\persfw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\perswf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pf2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfwadmin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pgmonitr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pingscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pop3trap.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\poproxy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\popscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\portdetective.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\portmonitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppinupdt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pptbc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppvstop.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\prizesurfer.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\prmt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\prmvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\procdump.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\processmonitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexplorerv1.0.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\programauditor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\proport.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANCU.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANHost.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANToManager.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsCtrls.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsImSvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PskSvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pspf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSUNMain.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\purge.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\qconsole.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\qh.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\qserver.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quick Heal.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\QuickHealCleaner.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rapapp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7win.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav8win32eng.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rb32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rcsync.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\realmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\reged.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\
Debugger = %AppData%\Inspector-ode.exe reg
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rrguard.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rscdwld.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rshell.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscn95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rulaunch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeweb.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sahagent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Save.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveArmor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveDefense.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveKeep.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\savenow.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sbserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\scam32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanpm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\scrscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secure Veteran.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\secureveteran.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Security Center.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityFighter.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\securitysoldier.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\serv95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\setloadorder.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\setupvameeval.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup_flowprotector_us.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sgssfw32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sh.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\shellspyinstall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\shield.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\shn.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\showbehind.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\signcheck.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smart.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartprotector.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smrtdefp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sms.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smss32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\snetcfg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\soap.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sofi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SoftSafeness.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sperm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sphinx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolcv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spywarexpguard.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spyxx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\srexe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\srng.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ss3edit.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ssgrate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ssg_4104.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\st2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\start.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\stcloader.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\supftrl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\support.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\supporter5.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\svc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchostc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchosts.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\svshost.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweep95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweepnet.sweepsrv.sys.swnetsup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\symproxysvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\symtray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\system.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\system32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sysupd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\
Debugger = %AppData%\Inspector-ode.exe task
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\taumon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tca.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds-3.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-98.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-nt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\teekids.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak5.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tgbob.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\titanin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\titaninxp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\TPSrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\trickler.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\trojantrap3.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrustWarrior.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsadbot.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvmd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvtmd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\undoboot.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\updat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\upgrad.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\utpost.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcmserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcons.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbust.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwin9x.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwinntw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vettray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vfsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\virusmdpersonalfirewall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthAux.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthLic.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthUpd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnlan300.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnpc3000.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc42.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpfw30s.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vptray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscan40.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscenu6.02d30.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsched.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsecomr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vshwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsisetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmain.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswin9xe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinntse.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinperse.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\w32dsm89.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\W3asbas.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\w9x.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\watchdog.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\webdav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\WebProxy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\webtrap.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wfindv32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\whoswatchingme.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wimmun32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\win-bugsfix.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\win32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\win32us.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winactive.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windll32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\window.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows Police Pro.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wininetd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wininitx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winlogin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winmain.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winppr32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winrecon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winservn.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winssk32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart001.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintsk32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupdate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wkufind.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnad.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wradmin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wrctrl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsbgate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxas.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxfw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsctool.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdater.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wyvernworksfirewall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpdeluxe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpf202en.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp_antispyware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonalm2601.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe\
Debugger = svchost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-ode.exe

Screenshots:

How to remove the infection of Windows Stability Guard (Rogue.Win32.WindowsStabilityGuard)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Pro Scanner Rogue Removal Instructions

emsi — Mon, 27 Feb 2012 08:19:24 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Pro Scanner. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsProScanner.

Windows Pro Scanner is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-ajm.exe
%AppData%\result.db
%UserProfile%\Desktop\Windows PRO Scanner.lnk
%AllUsersProfile%\Start Menu\Programs\Windows PRO Scanner.lnk

Create new registry entry:

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon9x.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti-trojan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Anti-Virus Professional.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntispywarXP2009.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirus.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPro_2010.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxppro2009.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus_Pro.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ants.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\apimonitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aplica32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\arr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashAvast.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashBug.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashChest.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashCnsnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashMaiSv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashPopWz.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashQuick.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimp2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimpl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPcc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPck.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashWebSv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswChLic.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRegSvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRunDll.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\atguard.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\atro55en.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\atupdater.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\atwatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\au.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aupdate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto-protect.nav80try.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\autodown.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\autotrace.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoupdate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avciman.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ave32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgchk.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcmgr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrvx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgctrl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgdumpx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgiproxy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnsx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgscanx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv9.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgsrmax.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgtray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgupd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkpop.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkservice.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwctl9.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avltmain.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmailc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmcdlg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpcc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpdos32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avptc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpupd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsched32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsynmgr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avupgsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwinnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwsc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupsrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitor9x.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitornt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxquar.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\b.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\backweb.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bargains.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvcl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvwiz.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDInProcPatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdmcon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDMsnScan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDSurvey.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bd_professional.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\belt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidef.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidserver.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcpevalsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bisp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackice.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\blink.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\blss.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootconf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootwarn.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\borg2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\brasil.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\brw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bs120.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bspatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundle.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bvt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\c.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cavscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccevtmgr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccpxysvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cdp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfgwiz.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiadmin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiaudit.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpconfg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfplogvw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95cf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\clean.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner3.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanIELow.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanpc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\click.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmesys.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmgrdian.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmon016.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\connectionmonitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\control\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf9x206.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpfnt206.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\crashrep.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssconfg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssupdat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssurf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctrl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwnb181.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwntdwmo.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\d.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\datemanager.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dcomx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\defalert.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\defscangui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\defwatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\deloeminfs.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\deputy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllcache.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllreg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\doors.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpfsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpps2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\driverctrl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwatson.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dssagent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95_0.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\efpeadm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\emsw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\esafe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanhnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanv95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\espwatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ethereal.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\etrustcipe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\evpn.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\exantivirus-cnet.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\exe.avxw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\expert.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\explore.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-agnt95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-stopw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fact.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fast.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fch32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fih32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\findviru.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\firewall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixcfg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixfp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win_trial.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\frmwrk32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\frw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsaa.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530stbyb.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530wtbyb.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsgk32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsm32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsma32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsmb32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gator.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbmenu.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbpoll.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\generics.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gmt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\guard.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\guarddog.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hacktracersetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbinst.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbsrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\History.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotactio.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotpatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\htlog.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\htpatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hwpe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxdl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxiul.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamapp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamstats.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmasn.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmavsp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\icload95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\icloadnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsupp95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsuppnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Identity.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\idle.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedll.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedriver.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEShow.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iface.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ifw2000.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\inetlnfo.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\infus.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\infwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\init.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe \
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[1].exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[2].exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[3].exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[4].exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[5].exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\intdel.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\intren.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iomon98.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\istsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\jammer.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\jdbgmrg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\JsRcGen.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavlite40eng.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpers40eng.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kazza.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\keenvalue.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-pf-213-en-win.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrl-421-en-win.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrp-421-en-win.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\killprocesssetup161.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldnetmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpro.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpromenu.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\licmgr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lnetinfo.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\loader.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\localnet.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown2000.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lookout.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lordpe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\luall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\luau.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lucomserver.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\luinit.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\luspt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MalwareRemoval.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mapisvc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcagent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmnhdlr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmscsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcnasvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcproxy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\McSACore.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshell.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mctool.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcupdate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsrte.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\md.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfw2en.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfweng3.02d30.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrtcl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrte.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mghtml.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\minilog.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmod.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\monitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\moolive.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfagent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfservice.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPFSrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpftray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrflux.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msapp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msbb.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msblast.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscache.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msccn32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscman.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msdm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msdos.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msiexec16.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mslaugh.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmgt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmsgri32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssmmc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssys.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msvxd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mu0311ad.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mwatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\n32scanw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navap.navapsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navdx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navlu32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navstub.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navwnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nc2000.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ncinst4.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndd32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\neomonitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\neowatchlog.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netarmor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netd32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netinfo.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netscanpro.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netspyhunter-1.2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netutils.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisum.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nmain.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\normist.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\norton_internet_secu_3.0_407.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\notstart.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\npf40_tw_98_nt_me_2k.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfmessenger.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nprotect.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\npscheck.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\npssvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsched32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nssys32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nstask32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsupdate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntrtscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntxconfig.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nupgrade.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvarch16.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvc95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvsvc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwinst4.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwservice.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwtool16.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAcat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAhlp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAReg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\oasrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaview.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ODSW.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ollydbg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\onsrvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\optimize.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ostronet.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\otfix.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostinstall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostproinstall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\padmin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\panixk.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\patch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavcl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PavFnSvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavproxy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavprsrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsched.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsrv51.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccwin98.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcfwallicon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcip10117_0.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsAuxs.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsGui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PC_Antispyware2010.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdfndr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PerAvir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\periscope.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\persfw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\perswf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pf2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfwadmin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pgmonitr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pingscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pop3trap.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\poproxy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\popscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\portdetective.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\portmonitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppinupdt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pptbc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppvstop.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\prizesurfer.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\prmt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\prmvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\procdump.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\processmonitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexplorerv1.0.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\programauditor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\proport.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANCU.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANHost.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANToManager.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsCtrls.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsImSvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PskSvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pspf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSUNMain.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\purge.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\qconsole.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\qh.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\qserver.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quick Heal.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\QuickHealCleaner.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rapapp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7win.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav8win32eng.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rb32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rcsync.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\realmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\reged.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\
Debugger = C:\Documents and Settings\Administrator\Application Data\Inspector-pwe.exe reg
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rrguard.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rscdwld.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rshell.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscn95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rulaunch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeweb.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sahagent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Save.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveArmor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveDefense.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveKeep.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\savenow.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sbserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\scam32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanpm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\scrscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secure Veteran.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\secureveteran.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Security Center.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityFighter.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\securitysoldier.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\serv95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\setloadorder.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\setupvameeval.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup_flowprotector_us.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sgssfw32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sh.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\shellspyinstall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\shield.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\shn.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\showbehind.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\signcheck.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smart.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartprotector.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smrtdefp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sms.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smss32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\snetcfg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\soap.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sofi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SoftSafeness.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sperm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sphinx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolcv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spywarexpguard.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spyxx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\srexe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\srng.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ss3edit.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ssgrate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ssg_4104.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\st2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\start.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\stcloader.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\supftrl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\support.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\supporter5.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\svc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchostc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchosts.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\svshost.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweep95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweepnet.sweepsrv.sys.swnetsup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\symproxysvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\symtray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\system.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\system32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sysupd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\
Debugger = C:\Documents and Settings\Administrator\Application Data\Inspector-pwe.exe task
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\taumon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tca.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds-3.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-98.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-nt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\teekids.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak5.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tgbob.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\titanin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\titaninxp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\TPSrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\trickler.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\trojantrap3.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrustWarrior.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsadbot.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvmd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvtmd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\undoboot.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\updat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\upgrad.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\utpost.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcmserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcons.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbust.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwin9x.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwinntw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vettray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vfsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\virusmdpersonalfirewall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthAux.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthLic.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthUpd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnlan300.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnpc3000.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc42.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpfw30s.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vptray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscan40.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscenu6.02d30.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsched.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsecomr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vshwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsisetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmain.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswin9xe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinntse.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinperse.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\w32dsm89.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\W3asbas.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\w9x.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\watchdog.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\webdav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\WebProxy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\webtrap.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wfindv32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\whoswatchingme.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wimmun32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\win-bugsfix.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\win32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\win32us.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winactive.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windll32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\window.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows Police Pro.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wininetd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wininitx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winlogin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winmain.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winppr32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winrecon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winservn.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winssk32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart001.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintsk32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupdate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wkufind.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnad.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wradmin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wrctrl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsbgate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxas.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxfw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsctool.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdater.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wyvernworksfirewall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpdeluxe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpf202en.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp_antispyware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonalm2601.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe\
Debugger = svchost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-ajm.exe

Screenshots:

How to remove the infection of Windows Pro Scanner (Rogue.Win32.WindowsProScanner)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Shield Tool Rogue Removal Instructions

emsi — Fri, 24 Feb 2012 14:58:21 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Shield Tool. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsShieldTool.

Windows Shield Tool is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-lra.exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Shield Tool.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Shield Tool.lnk

Create new registry entry:

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon9x.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti-trojan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Anti-Virus Professional.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntispywarXP2009.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirus.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPro_2010.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxppro2009.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus_Pro.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ants.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\apimonitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aplica32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\arr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashAvast.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashBug.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashChest.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashCnsnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashMaiSv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashPopWz.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashQuick.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimp2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimpl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPcc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPck.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashWebSv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswChLic.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRegSvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRunDll.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\atguard.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\atro55en.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\atupdater.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\atwatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\au.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aupdate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto-protect.nav80try.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\autodown.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\autotrace.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoupdate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avciman.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ave32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgchk.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcmgr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrvx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgctrl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgdumpx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgiproxy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnsx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgscanx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv9.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgsrmax.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgtray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgupd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkpop.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkservice.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwctl9.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avltmain.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmailc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmcdlg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpcc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpdos32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avptc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpupd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsched32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsynmgr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avupgsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwinnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwsc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupsrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitor9x.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitornt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxquar.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\b.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\backweb.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bargains.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvcl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvwiz.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDInProcPatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdmcon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDMsnScan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDSurvey.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bd_professional.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\belt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidef.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidserver.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcpevalsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bisp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackice.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\blink.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\blss.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootconf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootwarn.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\borg2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\brasil.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\brw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bs120.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bspatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundle.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bvt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\c.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cavscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccevtmgr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccpxysvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cdp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfgwiz.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiadmin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiaudit.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpconfg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfplogvw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95cf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\clean.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner3.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanIELow.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanpc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\click.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmesys.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmgrdian.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmon016.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\connectionmonitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\control\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf9x206.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpfnt206.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\crashrep.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssconfg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssupdat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssurf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctrl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwnb181.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwntdwmo.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\d.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\datemanager.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dcomx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\defalert.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\defscangui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\defwatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\deloeminfs.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\deputy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllcache.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllreg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\doors.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpfsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpps2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\driverctrl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwatson.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dssagent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95_0.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\efpeadm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\emsw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\esafe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanhnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanv95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\espwatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ethereal.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\etrustcipe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\evpn.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\exantivirus-cnet.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\exe.avxw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\expert.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\explore.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-agnt95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-stopw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fact.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fast.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fch32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fih32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\findviru.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\firewall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixcfg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixfp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win_trial.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\frmwrk32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\frw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsaa.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530stbyb.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530wtbyb.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsgk32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsm32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsma32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsmb32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gator.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbmenu.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbpoll.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\generics.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gmt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\guard.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\guarddog.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hacktracersetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbinst.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbsrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\History.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotactio.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotpatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\htlog.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\htpatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hwpe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxdl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxiul.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamapp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamstats.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmasn.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmavsp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\icload95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\icloadnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsupp95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsuppnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Identity.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\idle.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedll.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedriver.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEShow.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iface.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ifw2000.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\inetlnfo.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\infus.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\infwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\init.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe \
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[1].exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[2].exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[3].exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[4].exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[5].exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\intdel.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\intren.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iomon98.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\istsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\jammer.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\jdbgmrg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\JsRcGen.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavlite40eng.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpers40eng.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kazza.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\keenvalue.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-pf-213-en-win.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrl-421-en-win.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrp-421-en-win.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\killprocesssetup161.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldnetmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpro.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpromenu.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\licmgr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lnetinfo.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\loader.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\localnet.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown2000.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lookout.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lordpe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\luall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\luau.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lucomserver.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\luinit.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\luspt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MalwareRemoval.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mapisvc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcagent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmnhdlr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmscsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcnasvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcproxy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\McSACore.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshell.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mctool.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcupdate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsrte.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\md.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfw2en.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfweng3.02d30.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrtcl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrte.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mghtml.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\minilog.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmod.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\monitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\moolive.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfagent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfservice.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPFSrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpftray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrflux.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msapp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msbb.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msblast.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscache.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msccn32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscman.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msdm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msdos.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msiexec16.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mslaugh.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmgt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmsgri32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssmmc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssys.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msvxd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mu0311ad.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mwatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\n32scanw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navap.navapsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navdx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navlu32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navstub.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navwnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nc2000.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ncinst4.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndd32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\neomonitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\neowatchlog.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netarmor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netd32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netinfo.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netscanpro.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netspyhunter-1.2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netutils.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisum.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nmain.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\normist.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\norton_internet_secu_3.0_407.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\notstart.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\npf40_tw_98_nt_me_2k.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfmessenger.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nprotect.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\npscheck.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\npssvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsched32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nssys32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nstask32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsupdate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntrtscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntxconfig.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nupgrade.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvarch16.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvc95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvsvc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwinst4.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwservice.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwtool16.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAcat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAhlp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAReg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\oasrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaview.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ODSW.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ollydbg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\onsrvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\optimize.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ostronet.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\otfix.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostinstall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostproinstall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\padmin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\panixk.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\patch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavcl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PavFnSvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavproxy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavprsrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsched.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsrv51.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccwin98.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcfwallicon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcip10117_0.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsAuxs.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsGui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PC_Antispyware2010.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdfndr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PerAvir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\periscope.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\persfw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\perswf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pf2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfwadmin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pgmonitr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pingscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pop3trap.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\poproxy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\popscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\portdetective.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\portmonitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppinupdt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pptbc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppvstop.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\prizesurfer.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\prmt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\prmvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\procdump.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\processmonitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexplorerv1.0.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\programauditor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\proport.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANCU.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANHost.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANToManager.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsCtrls.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsImSvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PskSvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pspf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSUNMain.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\purge.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\qconsole.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\qh.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\qserver.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quick Heal.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\QuickHealCleaner.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rapapp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7win.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav8win32eng.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rb32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rcsync.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\realmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\reged.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\
Debugger = C:\Documents and Settings\Administrator\Application Data\Inspector-pwe.exe reg
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rrguard.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rscdwld.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rshell.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscn95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rulaunch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeweb.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sahagent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Save.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveArmor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveDefense.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveKeep.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\savenow.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sbserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\scam32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanpm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\scrscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secure Veteran.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\secureveteran.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Security Center.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityFighter.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\securitysoldier.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\serv95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\setloadorder.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\setupvameeval.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup_flowprotector_us.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sgssfw32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sh.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\shellspyinstall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\shield.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\shn.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\showbehind.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\signcheck.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smart.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartprotector.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smrtdefp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sms.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smss32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\snetcfg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\soap.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sofi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SoftSafeness.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sperm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sphinx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolcv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spywarexpguard.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spyxx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\srexe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\srng.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ss3edit.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ssgrate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ssg_4104.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\st2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\start.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\stcloader.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\supftrl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\support.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\supporter5.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\svc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchostc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchosts.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\svshost.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweep95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweepnet.sweepsrv.sys.swnetsup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\symproxysvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\symtray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\system.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\system32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sysupd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\
Debugger = C:\Documents and Settings\Administrator\Application Data\Inspector-pwe.exe task
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\taumon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tca.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds-3.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-98.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-nt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\teekids.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak5.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tgbob.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\titanin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\titaninxp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\TPSrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\trickler.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\trojantrap3.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrustWarrior.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsadbot.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvmd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvtmd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\undoboot.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\updat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\upgrad.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\utpost.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcmserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcons.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbust.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwin9x.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwinntw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vettray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vfsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\virusmdpersonalfirewall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthAux.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthLic.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthUpd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnlan300.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnpc3000.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc42.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpfw30s.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vptray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscan40.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscenu6.02d30.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsched.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsecomr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vshwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsisetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmain.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswin9xe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinntse.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinperse.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\w32dsm89.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\W3asbas.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\w9x.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\watchdog.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\webdav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\WebProxy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\webtrap.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wfindv32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\whoswatchingme.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wimmun32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\win-bugsfix.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\win32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\win32us.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winactive.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windll32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\window.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows Police Pro.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wininetd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wininitx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winlogin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winmain.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winppr32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winrecon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winservn.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winssk32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart001.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintsk32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupdate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wkufind.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnad.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wradmin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wrctrl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsbgate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxas.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxfw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsctool.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdater.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wyvernworksfirewall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpdeluxe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpf202en.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp_antispyware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonalm2601.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe\
Debugger = svchost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-lra.exe

Screenshots:

How to remove the infection of Windows Shield Tool (Rogue.Win32.WindowsShieldTool)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Telemetry Center Rogue Removal Instructions

emsi — Thu, 23 Feb 2012 07:55:52 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Telemetry Center. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsTelemetryCenter.

Windows Telemetry Center is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-cnr.exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Telemetry Center.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Telemetry Center.lnk

Create new registry entry:

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon9x.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti-trojan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Anti-Virus Professional.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntispywarXP2009.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirus.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPro_2010.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxppro2009.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus_Pro.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ants.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\apimonitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aplica32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\arr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashAvast.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashBug.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashChest.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashCnsnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashMaiSv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashPopWz.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashQuick.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimp2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimpl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPcc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPck.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashWebSv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswChLic.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRegSvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRunDll.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\atguard.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\atro55en.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\atupdater.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\atwatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\au.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aupdate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto-protect.nav80try.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\autodown.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\autotrace.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoupdate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avciman.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ave32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgchk.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcmgr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrvx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgctrl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgdumpx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgiproxy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnsx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgscanx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv9.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgsrmax.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgtray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgupd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkpop.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkservice.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwctl9.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avltmain.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmailc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmcdlg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpcc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpdos32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avptc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpupd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsched32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsynmgr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avupgsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwinnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwsc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupsrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitor9x.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitornt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxquar.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\b.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\backweb.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bargains.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvcl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvwiz.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDInProcPatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdmcon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDMsnScan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDSurvey.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bd_professional.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\belt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidef.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidserver.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcpevalsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bisp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackice.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\blink.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\blss.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootconf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootwarn.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\borg2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\brasil.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\brw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bs120.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bspatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundle.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bvt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\c.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cavscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccevtmgr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccpxysvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cdp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfgwiz.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiadmin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiaudit.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpconfg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfplogvw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95cf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\clean.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner3.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanIELow.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanpc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\click.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmesys.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmgrdian.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmon016.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\connectionmonitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\control\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf9x206.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpfnt206.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\crashrep.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssconfg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssupdat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssurf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctrl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwnb181.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwntdwmo.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\d.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\datemanager.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dcomx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\defalert.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\defscangui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\defwatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\deloeminfs.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\deputy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllcache.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllreg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\doors.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpfsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpps2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\driverctrl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwatson.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dssagent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95_0.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\efpeadm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\emsw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\esafe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanhnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanv95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\espwatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ethereal.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\etrustcipe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\evpn.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\exantivirus-cnet.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\exe.avxw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\expert.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\explore.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-agnt95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-stopw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fact.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fast.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fch32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fih32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\findviru.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\firewall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixcfg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixfp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win_trial.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\frmwrk32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\frw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsaa.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530stbyb.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530wtbyb.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsgk32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsm32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsma32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsmb32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gator.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbmenu.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbpoll.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\generics.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gmt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\guard.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\guarddog.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hacktracersetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbinst.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbsrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\History.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotactio.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotpatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\htlog.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\htpatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hwpe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxdl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxiul.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamapp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamstats.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmasn.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmavsp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\icload95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\icloadnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsupp95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsuppnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Identity.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\idle.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedll.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedriver.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEShow.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iface.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ifw2000.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\inetlnfo.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\infus.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\infwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\init.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe \
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[1].exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[2].exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[3].exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[4].exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[5].exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\intdel.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\intren.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iomon98.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\istsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\jammer.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\jdbgmrg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\JsRcGen.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavlite40eng.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpers40eng.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kazza.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\keenvalue.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-pf-213-en-win.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrl-421-en-win.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrp-421-en-win.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\killprocesssetup161.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldnetmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpro.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpromenu.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\licmgr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lnetinfo.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\loader.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\localnet.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown2000.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lookout.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lordpe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\luall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\luau.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lucomserver.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\luinit.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\luspt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MalwareRemoval.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mapisvc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcagent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmnhdlr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmscsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcnasvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcproxy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\McSACore.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshell.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mctool.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcupdate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsrte.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\md.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfw2en.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfweng3.02d30.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrtcl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrte.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mghtml.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\minilog.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmod.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\monitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\moolive.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfagent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfservice.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPFSrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpftray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrflux.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msapp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msbb.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msblast.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscache.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msccn32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscman.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msdm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msdos.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msiexec16.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mslaugh.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmgt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmsgri32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssmmc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssys.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msvxd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mu0311ad.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mwatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\n32scanw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navap.navapsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navdx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navlu32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navstub.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navwnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nc2000.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ncinst4.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndd32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\neomonitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\neowatchlog.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netarmor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netd32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netinfo.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netscanpro.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netspyhunter-1.2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netutils.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisum.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nmain.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\normist.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\norton_internet_secu_3.0_407.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\notstart.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\npf40_tw_98_nt_me_2k.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfmessenger.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nprotect.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\npscheck.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\npssvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsched32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nssys32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nstask32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsupdate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntrtscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntxconfig.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nupgrade.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvarch16.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvc95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvsvc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwinst4.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwservice.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwtool16.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAcat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAhlp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAReg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\oasrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaview.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ODSW.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ollydbg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\onsrvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\optimize.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ostronet.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\otfix.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostinstall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostproinstall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\padmin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\panixk.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\patch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavcl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PavFnSvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavproxy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavprsrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsched.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsrv51.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccwin98.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcfwallicon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcip10117_0.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsAuxs.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsGui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PC_Antispyware2010.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdfndr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PerAvir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\periscope.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\persfw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\perswf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pf2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfwadmin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pgmonitr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pingscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pop3trap.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\poproxy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\popscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\portdetective.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\portmonitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppinupdt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pptbc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppvstop.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\prizesurfer.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\prmt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\prmvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\procdump.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\processmonitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexplorerv1.0.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\programauditor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\proport.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANCU.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANHost.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANToManager.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsCtrls.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsImSvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PskSvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pspf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSUNMain.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\purge.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\qconsole.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\qh.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\qserver.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quick Heal.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\QuickHealCleaner.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rapapp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7win.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav8win32eng.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rb32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rcsync.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\realmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\reged.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\
Debugger = C:\Documents and Settings\Administrator\Application Data\Inspector-pwe.exe reg
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rrguard.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rscdwld.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rshell.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscn95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rulaunch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeweb.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sahagent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Save.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveArmor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveDefense.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveKeep.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\savenow.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sbserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\scam32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanpm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\scrscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secure Veteran.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\secureveteran.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Security Center.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityFighter.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\securitysoldier.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\serv95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\setloadorder.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\setupvameeval.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup_flowprotector_us.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sgssfw32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sh.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\shellspyinstall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\shield.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\shn.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\showbehind.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\signcheck.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smart.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartprotector.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smrtdefp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sms.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smss32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\snetcfg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\soap.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sofi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SoftSafeness.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sperm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sphinx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolcv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spywarexpguard.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spyxx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\srexe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\srng.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ss3edit.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ssgrate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ssg_4104.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\st2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\start.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\stcloader.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\supftrl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\support.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\supporter5.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\svc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchostc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchosts.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\svshost.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweep95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweepnet.sweepsrv.sys.swnetsup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\symproxysvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\symtray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\system.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\system32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sysupd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\
Debugger = C:\Documents and Settings\Administrator\Application Data\Inspector-pwe.exe task
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\taumon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tca.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds-3.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-98.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-nt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\teekids.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak5.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tgbob.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\titanin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\titaninxp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\TPSrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\trickler.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\trojantrap3.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrustWarrior.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsadbot.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvmd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvtmd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\undoboot.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\updat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\upgrad.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\utpost.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcmserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcons.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbust.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwin9x.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwinntw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vettray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vfsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\virusmdpersonalfirewall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthAux.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthLic.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthUpd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnlan300.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnpc3000.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc42.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpfw30s.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vptray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscan40.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscenu6.02d30.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsched.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsecomr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vshwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsisetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmain.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswin9xe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinntse.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinperse.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\w32dsm89.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\W3asbas.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\w9x.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\watchdog.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\webdav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\WebProxy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\webtrap.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wfindv32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\whoswatchingme.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wimmun32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\win-bugsfix.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\win32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\win32us.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winactive.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windll32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\window.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows Police Pro.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wininetd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wininitx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winlogin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winmain.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winppr32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winrecon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winservn.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winssk32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart001.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintsk32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupdate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wkufind.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnad.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wradmin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wrctrl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsbgate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxas.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxfw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsctool.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdater.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wyvernworksfirewall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpdeluxe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpf202en.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp_antispyware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonalm2601.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe\
Debugger = svchost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-cnr.exe

Screenshots:

How to remove the infection of Windows Telemetry Center (Rogue.Win32.WindowsTelemetryCenter)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Antivirus Protection 2012 Rogue Removal Instructions

emsi — Wed, 22 Feb 2012 07:38:43 +0000

The Emsisoft malware research team has discovered a new outbreak of the Antivirus Protection 2012. Emsisoft Anti-Malware detects this malware as Rogue.Win32.AntivirusProtection2012.

Antivirus Protection 2012 is a rogue application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Antivirus Protection\
%AppData%\Antivirus Protection\IcoActivate.ico
%AppData%\Antivirus Protection\IcoHelp.ico
%AppData%\Antivirus Protection\IcoUninstall.ico
%AppData%\Antivirus Protection\securityhelper.exe
%AppData%\Antivirus Protection\securitymanager.exe
%AppData%\Antivirus Protection\AntivirusProtection2012.exe
%AppData%\Microsoft\Internet Explorer\Quick Launch\Antivirus Protection.lnk
%UserProfile%\Desktop\Antivirus Protection.lnk
%Temp%\472a10e2ebxd9.exe
%Temp%\56493.exe
%Temp%\ae0965a7157cd.exe
%Temp%\al3erfa3.exe
%Temp%\alerfa2.exe
%Temp%\alerfa.exe
%Temp%\altedf.exe
%Temp%\aqfitrlxi2.exe
%Temp%\backd-efq.exe
%Temp%\brdss.exe
%Temp%\bzqa43d.exe
%Temp%\cffd4.exe
%Temp%\cocksucker.exe
%Temp%\cosock.exe
%Temp%\cowceb.exe
%Temp%\cunifuc.exe
%Temp%\d20mes.exe
%Temp%\dc_3.exe
%Temp%\dd10x10.exe
%Temp%\ddoll3342.exe
%Temp%\destroyer.exe
%Temp%\dffuck.exe
%Temp%\dkfjd93.exe
%Temp%\ds7hw.exe
%Temp%\eelnvd13.exe
%Temp%\exppdf_w.exe
%Temp%\fadz43.exe
%Temp%\fe.exe
%Temp%\format.exe
%Temp%\g_dx234.exe
%Temp%\ggwwef9752.exe
%Temp%\gpupz2a.exe
%Temp%\hhbboll_2.exe
%Temp%\hiphop.exe
%Temp%\hodeme.exe
%Temp%\htfad4.exe
%Temp%\hvipws9.exe
%Temp%\jdhellwo3.exe
%Temp%\jkfuckfu.exe
%Temp%\jofcdks.exe
%Temp%\kjdh_gf_jjdhgd.exe
%Temp%\kjh102k3.exe
%Temp%\kn.a.exe
%Temp%\kock.exe
%Temp%\ljts-23.exe
%Temp%\lkhgg_ea.exe
%Temp%\lols.exe
%Temp%\ploper.exe
%Temp%\poertd.exe
%Temp%\ppddfcfux.exxe
%Temp%\protector2.exe
%Temp%\pswwg3c.exe
%Temp%\puzpup.exe
%Temp%\qwedvor.exe
%Temp%\qwklrvjhqlkj.exe
%Temp%\r0life.exe
%Temp%\rator.exe
%Temp%\rtfme.exe
%Temp%\safe.exe
%Temp%\snowif.exe
%Temp%\sycre.exe
%Temp%\timem.exe
%Temp%\tryh-blv.exe
%Temp%\w32-reno-c.exe
%Temp%\w32rim_mem.exe
%Temp%\warsddd_w.exe
%Temp%\wefgetn_00.exe
%Temp%\wined.exe
%Temp%\winifi.exe
%Temp%\wrcud12.exe
%Temp%\wrfwe_di.exe
%Temp%\wwautrsd.exe
%Temp%\wwwsssgen.exe
%Temp%\_5.tmp
%Temp%\1iowieoo.exe
%Temp%\02c9c3c35bdx5.exe
%Temp%\8gmsed-bd.exe
%Temp%\17dkf.exe
%UserProfile%\Start Menu\Programs\Antivirus Protection.lnk
%UserProfile%\Start Menu\Programs\Antivirus Protection\
%UserProfile%\Start Menu\Programs\Antivirus Protection\Antivirus Protection.lnk
%UserProfile%\Start Menu\Programs\Antivirus Protection\Help Antivirus Protection.lnk
%UserProfile%\Start Menu\Programs\Antivirus Protection\How to Activate Antivirus Protection.lnk
%UserProfile%\Start Menu\Programs\Antivirus Protection\Activate Antivirus Protection.lnk

Create new registry entries:

HKEY_CURRENT_USER\software\Antivirus Protection\
(Default) = %AppData%\Antivirus Protection\
BuyUrl = B65B17E3F9DA41446905D3BE0E550632B225D0DB132371E38F96D84D2B2F0
uninstaller = %AppData%\Antivirus Protection\securityhelper.exe
ADVid = 390
InstallDir = %AppData%\Antivirus Protection\
SoftID = Antivirus Protection
ScanSystemOnStartup = 01000000
AutomaticallyUpdates = 01000000
BackgroundScan = 01000000
BackgroundScanTimeout = 01000000
tb = DC07020003001600060012002800BF02
InstNM = %AppData%\Antivirus Protection\AntivirusProtection2012.exe
LastTimeStamp = D9FFFFFF
LastUpdateDate = 2012/2/1

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Uninstall\Antivirus Protection\
DisplayName = Antivirus Protection
UninstallString = “%AppData%\Antivirus Protection\securityhelper.exe” /UNINSTALL
DisplayIcon = “%AppData%\Antivirus Protection\securityhelper.exe”,1

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run\
cbrdwlurumf5 = D:\!Mal\123.exe
Antivirus Protection = “%AppData%\Antivirus Protection\AntivirusProtection2012.exe” /STARTUP
Antivirus Protection 2012 SM = %AppData%\Antivirus Protection\securitymanager.exe

To register and uninstall this rogue application, you can try the following serial number:

LIC-00A5-3F5G-BHA5-KJB8-579F-CVH9-M935-QW45-89M5-19AB

How to remove the infection of Antivirus Protection 2012 (Rogue.Win32.AntivirusProtection2012)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Smart Partner Rogue Removal Instructions

emsi — Tue, 21 Feb 2012 13:21:00 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Smart Partner. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsSmartPartner.

Windows Smart Partner is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-phk.exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Smart Partner.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Smart Partner.lnk

Create new registry entry:

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon9x.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti-trojan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Anti-Virus Professional.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntispywarXP2009.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirus.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPro_2010.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxppro2009.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus_Pro.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ants.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\apimonitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aplica32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\arr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashAvast.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashBug.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashChest.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashCnsnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashMaiSv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashPopWz.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashQuick.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimp2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimpl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPcc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPck.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashWebSv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswChLic.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRegSvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRunDll.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\atguard.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\atro55en.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\atupdater.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\atwatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\au.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aupdate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto-protect.nav80try.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\autodown.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\autotrace.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoupdate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avciman.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ave32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgchk.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcmgr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrvx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgctrl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgdumpx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgiproxy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnsx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgscanx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv9.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgsrmax.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgtray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgupd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkpop.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkservice.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwctl9.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avltmain.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmailc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmcdlg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpcc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpdos32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avptc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpupd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsched32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsynmgr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avupgsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwinnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwsc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupsrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitor9x.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitornt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxquar.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\b.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\backweb.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bargains.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvcl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvwiz.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDInProcPatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdmcon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDMsnScan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDSurvey.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bd_professional.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\belt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidef.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidserver.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcpevalsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bisp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackice.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\blink.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\blss.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootconf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootwarn.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\borg2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\brasil.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\brw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bs120.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bspatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundle.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bvt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\c.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cavscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccevtmgr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccpxysvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cdp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfgwiz.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiadmin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiaudit.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpconfg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfplogvw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95cf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\clean.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner3.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanIELow.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanpc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\click.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmesys.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmgrdian.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmon016.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\connectionmonitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\control\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf9x206.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpfnt206.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\crashrep.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssconfg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssupdat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssurf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctrl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwnb181.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwntdwmo.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\d.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\datemanager.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dcomx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\defalert.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\defscangui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\defwatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\deloeminfs.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\deputy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllcache.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllreg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\doors.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpfsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpps2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\driverctrl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwatson.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dssagent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95_0.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\efpeadm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\emsw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\esafe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanhnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanv95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\espwatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ethereal.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\etrustcipe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\evpn.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\exantivirus-cnet.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\exe.avxw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\expert.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\explore.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-agnt95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-stopw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fact.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fast.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fch32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fih32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\findviru.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\firewall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixcfg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixfp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win_trial.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\frmwrk32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\frw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsaa.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530stbyb.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530wtbyb.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsgk32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsm32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsma32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsmb32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gator.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbmenu.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbpoll.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\generics.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gmt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\guard.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\guarddog.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hacktracersetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbinst.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbsrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\History.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotactio.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotpatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\htlog.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\htpatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hwpe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxdl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxiul.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamapp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamstats.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmasn.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmavsp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\icload95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\icloadnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsupp95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsuppnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Identity.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\idle.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedll.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedriver.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEShow.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iface.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ifw2000.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\inetlnfo.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\infus.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\infwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\init.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe \
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[1].exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[2].exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[3].exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[4].exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[5].exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\intdel.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\intren.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iomon98.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\istsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\jammer.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\jdbgmrg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\JsRcGen.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavlite40eng.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpers40eng.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kazza.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\keenvalue.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-pf-213-en-win.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrl-421-en-win.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrp-421-en-win.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\killprocesssetup161.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldnetmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpro.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpromenu.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\licmgr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lnetinfo.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\loader.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\localnet.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown2000.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lookout.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lordpe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\luall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\luau.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lucomserver.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\luinit.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\luspt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MalwareRemoval.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mapisvc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcagent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmnhdlr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmscsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcnasvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcproxy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\McSACore.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshell.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mctool.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcupdate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsrte.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\md.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfw2en.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfweng3.02d30.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrtcl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrte.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mghtml.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\minilog.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmod.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\monitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\moolive.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfagent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfservice.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPFSrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpftray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrflux.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msapp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msbb.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msblast.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscache.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msccn32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscman.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msdm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msdos.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msiexec16.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mslaugh.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmgt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmsgri32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssmmc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssys.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msvxd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mu0311ad.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mwatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\n32scanw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navap.navapsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navdx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navlu32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navstub.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navwnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nc2000.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ncinst4.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndd32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\neomonitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\neowatchlog.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netarmor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netd32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netinfo.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netscanpro.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netspyhunter-1.2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netutils.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisum.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nmain.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\normist.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\norton_internet_secu_3.0_407.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\notstart.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\npf40_tw_98_nt_me_2k.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfmessenger.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nprotect.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\npscheck.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\npssvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsched32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nssys32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nstask32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsupdate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntrtscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntxconfig.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nupgrade.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvarch16.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvc95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvsvc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwinst4.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwservice.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwtool16.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAcat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAhlp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAReg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\oasrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaview.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ODSW.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ollydbg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\onsrvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\optimize.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ostronet.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\otfix.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostinstall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostproinstall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\padmin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\panixk.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\patch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavcl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PavFnSvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavproxy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavprsrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsched.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsrv51.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccwin98.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcfwallicon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcip10117_0.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsAuxs.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsGui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PC_Antispyware2010.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdfndr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PerAvir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\periscope.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\persfw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\perswf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pf2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfwadmin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pgmonitr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pingscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pop3trap.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\poproxy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\popscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\portdetective.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\portmonitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppinupdt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pptbc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppvstop.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\prizesurfer.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\prmt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\prmvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\procdump.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\processmonitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexplorerv1.0.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\programauditor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\proport.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANCU.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANHost.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANToManager.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsCtrls.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsImSvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PskSvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pspf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSUNMain.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\purge.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\qconsole.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\qh.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\qserver.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quick Heal.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\QuickHealCleaner.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rapapp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7win.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav8win32eng.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rb32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rcsync.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\realmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\reged.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\
Debugger = C:\Documents and Settings\Administrator\Application Data\Inspector-pwe.exe reg
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rrguard.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rscdwld.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rshell.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscn95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rulaunch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeweb.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sahagent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Save.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveArmor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveDefense.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveKeep.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\savenow.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sbserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\scam32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanpm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\scrscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secure Veteran.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\secureveteran.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Security Center.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityFighter.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\securitysoldier.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\serv95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\setloadorder.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\setupvameeval.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup_flowprotector_us.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sgssfw32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sh.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\shellspyinstall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\shield.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\shn.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\showbehind.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\signcheck.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smart.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartprotector.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smrtdefp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sms.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smss32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\snetcfg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\soap.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sofi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SoftSafeness.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sperm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sphinx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolcv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spywarexpguard.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spyxx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\srexe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\srng.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ss3edit.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ssgrate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ssg_4104.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\st2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\start.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\stcloader.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\supftrl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\support.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\supporter5.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\svc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchostc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchosts.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\svshost.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweep95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweepnet.sweepsrv.sys.swnetsup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\symproxysvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\symtray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\system.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\system32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sysupd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\
Debugger = C:\Documents and Settings\Administrator\Application Data\Inspector-pwe.exe task
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\taumon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tca.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds-3.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-98.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-nt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\teekids.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak5.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tgbob.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\titanin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\titaninxp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\TPSrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\trickler.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\trojantrap3.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrustWarrior.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsadbot.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvmd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvtmd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\undoboot.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\updat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\upgrad.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\utpost.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcmserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcons.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbust.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwin9x.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwinntw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vettray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vfsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\virusmdpersonalfirewall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthAux.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthLic.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthUpd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnlan300.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnpc3000.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc42.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpfw30s.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vptray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscan40.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscenu6.02d30.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsched.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsecomr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vshwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsisetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmain.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswin9xe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinntse.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinperse.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\w32dsm89.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\W3asbas.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\w9x.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\watchdog.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\webdav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\WebProxy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\webtrap.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wfindv32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\whoswatchingme.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wimmun32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\win-bugsfix.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\win32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\win32us.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winactive.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windll32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\window.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows Police Pro.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wininetd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wininitx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winlogin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winmain.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winppr32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winrecon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winservn.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winssk32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart001.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintsk32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupdate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wkufind.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnad.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wradmin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wrctrl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsbgate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxas.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxfw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsctool.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdater.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wyvernworksfirewall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpdeluxe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpf202en.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp_antispyware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonalm2601.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe\
Debugger = svchost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-phk.exe

Screenshots:

How to remove the infection of Windows Smart Partner (Rogue.Win32.WindowsSmartPartner)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Home Malware Cleaner Rogue Removal Instructions

emsi — Tue, 21 Feb 2012 07:30:54 +0000

The Emsisoft malware research team has discovered a new outbreak of the Home Malware Cleaner. Emsisoft Anti-Malware detects this malware as Rogue.Win32.HomeMalwareCleaner.

Home Malware Cleaner is a rogue scanner application, another variant of SmartAntiMalwareProtection, Antivirus Smart Protection, Malware Protection Center and Internet Security Guard. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AllUsersProfile%\Application Data\5c678c\
%AllUsersProfile%\Application Data\5c678c\BackUp\
%AllUsersProfile%\Application Data\5c678c\HMCSys\
%AllUsersProfile%\Application Data\5c678c\Quarantine Items\
%AllUsersProfile%\Application Data\5c678c\51.mof
%AllUsersProfile%\Application Data\5c678c\HM5c6_8010.exe
%AllUsersProfile%\Application Data\5c678c\HMC.ico
%AllUsersProfile%\Application Data\5c678c\mozcrt19.dll
%AllUsersProfile%\Application Data\5c678c\sqlite3.dll
%AllUsersProfile%\Application Data\HMEMLLCC\
%AllUsersProfile%\Application Data\HMEMLLCC\HMFLAAC.cfg
%AppData%\Home Malware Cleaner\
%AppData%\Home Malware Cleaner\cookies.sqlite
%AppData%\Home Malware Cleaner\Instructions.ini
%AppData%\Microsoft\Internet Explorer\Quick Launch\Home Malware Cleaner.lnk
%UserProfile%\Desktop\Home Malware Cleaner.lnk
%Temp%\scandsk211d_8010.exe
%UserProfile%\Recent\energy.sys
%UserProfile%\Start Menu\Home Malware Cleaner.lnk
%UserProfile%\Start Menu\Programs\Home Malware Cleaner.lnk

Create/modify registry entries:

HKEY_LOCAL_MACHINE\Software\Classes\HM5c6_8010.DocHostUIHandler
Default = Implements DocHostUIHandler
Clsid = {3F2BBC05-40DF-11D2-9455-00104BC936FF}

HKEY_LOCAL_MACHINE\Software\Classes\clsid\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
Default = Implements DocHostUIHandler
LocalServer32 = %AllUsersProfile%\Application Data\5c678c\HM5c6_8010.exe
ProgID = HM5c6_8010.DocHostUIHandler

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Anti-Virus Professional.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntispywarXP2009.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPro_2010.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxppro2009.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus_Pro.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cl.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\frmwrk32.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gav.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe \
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MalwareRemoval.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pav.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pc.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsAuxs.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsGui.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsTray.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PC_Antispyware2010.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdfndr.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PerAvir.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\qh.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quick Heal.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\QuickHealCleaner.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Save.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveArmor.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveDefense.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveKeep.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secure Veteran.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\secureveteran.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Security Center.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityFighter.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\securitysoldier.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smart.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartprotector.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smrtdefp.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SoftSafeness.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spywarexpguard.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrustWarrior.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsc.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\W3asbas.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winav.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windll32.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows Police Pro.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpdeluxe.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp_antispyware.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe\
Debugger = svchost.exe

HKEY_CURRENT_USER\software\3

HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\Download\
CheckExeSignatures = no
RunInvalidSignatures = 01000000

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run\
Home Malware Cleaner = “%AllUsersProfile%\Application Data\5c678c\HM5c6_8010.exe” /s /d

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\RunOnce\
SAMP = “%Temp%\scandsk211d_8010.exe” /cs:0

Screenshots:

To register and uninstall this rogue application, you can try the following serial number:

U2FD-S2LA-H4KA-UEPB

How to remove the infection of Home Malware Cleaner (Rogue.Win32.HomeMalwareCleaner)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Smart Warden Rogue Removal Instructions

emsi — Mon, 20 Feb 2012 09:35:51 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Smart Warden. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsSmartWarden.

Windows Smart Warden is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-wbq.exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Smart Warden.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Smart Warden.lnk

Create new registry entry:

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon9x.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti-trojan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Anti-Virus Professional.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntispywarXP2009.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirus.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPro_2010.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxppro2009.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus_Pro.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ants.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\apimonitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aplica32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\arr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashAvast.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashBug.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashChest.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashCnsnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashMaiSv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashPopWz.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashQuick.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimp2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimpl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPcc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPck.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashWebSv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswChLic.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRegSvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRunDll.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\atguard.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\atro55en.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\atupdater.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\atwatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\au.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aupdate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto-protect.nav80try.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\autodown.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\autotrace.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoupdate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avciman.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ave32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgchk.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcmgr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrvx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgctrl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgdumpx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgiproxy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnsx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgscanx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv9.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgsrmax.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgtray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgupd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkpop.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkservice.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwctl9.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avltmain.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmailc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmcdlg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpcc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpdos32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avptc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpupd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsched32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsynmgr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avupgsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwinnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwsc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupsrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitor9x.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitornt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxquar.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\b.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\backweb.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bargains.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvcl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvwiz.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDInProcPatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdmcon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDMsnScan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDSurvey.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bd_professional.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\belt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidef.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidserver.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcpevalsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bisp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackice.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\blink.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\blss.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootconf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootwarn.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\borg2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\brasil.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\brw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bs120.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bspatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundle.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bvt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\c.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cavscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccevtmgr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccpxysvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cdp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfgwiz.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiadmin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiaudit.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpconfg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfplogvw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95cf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\clean.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner3.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanIELow.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanpc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\click.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmesys.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmgrdian.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmon016.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\connectionmonitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\control\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf9x206.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpfnt206.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\crashrep.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssconfg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssupdat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssurf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctrl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwnb181.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwntdwmo.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\d.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\datemanager.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dcomx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\defalert.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\defscangui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\defwatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\deloeminfs.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\deputy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllcache.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllreg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\doors.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpfsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpps2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\driverctrl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwatson.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dssagent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95_0.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\efpeadm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\emsw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\esafe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanhnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanv95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\espwatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ethereal.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\etrustcipe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\evpn.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\exantivirus-cnet.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\exe.avxw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\expert.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\explore.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-agnt95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-stopw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fact.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fast.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fch32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fih32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\findviru.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\firewall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixcfg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixfp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win_trial.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\frmwrk32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\frw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsaa.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530stbyb.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530wtbyb.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsgk32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsm32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsma32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsmb32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gator.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbmenu.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbpoll.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\generics.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gmt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\guard.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\guarddog.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hacktracersetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbinst.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbsrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\History.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotactio.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotpatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\htlog.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\htpatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hwpe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxdl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxiul.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamapp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamstats.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmasn.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmavsp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\icload95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\icloadnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsupp95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsuppnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Identity.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\idle.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedll.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedriver.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEShow.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iface.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ifw2000.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\inetlnfo.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\infus.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\infwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\init.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe \
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[1].exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[2].exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[3].exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[4].exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[5].exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\intdel.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\intren.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iomon98.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\istsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\jammer.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\jdbgmrg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\JsRcGen.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavlite40eng.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpers40eng.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kazza.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\keenvalue.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-pf-213-en-win.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrl-421-en-win.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrp-421-en-win.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\killprocesssetup161.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldnetmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpro.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpromenu.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\licmgr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lnetinfo.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\loader.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\localnet.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown2000.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lookout.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lordpe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\luall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\luau.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lucomserver.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\luinit.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\luspt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MalwareRemoval.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mapisvc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcagent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmnhdlr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmscsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcnasvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcproxy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\McSACore.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshell.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mctool.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcupdate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsrte.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\md.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfw2en.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfweng3.02d30.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrtcl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrte.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mghtml.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\minilog.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmod.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\monitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\moolive.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfagent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfservice.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPFSrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpftray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrflux.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msapp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msbb.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msblast.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscache.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msccn32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscman.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msdm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msdos.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msiexec16.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mslaugh.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmgt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmsgri32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssmmc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssys.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msvxd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mu0311ad.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mwatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\n32scanw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navap.navapsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navdx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navlu32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navstub.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navwnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nc2000.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ncinst4.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndd32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\neomonitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\neowatchlog.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netarmor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netd32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netinfo.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netscanpro.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netspyhunter-1.2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netutils.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisum.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nmain.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\normist.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\norton_internet_secu_3.0_407.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\notstart.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\npf40_tw_98_nt_me_2k.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfmessenger.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nprotect.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\npscheck.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\npssvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsched32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nssys32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nstask32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsupdate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntrtscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntxconfig.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nupgrade.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvarch16.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvc95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvsvc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwinst4.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwservice.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwtool16.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAcat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAhlp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAReg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\oasrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaview.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ODSW.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ollydbg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\onsrvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\optimize.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ostronet.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\otfix.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostinstall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostproinstall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\padmin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\panixk.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\patch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavcl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PavFnSvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavproxy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavprsrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsched.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsrv51.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccwin98.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcfwallicon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcip10117_0.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsAuxs.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsGui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PC_Antispyware2010.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdfndr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PerAvir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\periscope.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\persfw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\perswf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pf2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfwadmin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pgmonitr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pingscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pop3trap.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\poproxy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\popscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\portdetective.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\portmonitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppinupdt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pptbc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppvstop.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\prizesurfer.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\prmt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\prmvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\procdump.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\processmonitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexplorerv1.0.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\programauditor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\proport.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANCU.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANHost.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANToManager.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsCtrls.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsImSvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PskSvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pspf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSUNMain.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\purge.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\qconsole.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\qh.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\qserver.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quick Heal.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\QuickHealCleaner.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rapapp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7win.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav8win32eng.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rb32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rcsync.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\realmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\reged.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\
Debugger = C:\Documents and Settings\Administrator\Application Data\Inspector-pwe.exe reg
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rrguard.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rscdwld.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rshell.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscn95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rulaunch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeweb.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sahagent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Save.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveArmor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveDefense.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveKeep.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\savenow.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sbserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\scam32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanpm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\scrscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secure Veteran.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\secureveteran.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Security Center.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityFighter.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\securitysoldier.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\serv95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\setloadorder.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\setupvameeval.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup_flowprotector_us.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sgssfw32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sh.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\shellspyinstall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\shield.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\shn.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\showbehind.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\signcheck.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smart.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartprotector.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smrtdefp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sms.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smss32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\snetcfg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\soap.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sofi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SoftSafeness.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sperm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sphinx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolcv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spywarexpguard.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spyxx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\srexe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\srng.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ss3edit.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ssgrate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ssg_4104.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\st2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\start.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\stcloader.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\supftrl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\support.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\supporter5.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\svc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchostc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchosts.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\svshost.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweep95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweepnet.sweepsrv.sys.swnetsup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\symproxysvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\symtray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\system.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\system32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sysupd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\
Debugger = C:\Documents and Settings\Administrator\Application Data\Inspector-pwe.exe task
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\taumon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tca.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds-3.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-98.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-nt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\teekids.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak5.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tgbob.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\titanin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\titaninxp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\TPSrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\trickler.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\trojantrap3.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrustWarrior.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsadbot.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvmd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvtmd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\undoboot.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\updat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\upgrad.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\utpost.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcmserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcons.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbust.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwin9x.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwinntw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vettray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vfsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\virusmdpersonalfirewall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthAux.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthLic.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthUpd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnlan300.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnpc3000.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc42.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpfw30s.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vptray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscan40.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscenu6.02d30.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsched.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsecomr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vshwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsisetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmain.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswin9xe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinntse.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinperse.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\w32dsm89.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\W3asbas.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\w9x.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\watchdog.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\webdav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\WebProxy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\webtrap.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wfindv32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\whoswatchingme.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wimmun32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\win-bugsfix.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\win32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\win32us.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winactive.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windll32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\window.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows Police Pro.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wininetd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wininitx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winlogin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winmain.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winppr32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winrecon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winservn.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winssk32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart001.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintsk32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupdate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wkufind.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnad.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wradmin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wrctrl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsbgate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxas.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxfw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsctool.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdater.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wyvernworksfirewall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpdeluxe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpf202en.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp_antispyware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonalm2601.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe\
Debugger = svchost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-wbq.exe

Screenshots:

How to remove the infection of Windows Smart Warden (Rogue.Win32.WindowsSmartWarden)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Functionality Checker Rogue Removal Instructions

emsi — Fri, 17 Feb 2012 14:57:05 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Functionality Checker. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsFunctionalityChecker.

Windows Functionality Checker is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Protector-nbi.exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Functionality Checker.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Functionality Checker.lnk

Create new registry entry:

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon9x.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti-trojan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Anti-Virus Professional.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntispywarXP2009.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirus.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPro_2010.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxppro2009.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus_Pro.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ants.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\apimonitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aplica32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\arr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashAvast.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashBug.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashChest.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashCnsnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashMaiSv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashPopWz.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashQuick.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimp2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimpl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPcc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPck.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashWebSv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswChLic.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRegSvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRunDll.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\atguard.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\atro55en.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\atupdater.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\atwatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\au.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aupdate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto-protect.nav80try.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\autodown.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\autotrace.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoupdate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avciman.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ave32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgchk.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcmgr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrvx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgctrl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgdumpx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgiproxy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnsx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgscanx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv9.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgsrmax.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgtray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgupd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkpop.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkservice.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwctl9.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avltmain.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmailc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmcdlg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpcc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpdos32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avptc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpupd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsched32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsynmgr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avupgsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwinnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwsc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupsrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitor9x.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitornt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxquar.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\b.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\backweb.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bargains.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvcl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvwiz.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDInProcPatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdmcon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDMsnScan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDSurvey.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bd_professional.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\belt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidef.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidserver.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcpevalsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bisp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackice.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\blink.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\blss.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootconf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootwarn.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\borg2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\brasil.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\brw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bs120.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bspatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundle.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bvt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\c.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cavscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccevtmgr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccpxysvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cdp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfgwiz.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiadmin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiaudit.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpconfg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfplogvw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95cf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\clean.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner3.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanIELow.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanpc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\click.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmesys.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmgrdian.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmon016.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\connectionmonitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\control\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf9x206.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpfnt206.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\crashrep.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssconfg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssupdat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssurf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctrl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwnb181.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwntdwmo.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\d.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\datemanager.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dcomx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\defalert.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\defscangui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\defwatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\deloeminfs.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\deputy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllcache.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllreg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\doors.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpfsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpps2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\driverctrl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwatson.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dssagent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95_0.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\efpeadm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\emsw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\esafe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanhnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanv95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\espwatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ethereal.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\etrustcipe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\evpn.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\exantivirus-cnet.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\exe.avxw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\expert.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\explore.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-agnt95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-stopw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fact.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fast.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fch32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fih32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\findviru.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\firewall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixcfg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixfp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win_trial.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\frmwrk32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\frw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsaa.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530stbyb.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530wtbyb.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsgk32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsm32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsma32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsmb32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gator.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbmenu.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbpoll.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\generics.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gmt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\guard.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\guarddog.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hacktracersetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbinst.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbsrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\History.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotactio.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotpatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\htlog.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\htpatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hwpe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxdl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxiul.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamapp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamstats.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmasn.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmavsp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\icload95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\icloadnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsupp95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsuppnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Identity.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\idle.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedll.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedriver.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEShow.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iface.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ifw2000.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\inetlnfo.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\infus.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\infwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\init.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe \
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[1].exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[2].exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[3].exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[4].exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[5].exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\intdel.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\intren.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iomon98.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\istsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\jammer.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\jdbgmrg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\JsRcGen.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavlite40eng.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpers40eng.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kazza.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\keenvalue.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-pf-213-en-win.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrl-421-en-win.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrp-421-en-win.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\killprocesssetup161.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldnetmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpro.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpromenu.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\licmgr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lnetinfo.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\loader.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\localnet.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown2000.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lookout.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lordpe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\luall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\luau.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lucomserver.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\luinit.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\luspt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MalwareRemoval.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mapisvc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcagent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmnhdlr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmscsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcnasvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcproxy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\McSACore.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshell.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mctool.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcupdate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsrte.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\md.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfw2en.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfweng3.02d30.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrtcl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrte.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mghtml.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\minilog.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmod.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\monitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\moolive.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfagent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfservice.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPFSrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpftray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrflux.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msapp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msbb.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msblast.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscache.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msccn32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscman.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msdm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msdos.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msiexec16.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mslaugh.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmgt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmsgri32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssmmc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssys.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msvxd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mu0311ad.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mwatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\n32scanw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navap.navapsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navdx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navlu32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navstub.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navwnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nc2000.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ncinst4.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndd32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\neomonitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\neowatchlog.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netarmor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netd32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netinfo.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netscanpro.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netspyhunter-1.2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netutils.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisum.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nmain.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\normist.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\norton_internet_secu_3.0_407.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\notstart.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\npf40_tw_98_nt_me_2k.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfmessenger.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nprotect.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\npscheck.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\npssvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsched32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nssys32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nstask32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsupdate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntrtscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntxconfig.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nupgrade.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvarch16.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvc95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvsvc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwinst4.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwservice.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwtool16.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAcat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAhlp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAReg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\oasrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaview.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ODSW.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ollydbg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\onsrvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\optimize.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ostronet.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\otfix.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostinstall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostproinstall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\padmin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\panixk.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\patch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavcl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PavFnSvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavproxy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavprsrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsched.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsrv51.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccwin98.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcfwallicon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcip10117_0.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsAuxs.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsGui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PC_Antispyware2010.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdfndr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PerAvir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\periscope.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\persfw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\perswf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pf2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfwadmin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pgmonitr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pingscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pop3trap.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\poproxy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\popscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\portdetective.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\portmonitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppinupdt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pptbc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppvstop.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\prizesurfer.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\prmt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\prmvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\procdump.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\processmonitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexplorerv1.0.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\programauditor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\proport.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANCU.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANHost.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANToManager.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsCtrls.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsImSvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PskSvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pspf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSUNMain.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\purge.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\qconsole.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\qh.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\qserver.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quick Heal.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\QuickHealCleaner.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rapapp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7win.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav8win32eng.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rb32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rcsync.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\realmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\reged.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\
Debugger = C:\Documents and Settings\Administrator\Application Data\Inspector-pwe.exe reg
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rrguard.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rscdwld.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rshell.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscn95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rulaunch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeweb.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sahagent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Save.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveArmor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveDefense.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveKeep.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\savenow.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sbserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\scam32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanpm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\scrscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secure Veteran.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\secureveteran.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Security Center.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityFighter.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\securitysoldier.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\serv95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\setloadorder.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\setupvameeval.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup_flowprotector_us.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sgssfw32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sh.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\shellspyinstall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\shield.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\shn.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\showbehind.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\signcheck.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smart.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartprotector.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smrtdefp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sms.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smss32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\snetcfg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\soap.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sofi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SoftSafeness.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sperm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sphinx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolcv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spywarexpguard.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spyxx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\srexe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\srng.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ss3edit.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ssgrate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ssg_4104.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\st2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\start.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\stcloader.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\supftrl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\support.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\supporter5.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\svc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchostc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchosts.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\svshost.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweep95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweepnet.sweepsrv.sys.swnetsup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\symproxysvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\symtray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\system.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\system32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sysupd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\
Debugger = C:\Documents and Settings\Administrator\Application Data\Inspector-pwe.exe task
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\taumon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tca.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds-3.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-98.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-nt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\teekids.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak5.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tgbob.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\titanin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\titaninxp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\TPSrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\trickler.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\trojantrap3.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrustWarrior.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsadbot.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvmd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvtmd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\undoboot.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\updat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\upgrad.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\utpost.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcmserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcons.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbust.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwin9x.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwinntw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vettray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vfsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\virusmdpersonalfirewall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthAux.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthLic.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthUpd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnlan300.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnpc3000.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc42.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpfw30s.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vptray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscan40.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscenu6.02d30.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsched.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsecomr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vshwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsisetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmain.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswin9xe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinntse.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinperse.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\w32dsm89.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\W3asbas.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\w9x.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\watchdog.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\webdav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\WebProxy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\webtrap.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wfindv32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\whoswatchingme.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wimmun32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\win-bugsfix.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\win32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\win32us.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winactive.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windll32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\window.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows Police Pro.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wininetd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wininitx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winlogin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winmain.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winppr32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winrecon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winservn.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winssk32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart001.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintsk32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupdate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wkufind.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnad.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wradmin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wrctrl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsbgate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxas.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxfw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsctool.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdater.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wyvernworksfirewall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpdeluxe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpf202en.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp_antispyware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonalm2601.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe\
Debugger = svchost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-nbi.exe

Screenshots:

How to remove the infection of Windows Functionality Checker (Rogue.Win32.WindowsFunctionalityChecker)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Windows Protection Master Rogue Removal Instructions

emsi — Wed, 15 Feb 2012 14:09:07 +0000

The Emsisoft malware research team has discovered a new outbreak of the Windows Protection Master. Emsisoft Anti-Malware detects this malware as Rogue.Win32.WindowsProtectionMaster.

Windows Protection Master is a rogue scanner application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Inspector-pwe.exe
%AppData%\result.db
%UserProfile%\Desktop\Windows Protection Master.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Protection Master.lnk

Create new registry entry:

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon9x.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti-trojan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Anti-Virus Professional.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntispywarXP2009.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirus.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPro_2010.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxppro2009.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus_Pro.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ants.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\apimonitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aplica32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\arr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashAvast.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashBug.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashChest.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashCnsnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashMaiSv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashPopWz.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashQuick.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimp2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimpl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPcc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPck.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashWebSv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswChLic.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRegSvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRunDll.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\atguard.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\atro55en.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\atupdater.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\atwatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\au.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aupdate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto-protect.nav80try.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\autodown.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\autotrace.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoupdate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avciman.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ave32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgchk.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcmgr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrvx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgctrl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgdumpx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgiproxy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnsx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgscanx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv9.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgsrmax.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgtray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgupd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkpop.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkservice.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwctl9.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avltmain.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmailc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmcdlg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpcc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpdos32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avptc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpupd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsched32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsynmgr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avupgsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwinnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwsc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupsrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitor9x.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitornt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxquar.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\b.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\backweb.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bargains.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvcl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvwiz.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDInProcPatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdmcon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDMsnScan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDSurvey.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bd_professional.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\belt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidef.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidserver.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcpevalsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bisp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackice.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\blink.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\blss.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootconf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootwarn.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\borg2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\brasil.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\brw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bs120.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bspatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundle.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\bvt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\c.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cavscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccevtmgr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccpxysvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cdp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfgwiz.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiadmin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiaudit.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpconfg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfplogvw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95cf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\clean.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner3.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanIELow.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanpc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\click.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmesys.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmgrdian.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmon016.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\connectionmonitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\control\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf9x206.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpfnt206.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\crashrep.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssconfg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssupdat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssurf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctrl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwnb181.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwntdwmo.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\d.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\datemanager.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dcomx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\defalert.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\defscangui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\defwatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\deloeminfs.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\deputy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllcache.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllreg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\doors.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpfsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpps2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\driverctrl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwatson.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dssagent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95_0.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\efpeadm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\emsw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\esafe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanhnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanv95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\espwatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ethereal.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\etrustcipe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\evpn.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\exantivirus-cnet.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\exe.avxw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\expert.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\explore.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-agnt95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-stopw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fact.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fast.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fch32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fih32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\findviru.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\firewall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixcfg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixfp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win_trial.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\frmwrk32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\frw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsaa.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530stbyb.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530wtbyb.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsgk32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsm32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsma32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsmb32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gator.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbmenu.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbpoll.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\generics.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gmt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\guard.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\guarddog.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hacktracersetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbinst.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbsrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\History.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotactio.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotpatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\htlog.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\htpatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hwpe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxdl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxiul.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamapp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamstats.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmasn.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmavsp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\icload95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\icloadnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsupp95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsuppnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Identity.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\idle.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedll.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedriver.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEShow.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iface.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ifw2000.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\inetlnfo.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\infus.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\infwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\init.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe \
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[1].exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[2].exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[3].exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[4].exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[5].exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\intdel.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\intren.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\iomon98.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\istsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\jammer.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\jdbgmrg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\JsRcGen.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavlite40eng.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpers40eng.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kazza.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\keenvalue.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-pf-213-en-win.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrl-421-en-win.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrp-421-en-win.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\killprocesssetup161.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldnetmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpro.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpromenu.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\licmgr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lnetinfo.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\loader.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\localnet.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown2000.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lookout.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lordpe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\luall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\luau.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\lucomserver.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\luinit.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\luspt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MalwareRemoval.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mapisvc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcagent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmnhdlr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmscsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcnasvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcproxy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\McSACore.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshell.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mctool.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcupdate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsrte.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\md.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfw2en.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfweng3.02d30.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrtcl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrte.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mghtml.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\minilog.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmod.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\monitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\moolive.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfagent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfservice.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPFSrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpftray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrflux.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msapp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msbb.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msblast.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscache.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msccn32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscman.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msdm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msdos.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msiexec16.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mslaugh.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmgt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmsgri32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssmmc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssys.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msvxd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mu0311ad.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\mwatch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\n32scanw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navap.navapsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navdx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navlu32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navstub.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\navwnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nc2000.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ncinst4.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndd32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\neomonitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\neowatchlog.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netarmor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netd32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netinfo.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netscanpro.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netspyhunter-1.2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\netutils.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisum.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nmain.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\normist.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\norton_internet_secu_3.0_407.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\notstart.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\npf40_tw_98_nt_me_2k.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfmessenger.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nprotect.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\npscheck.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\npssvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsched32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nssys32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nstask32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsupdate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntrtscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntxconfig.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nupgrade.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvarch16.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvc95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvsvc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwinst4.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwservice.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwtool16.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAcat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAhlp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAReg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\oasrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaview.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ODSW.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ollydbg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\onsrvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\optimize.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ostronet.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\otfix.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostinstall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostproinstall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\padmin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\panixk.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\patch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavcl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PavFnSvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavproxy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavprsrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsched.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsrv51.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccwin98.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcfwallicon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcip10117_0.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsAuxs.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsGui.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PC_Antispyware2010.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdfndr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PerAvir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\periscope.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\persfw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\perswf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pf2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfwadmin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pgmonitr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pingscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pop3trap.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\poproxy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\popscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\portdetective.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\portmonitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppinupdt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pptbc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppvstop.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\prizesurfer.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\prmt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\prmvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\procdump.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\processmonitor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexplorerv1.0.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\programauditor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\proport.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANCU.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANHost.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANToManager.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsCtrls.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsImSvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PskSvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pspf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSUNMain.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\purge.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\qconsole.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\qh.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\qserver.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quick Heal.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\QuickHealCleaner.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rapapp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7win.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav8win32eng.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rb32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rcsync.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\realmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\reged.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\
Debugger = C:\Documents and Settings\Administrator\Application Data\Inspector-pwe.exe reg
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rrguard.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rscdwld.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rshell.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscn95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rulaunch.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeweb.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sahagent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Save.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveArmor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveDefense.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveKeep.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\savenow.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sbserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\scam32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanpm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\scrscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secure Veteran.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\secureveteran.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Security Center.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityFighter.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\securitysoldier.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\serv95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\setloadorder.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\setupvameeval.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup_flowprotector_us.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sgssfw32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sh.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\shellspyinstall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\shield.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\shn.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\showbehind.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\signcheck.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smart.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartprotector.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smrtdefp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sms.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smss32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\snetcfg.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\soap.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sofi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SoftSafeness.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sperm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spf.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sphinx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolcv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spywarexpguard.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spyxx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\srexe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\srng.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ss3edit.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ssgrate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ssg_4104.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\st2.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\start.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\stcloader.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\supftrl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\support.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\supporter5.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\svc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchostc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchosts.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\svshost.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweep95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweepnet.sweepsrv.sys.swnetsup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\symproxysvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\symtray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\system.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\system32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\sysupd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\
Debugger = C:\Documents and Settings\Administrator\Application Data\Inspector-pwe.exe task
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\taumon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tca.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds-3.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-98.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-nt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\teekids.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak5.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tgbob.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\titanin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\titaninxp.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\TPSrv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\trickler.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjscan.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\trojantrap3.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrustWarrior.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsadbot.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvmd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvtmd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\undoboot.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\updat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\upgrad.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\utpost.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcmserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcons.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbust.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwin9x.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwinntw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet95.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vettray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vfsetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\virusmdpersonalfirewall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthAux.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthLic.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthUpd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnlan300.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnpc3000.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc42.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpfw30s.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vptray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscan40.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscenu6.02d30.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsched.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsecomr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vshwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsisetup.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmain.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswin9xe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinntse.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinperse.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\w32dsm89.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\W3asbas.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\w9x.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\watchdog.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\webdav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\WebProxy.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\webtrap.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wfindv32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\whoswatchingme.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wimmun32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\win-bugsfix.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\win32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\win32us.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winactive.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windll32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\window.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows Police Pro.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wininetd.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wininitx.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winlogin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winmain.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winppr32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winrecon.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winservn.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winssk32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart001.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintsk32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupdate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wkufind.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnad.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wradmin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wrctrl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsbgate.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxas.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxav.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxfw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsctool.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdater.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\wyvernworksfirewall.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpdeluxe.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpf202en.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp_antispyware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutor.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonalm2601.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpm.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe\
Debugger = svchost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Inspector-pwe.exe

Screenshots:

How to remove the infection of Windows Protection Master (Rogue.Win32.WindowsProtectionMaster)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Smart Anti-Malware Protection Rogue Removal Instructions

emsi — Wed, 15 Feb 2012 13:26:13 +0000

The Emsisoft malware research team has discovered a new outbreak of the Smart Anti-Malware Protection. Emsisoft Anti-Malware detects this malware as Rogue.Win32.SmartAntiMalwareProtection.

Smart Anti-Malware Protection is a rogue scanner application, another variant of Antivirus Smart Protection, Malware Protection Center and Internet Security Guard. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AllUsersProfile%\Application Data\5c678c\
%AllUsersProfile%\Application Data\5c678c\BackUp\
%AllUsersProfile%\Application Data\5c678c\Quarantine Items\
%AllUsersProfile%\Application Data\5c678c\SAMPSys\
%AllUsersProfile%\Application Data\5c678c\8826.mof
%AllUsersProfile%\Application Data\5c678c\mozcrt19.dll
%AllUsersProfile%\Application Data\5c678c\SA5c6_8020.exe
%AllUsersProfile%\Application Data\5c678c\SAMP.ico
%AllUsersProfile%\Application Data\5c678c\sqlite3.dll
%AllUsersProfile%\Application Data\SAQCQZXMP\
%AllUsersProfile%\Application Data\SAQCQZXMP\SAVSDEMP.cfg
%AppData%\Microsoft\Internet Explorer\Quick Launch\Smart Anti-Malware Protection.lnk
%AppData%\Smart Anti-Malware Protection\
%AppData%\Smart Anti-Malware Protection\cookies.sqlite
%AppData%\Smart Anti-Malware Protection\Instructions.ini
%UserProfile%\Desktop\Smart Anti-Malware Protection.lnk
%UserProfile%\Start Menu\Smart Anti-Malware Protection.lnk
%UserProfile%\Administrator\Start Menu\Programs\Smart Anti-Malware Protection.lnk

Create/modify registry entries:

HKEY_LOCAL_MACHINE\Software\Classes\SA5c6_8020.DocHostUIHandler
Default = Implements DocHostUIHandler
Clsid = {3F2BBC05-40DF-11D2-9455-00104BC936FF}

HKEY_LOCAL_MACHINE\Software\Classes\clsid\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
Default = Implements DocHostUIHandler
LocalServer32 = %AllUsersProfile%\Application Data\5c678c\SA5c6_8020.exe
ProgID = SA5c6_8020.DocHostUIHandler

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Anti-Virus Professional.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntispywarXP2009.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPro_2010.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxppro2009.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus_Pro.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cl.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\frmwrk32.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gav.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe \
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MalwareRemoval.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pav.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pc.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsAuxs.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsGui.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsTray.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PC_Antispyware2010.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdfndr.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PerAvir.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\qh.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quick Heal.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\QuickHealCleaner.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Save.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveArmor.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveDefense.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveKeep.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secure Veteran.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\secureveteran.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Security Center.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityFighter.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\securitysoldier.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smart.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartprotector.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smrtdefp.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SoftSafeness.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spywarexpguard.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrustWarrior.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsc.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\W3asbas.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winav.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windll32.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows Police Pro.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpdeluxe.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp_antispyware.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe\
Debugger = svchost.exe

HKEY_CURRENT_USER\software\3

HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\Download\
CheckExeSignatures = no
RunInvalidSignatures = 01000000

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run\
Smart Anti-Malware Protection= “%AllUsersProfile%\Application Data\5c678c\SA5c6_8020.exe” /s /d

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\RunOnce\
SAMP = “%Temp%\[installer].exe” /cs:1

Screenshots:

To register and uninstall this rogue application, you can try one of the following serial number:

K7LY-R5GU-SI9D-EVFB
U2FD-S2LA-H4KA-UEPB

How to remove the infection of Smart Anti-Malware Protection (Rogue.Win32.SmartAntiMalwareProtection)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Security Scanner 2012 Rogue Removal Instructions

emsi — Mon, 13 Feb 2012 04:53:31 +0000

The Emsisoft malware research team has discovered a new outbreak of the Security Scanner 2012. Emsisoft Anti-Malware detects this malware as Rogue.Win32.SecurityScanner2012.

Security Scanner 2012 is a rogue scanner application, another variant of Security Tool or Security Shield. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%UserProfile%\Desktop\Security Scanner Support.url
%UserProfile%\Desktop\Security Scanner.lnk
%UserProfile%\Desktop\Uninstall Security Scanner.lnk
%UserProfile%\Local Settings\Application Data\mbancdyulk.exe
%UserProfile%\Local Settings\Application Data\%COMPUTERNAME%.cfg
%UserProfile%\Start Menu\Programs\Security Scanner.lnk
%UserProfile%\Start Menu\Programs\Uninstall Security Scanner.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
mbancdyulk = %UserProfile%\Local Settings\Application Data\mbancdyulk.exe

Screenshots:

To register and uninstall this rogue application, you can try one of the following serial number:

64C665BE-4DE7-423B-A6B6-BC0172B25DF2

How to remove the infection of Security Scanner 2012 (Rogue.Win32.SecurityScanner2012)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Antivirus Smart Protection Rogue Removal Instructions

emsi — Wed, 25 Jan 2012 06:47:18 +0000

The Emsisoft malware research team has discovered a new outbreak of the Antivirus Smart Protection. Emsisoft Anti-Malware detects this malware as Rogue.Win32.AntivirusSmartProtection.

Antivirus Smart Protection is a rogue scanner application, another variant of Malware Protection Center and Internet Security Guard. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AllUsersProfile%\Application Data\5c678c\
%AllUsersProfile%\Application Data\5c678c\sqlite3.dll
%AllUsersProfile%\Application Data\5c678c\ASPSys\
%AllUsersProfile%\Application Data\5c678c\BackUp\
%AllUsersProfile%\Application Data\5c678c\Quarantine Items\
%AllUsersProfile%\Application Data\5c678c\582.mof
%AllUsersProfile%\Application Data\5c678c\AS9c5_8046.exe
%AllUsersProfile%\Application Data\5c678c\ASP.ico
%AllUsersProfile%\Application Data\5c678c\mozcrt19.dll
%AllUsersProfile%\Application Data\ASLNP\
%AllUsersProfile%\Application Data\ASLNP\ASUUDJRRJXP.cfg
%AppData%\Antivirus Smart Protection\
%AppData%\Antivirus Smart Protection\cookies.sqlite
%AppData%\Microsoft\Internet Explorer\Quick Launch\Antivirus Smart Protection.lnk
%UserProfile%\Desktop\Antivirus Smart Protection.lnk
%Temp%\scandsk211d_8046.exe
%UserProfile%\Start Menu\Antivirus Smart Protection.lnk
%UserProfile%\Start Menu\Programs\Antivirus Smart Protection.lnk

Create/modify registry entries:

HKEY_LOCAL_MACHINE\Software\Classes\AS9c5_8046.DocHostUIHandler
Default = Implements DocHostUIHandler
Clsid = {3F2BBC05-40DF-11D2-9455-00104BC936FF}

HKEY_LOCAL_MACHINE\Software\Classes\clsid\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
Default = Implements DocHostUIHandler
LocalServer32 = %AllUsersProfile%\Application Data\5c678c\AS9c5_8046.exe
ProgID = AS9c5_8046.DocHostUIHandler

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Anti-Virus Professional.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntispywarXP2009.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPro_2010.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxppro2009.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus_Pro.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cl.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\frmwrk32.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gav.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe \
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MalwareRemoval.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pav.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pc.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsAuxs.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsGui.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsTray.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PC_Antispyware2010.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdfndr.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PerAvir.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\qh.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quick Heal.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\QuickHealCleaner.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Save.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveArmor.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveDefense.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveKeep.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secure Veteran.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\secureveteran.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Security Center.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityFighter.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\securitysoldier.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smart.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartprotector.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smrtdefp.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SoftSafeness.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spywarexpguard.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrustWarrior.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsc.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\W3asbas.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winav.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windll32.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows Police Pro.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpdeluxe.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp_antispyware.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe\
Debugger = svchost.exe

HKEY_CURRENT_USER\software\3

HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\
ltTST = 7F3E0000

HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\Download\
CheckExeSignatures = no
RunInvalidSignatures = 01000000

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run\
Home Security Solutions = “%AllUsersProfile%\Application Data\5c678c\AS9c5_8046.exe” /s /d

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\RunOnce\
HSS = “%Temp%\scandsk211d_8046.exe” /cs:1

Screenshots:

To register and uninstall this rogue application, you can try one of the following serial number:

K7LY-R5GU-SI9D-EVFB
U2FD-S2LA-H4KA-UEPB

How to remove the infection of Antivirus Smart Protection (Rogue.Win32.AntivirusSmartProtection)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Malware Protection Center Rogue Removal Instructions

emsi — Tue, 24 Jan 2012 14:27:18 +0000

The Emsisoft malware research team has discovered a new outbreak of the Malware Protection Center. Emsisoft Anti-Malware detects this malware as Rogue.Win32.MalwareProtectionCenter.

Malware Protection Center is a rogue scanner application, another variant of Internet Security Guard. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AllUsersProfile%\Application Data\5c678c\
%AllUsersProfile%\Application Data\5c678c\sqlite3.dll
%AllUsersProfile%\Application Data\5c678c\BackUp\
%AllUsersProfile%\Application Data\5c678c\MPCSys\
%AllUsersProfile%\Application Data\5c678c\Quarantine Items\
%AllUsersProfile%\Application Data\5c678c\73.mof
%AllUsersProfile%\Application Data\5c678c\mozcrt19.dll
%AllUsersProfile%\Application Data\5c678c\MP5c6_8040.exe
%AllUsersProfile%\Application Data\5c678c\MPC.ico
%AllUsersProfile%\Application Data\MPJCENSJC\
%AllUsersProfile%\Application Data\MPJCENSJC\MPSJQIC.cfg
%AppData%\Malware Protection Center\
%AppData%\Malware Protection Center\cookies.sqlite
%AppData%\Malware Protection Center\Instructions.ini
%AppData%\Microsoft\Internet Explorer\Quick Launch\Malware Protection Center.lnk
%UserProfile%\Desktop\Malware Protection Center.lnk
%UserProfile%\Start Menu\Malware Protection Center.lnk
%UserProfile%\Start Menu\Programs\Malware Protection Center.lnk

Create/modify registry entries:

HKEY_LOCAL_MACHINE\Software\Classes\clsid\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\
Default = Implements DocHostUIHandler
LocalServer32 = %AllUsersProfile%\Application Data\5c678c\MP5c6_8040.exe
ProgID = MP5c6_8040.DocHostUIHandler
HKEY_LOCAL_MACHINE\Software\Classes\MP5c6_8040.DocHostUIHandler\
Default = Implements DocHostUIHandler
Clsid = {3F2BBC05-40DF-11D2-9455-00104BC936FF}

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Anti-Virus Professional.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntispywarXP2009.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPro_2010.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxppro2009.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus_Pro.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cl.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\frmwrk32.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gav.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe \
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MalwareRemoval.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pav.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pc.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsAuxs.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsGui.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsTray.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PC_Antispyware2010.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdfndr.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PerAvir.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\qh.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quick Heal.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\QuickHealCleaner.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Save.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveArmor.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveDefense.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveKeep.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secure Veteran.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\secureveteran.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Security Center.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityFighter.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\securitysoldier.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smart.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartprotector.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smrtdefp.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SoftSafeness.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spywarexpguard.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrustWarrior.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsc.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\W3asbas.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winav.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windll32.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows Police Pro.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpdeluxe.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp_antispyware.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe\
Debugger = svchost.exe

HKEY_CURRENT_USER\software\3

HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\
ltTST = 7F3E0000

HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\Download\
CheckExeSignatures = no
RunInvalidSignatures = 01000000

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run\
Malware Protection Center = “%AllUsersProfile%\Application Data\5c678c\MP5c6_8040.exe” /s /d

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\RunOnce\
MPC = “%Temp%\setup.exe” /cs:1

Screenshots:

To register and uninstall this rogue application, you can try one of the following serial number:

K7LY-R5GU-SI9D-EVFB 
K7LY-H4KA-SI9D-U2FD 
U2FD-S2LA-H4KA-UEPB

How to remove the infection of Malware Protection Center (Rogue.Win32.MalwareProtectionCenter)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Smart Protection 2012 Rogue Removal Instructions

emsi — Mon, 23 Jan 2012 13:52:18 +0000

The Emsisoft malware research team has discovered a new outbreak of the Smart Protection 2012. Emsisoft Anti-Malware detects this malware as Rogue.Win32.SmartProtection2012.

Smart Protection 2012 is a rogue application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AllUsersProfile%\Application Data\B7E85B320179A6C600266C1CD151FC4E\
%AllUsersProfile%\Application Data\B7E85B320179A6C600266C1CD151FC4E\B7E85B320179A6C600266C1CD151FC4E
%AllUsersProfile%\Application Data\B7E85B320179A6C600266C1CD151FC4E\B7E85B320179A6C600266C1CD151FC4E.exe
%UserProfile%\Desktop\Smart Protection 2012.lnk
%UserProfile%\Start Menu\Programs\Smart Protection 2012\
%UserProfile%\Start Menu\Programs\Smart Protection 2012\Smart Protection 2012.lnk

Create new registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\RunOnce\
B7E85B320179A6C600266C1CD151FC4E = %AllUsersProfile%\Application Data\B7E85B320179A6C600266C1CD151FC4E\B7E85B320179A6C600266C1CD151FC4E.exe

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Uninstall\Smart Protection 2012\
DisplayName = Smart Protection 2012
ShortcutPath = “%AllUsersProfile%\Application Data\B7E85B320179A6C600266C1CD151FC4E\B7E85B320179A6C600266C1CD151FC4E.exe” Uninstall
UninstallString = “%AllUsersProfile%\Application Data\B7E85B320179A6C600266C1CD151FC4E\B7E85B320179A6C600266C1CD151FC4E.exe” Uninstall
DisplayIcon = %AllUsersProfile%\Application Data\B7E85B320179A6C600266C1CD151FC4E\B7E85B320179A6C600266C1CD151FC4E.exe,0

Screenshots:

To register this rogue application, you can use any email and try the following serial number:

AA39754E-715219CE

How to remove the infection of Smart Protection 2012 (Rogue.Win32.SmartProtection2012)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Internet Security 2012 Rogue Removal Instructions

emsi — Mon, 23 Jan 2012 12:56:37 +0000

The Emsisoft malware research team has discovered a new outbreak of the Internet Security 2012. Emsisoft Anti-Malware detects this malware as Rogue.Win32.InternetSecurity2012.

Internet Security 2012 is a rogue application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AllUsersProfile%\Application Data\isecurity.exe
%AllUsersProfile%\Desktop\Internet Security 2012.lnk
%UserProfile%\Start Menu\Internet Security 2012.lnk

Create new registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Internet Security 2012 = %AllUsersProfile%\Desktop\Internet Security 2012.lnk

Screenshots:

To register this rogue application, you can use any email and try the following serial number:

Y86REW-T75FD5-U9VBF4A

How to remove the infection of Internet Security 2012 (Rogue.Win32.InternetSecurity2012)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Internet Security Guard Rogue Removal Instructions

emsi — Mon, 16 Jan 2012 13:19:44 +0000

The Emsisoft malware research team has discovered a new outbreak of the Internet Security Guard. Emsisoft Anti-Malware detects this malware as Rogue.Win32.InternetSecurityGuard.

Internet Security Guard is a rogue application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AllUsersProfile%\Application Data\5c678c\
%AllUsersProfile%\Application Data\5c678c\Quarantine Items\
%AllUsersProfile%\Application Data\5c678c\BackUp\
%AllUsersProfile%\Application Data\5c678c\ISGSys\
%AllUsersProfile%\Application Data\5c678c\5285.mof
%AllUsersProfile%\Application Data\5c678c\IS5c6_8027.exe
%AllUsersProfile%\Application Data\5c678c\ISG.ico
%AllUsersProfile%\Application Data\5c678c\mozcrt19.dll
%AllUsersProfile%\Application Data\5c678c\sqlite3.dll
%AllUsersProfile%\Application Data\ISVLVYG\
%AllUsersProfile%\Application Data\ISVLVYG\ISVJG.cfg
%AppData%\Internet Security Guard\
%AppData%\Internet Security Guard\Instructions.ini
%AppData%\Internet Security Guard\cookies.sqlite
%AppData%\Microsoft\Internet Explorer\Quick Launch\Internet Security Guard.lnk
%UserProfile%\Desktop\Internet Security Guard.lnk
%UserProfile%\Start Menu\Internet Security Guard.lnk
%UserProfile%\Start Menu\Programs\Internet Security Guard.lnk

Create/modify registry entries:

HKEY_LOCAL_MACHINE\software\Classes\clsid\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
(Default) = Implements DocHostUIHandler
LocalServer32 = %AllUsersProfile%\Application Data\5c678c\IS5c6_8027.exe
ProgID = IS5c6_8027.DocHostUIHandler

HKEY_LOCAL_MACHINE\software\Classes\IS5c6_8027.DocHostUIHandler
(Default) = Implements DocHostUIHandler
Clsid = {3F2BBC05-40DF-11D2-9455-00104BC936FF}

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Anti-Virus Professional.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntispywarXP2009.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPro_2010.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxppro2009.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus_Pro.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cl.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\frmwrk32.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gav.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe \
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MalwareRemoval.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pav.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pc.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsAuxs.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsGui.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsTray.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PC_Antispyware2010.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdfndr.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PerAvir.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\qh.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quick Heal.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\QuickHealCleaner.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Save.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveArmor.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveDefense.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveKeep.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secure Veteran.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\secureveteran.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Security Center.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityFighter.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\securitysoldier.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smart.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartprotector.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smrtdefp.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SoftSafeness.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spywarexpguard.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrustWarrior.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsc.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\W3asbas.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winav.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windll32.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows Police Pro.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpdeluxe.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp_antispyware.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe\
Debugger = svchost.exe

HKEY_CURRENT_USER\software\3

HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\
ltTST = 7F3E0000

HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\Download\
CheckExeSignatures = no
RunInvalidSignatures = 01000000

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run\
Home Security Solutions = “%AllUsersProfile%\Application Data\5c678c\IS5c6_8027.exe” /s /d

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\RunOnce\
HSS = “%Temp%\%malwarefile%.exe” /cs:1

Screenshots:

To register and uninstall this rogue application, you can try one of the following serial number:

K7LY-R5GU-SI9D-EVFB
K7LY-H4KA-SI9D-U2FD
U2FD-S2LA-H4KA-UEPB

How to remove the infection of Internet Security Guard (Rogue.Win32.InternetSecurityGuard)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

System Check Rogue Removal Instructions

emsi — Mon, 02 Jan 2012 06:46:47 +0000

The Emsisoft malware research team has discovered a new outbreak of the System Check rogue. Emsisoft Anti-Malware detects this malware as Rogue.Win32.SystemCheck.

System Check is a rogue application, another variant of System Fix, System Restore, Data Restore, Data Recovery, System Recovery, Master Utilities, PC Repair, HDD Repair and System Repair. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AllUsersProfile%\Application Data\[random].exe
%AllUsersProfile%\Application Data\[random].exe
%AllUsersProfile%\Application Data\~[random]
%AllUsersProfile%\Application Data\~[random]r
%AllUsersProfile%\Application Data\[random]
%AppData%\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
%UserProfile%\Desktop\System Check.lnk
%Temp%\3.tmp
%Temp%\smtmp\
%Temp%\smtmp\2\
%Temp%\smtmp\4\
%Temp%\smtmp\1\
%UserProfile%\Start Menu\Programs\System Check\
%UserProfile%\Start Menu\Programs\System Check\Uninstall System Check.lnk
%UserProfile%\Start Menu\Programs\System Check\System Check.lnk

Create/modify registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\policies\system\
DisableTaskMgr = 01000000

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run\
[random].exe = %AllUsersProfile%\Application Data\[random].exe

HKEY_CURRENT_USER\Control Panel\
nsreg = F82D014F

HKEY_CURRENT_USER\Control Panel\
bin = 43003A005C0044006F006…

HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\Download\
CheckExeSignatures = no

HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\Main\
Use FormSuggest = Yes

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Hidden = (empty)
ShowSuperHidden = (empty)
TaskbarGlomming = (empty)
TaskbarGlomLevel = 02000000
Start_ShowControlPanel = (empty)

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\
HidNoChangingWallPaperden = 01000000

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Policies\Associations\
LowRiskFileTypess = .zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi; .mpg;.mpeg;.mov;.mp3;.m3u;.wav;.scr;

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Policies\Attachments\
SaveZoneInformation = 01000000

HKEY_CURRENT_USER\softare\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDesktop = 01000000

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Policies\System\
DisableTaskMgr = 01000000

Screenshots:

To register and uninstall this rogue application, you can try the following serial number, and enter any email:

1203978628012489708290478989147

How to remove the infection of System Check (Rogue.Win32.SystemCheck)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Super AV Rogue Removal Instructions

emsi — Fri, 30 Dec 2011 08:30:20 +0000

The Emsisoft malware research team has discovered a new outbreak of the Super AV. Emsisoft Anti-Malware detects this malware as Rogue.Win32.SuperAV.

Super AV is a rogue application, this is another variant of Antivirii 2011. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%SystemDrive%\xhergjui.exe
%SystemRoot%\bgmgfhpi.exe

Create/modify registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run\
Security = %SystemRoot%\bgmgfhpi.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\
Debugger = %SystemDrive%\xhergjui.exe

Screenshots:

How to remove the infection of Super AV (Rogue.Win32.SuperAV)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Home Security Solutions Rogue Removal Instructions

emsi — Mon, 26 Dec 2011 05:27:44 +0000

The Emsisoft malware research team has discovered a new outbreak of the Home Security Solutions. Emsisoft Anti-Malware detects this malware as Rogue.Win32.HomeSecuritySolutions.

Home Security Solutions is a rogue application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AllUsersProfile%\Application Data\93d79\
%AllUsersProfile%\Application Data\93d79\Quarantine Items\
%AllUsersProfile%\Application Data\93d79\HSSSys\
%AllUsersProfile%\Application Data\93d79\HSS.ico
%AllUsersProfile%\Application Data\93d79\mozcrt19.dll
%AllUsersProfile%\Application Data\93d79\sqlite3.dll
%AllUsersProfile%\Application Data\93d79\HS147.exe
%AllUsersProfile%\Application Data\HSMGPBWS\
%AllUsersProfile%\Application Data\HSMGPBWS\HSVNAS.cfg
%AppData%\Home Security Solutions\
%AppData%\Home Security Solutions\Instructions.ini
%AppData%\Home Security Solutions\ScanDisk_.exe
%AppData%\Home Security Solutions\cookies.sqlite
%AppData%\Microsoft\Internet Explorer\Quick Launch\Home Security Solutions.lnk
%UserProfile%\Desktop\Home Security Solutions.lnk
%UserProfile%\Recent\tjd.sys
%UserProfile%\Recent\tjd.tmp
%UserProfile%\Recent\CLSV.exe
%UserProfile%\Recent\delfile.dll
%UserProfile%\Recent\dudl.tmp
%UserProfile%\Recent\eb.sys
%UserProfile%\Recent\energy.sys
%UserProfile%\Recent\exec.exe
%UserProfile%\Recent\exec.tmp
%UserProfile%\Recent\FW.drv
%UserProfile%\Recent\gid.tmp
%UserProfile%\Recent\hymt.sys
%UserProfile%\Recent\kernel32.drv
%UserProfile%\Recent\pal.exe
%UserProfile%\Recent\PE.tmp
%UserProfile%\Recent\SICKBOY.drv
%UserProfile%\Recent\std.dll
%UserProfile%\Start Menu\Home Security Solutions.lnk
%UserProfile%\Start Menu\Programs\Home Security Solutions.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\Classes\clsid\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
(Default) = Implements DocHostUIHandler
LocalServer32 = %AllUsersProfile%\Application Data\93d79\HS147.exe
ProgID = HS147.DocHostUIHandler

HKEY_LOCAL_MACHINE\software\Classes\HS147.DocHostUIHandler
(Default) = Implements DocHostUIHandler
Clsid = {3F2BBC05-40DF-11D2-9455-00104BC936FF}

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Anti-Virus Professional.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntispywarXP2009.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPro_2010.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxppro2009.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus_Pro.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cl.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\frmwrk32.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gav.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe \
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MalwareRemoval.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pav.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pc.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsAuxs.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsGui.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsTray.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PC_Antispyware2010.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdfndr.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\PerAvir.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\qh.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quick Heal.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\QuickHealCleaner.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Save.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveArmor.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveDefense.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveKeep.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secure Veteran.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\secureveteran.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Security Center.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityFighter.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\securitysoldier.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smart.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartprotector.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\smrtdefp.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\SoftSafeness.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\spywarexpguard.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrustWarrior.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsc.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\W3asbas.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\winav.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windll32.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows Police Pro.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpdeluxe.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp_antispyware.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe\
Debugger = svchost.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe\
Debugger = svchost.exe

HKEY_CURRENT_USER\software\3

HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\
ltTST = 7F3E0000

HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\Download\
CheckExeSignatures = no
RunInvalidSignatures = 01000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun = 01000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\
0 = msseces.exe
1 = MSASCui.exe
2 = ekrn.exe
3 = egui.exe
4 = avgnt.exe
5 = avcenter.exe
6 = avscan.exe
7 = avgfrw.exe
8 = avgui.exe
9 = avgtray.exe
10 = avgscanx.exe
11 = avgcfgex.exe
12 = avgemc.exe
13 = avgchsvx.exe
14 = avgcmgr.exe
15 = avgwdsvc.exe

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run\
Home Security Solutions = “%AllUsersProfile%\Application Data\93d79\HS147.exe” /s /d

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\RunOnce\
HSS = “%Temp%\scandsk211d_8016.exe” /cs:1

Screenshots:

To register and uninstall this rogue application, you can try one of the following serial number:

K7LY-R5GU-SI9D-EVFB
K7LY-H4KA-SI9D-U2FD
U2FD-S2LA-H4KA-UEPB

How to remove the infection of Home Security Solutions (Rogue.Win32.HomeSecuritySolutions)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Security Monitor 2012 Rogue Removal Instructions

emsi — Wed, 14 Dec 2011 13:45:10 +0000

The Emsisoft malware research team has discovered a new outbreak of the Security Monitor 2012. Emsisoft Anti-Malware detects this malware as Rogue.Win32.SecurityMonitor2012.

Security Monitor 2012 is a rogue application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AppData%\Microsoft\Internet Explorer\Quick Launch\Security Monitor.lnk
%AppData%\Security Monitor\
%AppData%\Security Monitor\IcoHelp.ico
%AppData%\Security Monitor\IcoUninstall.ico
%AppData%\Security Monitor\Security Monitor.exe
%AppData%\Security Monitor\securityhelper.exe
%AppData%\Security Monitor\securitymanager.exe
%AppData%\Security Monitor\IcoActivate.ico
%UserProfile%\Desktop\Security Monitor.lnk
%Temp%\aqfitrlxi2.exe
%Temp%\backd-efq.exe
%Temp%\brdss.exe
%Temp%\bzqa43d.exe
%Temp%\cffd4.exe
%Temp%\cocksucker.exe
%Temp%\cosock.exe
%Temp%\cowceb.exe
%Temp%\cunifuc.exe
%Temp%\d20mes.exe
%Temp%\dc_3.exe
%Temp%\dd10x10.exe
%Temp%\ddoll3342.exe
%Temp%\destroyer.exe
%Temp%\dffuck.exe
%Temp%\dkfjd93.exe
%Temp%\ds7hw.exe
%Temp%\eelnvd13.exe
%Temp%\exppdf_w.exe
%Temp%\fadz43.exe
%Temp%\fe.exe
%Temp%\format.exe
%Temp%\g_dx234.exe
%Temp%\ggwwef9752.exe
%Temp%\gpupz2a.exe
%Temp%\hhbboll_2.exe
%Temp%\hiphop.exe
%Temp%\hodeme.exe
%Temp%\htfad4.exe
%Temp%\hvipws9.exe
%Temp%\jdhellwo3.exe
%Temp%\jkfuckfu.exe
%Temp%\jofcdks.exe
%Temp%\kjdh_gf_jjdhgd.exe
%Temp%\kjh102k3.exe
%Temp%\kn.a.exe
%Temp%\kock.exe
%Temp%\ljts-23.exe
%Temp%\lkhgg_ea.exe
%Temp%\lols.exe
%Temp%\ploper.exe
%Temp%\poertd.exe
%Temp%\ppddfcfux.exxe
%Temp%\protector2.exe
%Temp%\pswwg3c.exe
%Temp%\puzpup.exe
%Temp%\qwedvor.exe
%Temp%\qwklrvjhqlkj.exe
%Temp%\r0life.exe
%Temp%\rator.exe
%Temp%\rtfme.exe
%Temp%\safe.exe
%Temp%\snowif.exe
%Temp%\sycre.exe
%Temp%\timem.exe
%Temp%\tryh-blv.exe
%Temp%\w32-reno-c.exe
%Temp%\w32rim_mem.exe
%Temp%\warsddd_w.exe
%Temp%\wefgetn_00.exe
%Temp%\wined.exe
%Temp%\winifi.exe
%Temp%\wrcud12.exe
%Temp%\wrfwe_di.exe
%Temp%\wwautrsd.exe
%Temp%\wwwsssgen.exe
%Temp%\_2.tmp
%Temp%\1iowieoo.exe
%Temp%\02c9c3c35bdx5.exe
%Temp%\8gmsed-bd.exe
%Temp%\17dkf.exe
%Temp%\472a10e2ebxd9.exe
%Temp%\56493.exe
%Temp%\ae0965a7157cd.exe
%Temp%\al3erfa3.exe
%Temp%\alerfa.exe
%Temp%\alerfa2.exe
%Temp%\altedf.exe
%UserProfile%\Start Menu\Programs\Security Monitor.lnk
%UserProfile%\Start Menu\Programs\Security Monitor\
%UserProfile%\Start Menu\Programs\Security Monitor\Help Security Monitor.lnk
%UserProfile%\Start Menu\Programs\Security Monitor\How to Activate Security Monitor.lnk
%UserProfile%\Start Menu\Programs\Security Monitor\Security Monitor.lnk
%UserProfile%\Start Menu\Programs\Security Monitor\Activate Security Monitor.lnk

Create new registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run\
Security Monitor = “%AppData%\Security Monitor\Security Monitor.exe” /STARTUP
Security Monitor 2012 Security = %AppData%\Security Monitor\securitymanager.exe

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Uninstall\Security Monitor\
DisplayName = Security Monitor
UninstallString = “%AppData%\Security Monitor\securityhelper.exe” /UNINSTALL
DisplayIcon = “%AppData%\Security Monitor\securityhelper.exe”,1

HKEY_CURRENT_USER\software\Security Monitor\
(Default) = %AppData%\Security Monitor
BuyUrl = B65B17E3F9DA41446905D3BE0E550632B225D0DB132371E38F96D84D2B2F05B40CF125…
uninstaller = %AppData%\Security Monitor\securityhelper.exe
ADVid = 390
InstallDir = %AppData%\Security Monitor\
SoftID = Security Monitor
ScanSystemOnStartup = 01000000
AutomaticallyUpdates = 01000000
BackgroundScan = 01000000
BackgroundScanTimeout = 01000000
tb = DB070C0003000E000D00090015002202
InstNM =%AppData%\Security Monitor\Security Monitor.exe
LastTimeStamp = FD000000
LastUpdateDate = 2011/11/23

Screenshots:

How to remove the infection of Security Monitor 2012 (Rogue.Win32.SecurityMonitor2012)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Antivirii 2011 Rogue Removal Instructions

emsi — Tue, 13 Dec 2011 08:03:19 +0000

The Emsisoft malware research team has discovered a new outbreak of the Antivirii 2011. Emsisoft Anti-Malware detects this malware as Rogue.Win32.Antivirii2011.

Antivirii 2011 is a rogue application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%SystemRoot%\llwzhxdd.exe
%SystemRoot%\antivirii.exe

Create new registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run\
Security = %SystemRoot%\llwzhxdd.exe

HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\
Debugger = C:\xhergjui.exe

Screenshots:

How to remove the infection of Antivirii 2011 (Rogue.Win32.Antivirii2011)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

XP Antivirus 2012 (MultiFakeAV) Rogue Removal Instructions

emsi — Tue, 29 Nov 2011 13:51:44 +0000

The Emsisoft malware research team has discovered a new outbreak of the XP Antivirus 2012 (MultiFakeAV). Emsisoft Anti-Malware detects this malware as Rogue.Win32.MultiFakeAV.

XP Antivirus 2012 is a rogue application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase. This rogue scanner program able to change their name depend on the operating system, on Windows 7 for example, the name is “Win 7 Antispyware 2012“.

Create new files:

%AllUsersProfile%\Application Data\157850g1p046c522p184r5dtv4q8
%AppData%\157850g1p046c522p184r5dtv4q8
%Temp%\157850g1p046c522p184r5dtv4q8
%UserProfile%\Templates\157850g1p046c522p184r5dtv4q8
%UserProfile%\Local Settings\Application Data\%random%.exe

Create/modify new registry entries:

HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\
command = “%UserProfile%\Local Settings\Application Data\%random%.exe” -a “C:\Program Files\Mozilla Firefox\firefox.exe”

HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\
command = “%UserProfile%\Local Settings\Application Data\%random%.exe” -a “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode

HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\
command = “%UserProfile%\Local Settings\Application Data\%random%.exe” -a “C:\Program Files\Internet Explorer\iexplore.exe”

HKEY_CLASSES_ROOT\.exe
(Default) = exefile

HKEY_CLASSES_ROOT\.exe\
Content Type = application/x-msdownload
DefaultIcon = %1

HKEY_CLASSES_ROOT\.exe\shell\open\command
(Default) = “%UserProfile%\Local Settings\Application Data\%random%.exe” -a “%1″ %*
IsolatedCommand = “%1″ %*

HKEY_CLASSES_ROOT\.exe\shell\runas\command
(Default) = “%1″ %*
IsolatedCommand = “%1″ %*

HKEY_CLASSES_ROOT\exefile
(Default) = Application
Content Type = application/x-msdownload
DefaultIcon = %1

HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = “%UserProfile%\Local Settings\Application Data\%random%.exe” -a “%1″ %*
IsolatedCommand = “%1″ %*

HKEY_CLASSES_ROOT\exefile\shell\runas\command
(Default) = “%1″ %*
IsolatedCommand = “%1″ %*

Screenshots:

To register and uninstall this rogue application, you can try the following serial number:

3425-814615-3990

How to remove the infection of XP Antivirus 2012 (MultiFakeAV) (Rogue.Win32.MultiFakeAV)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Cloud AV 2012 Rogue Removal Instructions

emsi — Fri, 25 Nov 2011 06:54:00 +0000

The Emsisoft malware research team has discovered a new outbreak of the Cloud AV 2012. Emsisoft Anti-Malware detects this malware as Rogue.Win32.CloudAV2012.

Cloud AV 2011 is a rogue application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

The following is another variant of AV Protection 2011:

Create new files:

%ProgramFiles%\4DA54\
%ProgramFiles%\4DA54\lvvm.exe
%ProgramFiles%\LP\
%ProgramFiles%\LP\41F5\
%ProgramFiles%\LP\41F5\9.tmp
%ProgramFiles%\LP\41F5\18.tmp
%ProgramFiles%\LP\41F5\A.tmp
%ProgramFiles%\LP\41F5\C29.exe
%SystemRoot%\system32\Cloud AV 2012v121.exe
%AppData%\ahst.lni
%AppData%\dwme.exe
%AppData%\50C4D\
%AppData%\50C4D\57741.exe
%AppData%\50C4D\DA54.0C4
%AppData%\z8gTZqhYCkVlNx0\
%AppData%\DaQH6sWK7R9TqUe\
%AppData%\uS2ibF3pn5Q6W8R\
%AppData%\XZqjYCekIr\
%UserProfile%\Desktop\Cloud AV 2012.lnk
%Temp%\8.tmp
%Temp%\dwme.exe
%UserProfile%\Start Menu\Programs\Cloud AV 2012\
%UserProfile%\Start Menu\Programs\Cloud AV 2012\Cloud AV 2012.lnk

Create/modify registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run\
fgRZ9hYXwUeOtPy8234A = %SystemRoot%\system32\Cloud AV 2012v121.exe
pIBrzPNyx1v2b4m = %AppData%\dwme.exe
C29.exe = %ProgramFiles%\LP\41F5\C29.exe

HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\wscsvc\
Start = 0×00000003

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon\
Shell = explorer.exe,%AppData%\50C4D\57741.exe

Screenshots:

To register and uninstall this rogue application, you can try the following serial number:

9992665263

How to remove the infection of Cloud AV 2012 (Rogue.Win32.CloudAV2012)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

AV Protection 2011 Rogue Removal Instructions

emsi — Wed, 23 Nov 2011 16:48:57 +0000

The Emsisoft malware research team has discovered a new outbreak of the AV Protection 2011. Emsisoft Anti-Malware detects this malware as Rogue.Win32.AVProtection2011.

AV Protection 2011 is a rogue application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

The following is another variant of AV Protection 2011:

Create new files and folders:

%ProgramFiles%\4DA54\
%ProgramFiles%\4DA54\lvvm.exe
%ProgramFiles%\LP\
%ProgramFiles%\LP\41F5\
%ProgramFiles%\LP\41F5\17.tmp
%ProgramFiles%\LP\41F5\18.tmp
%ProgramFiles%\LP\41F5\19.tmp
%ProgramFiles%\LP\41F5\C29.exe
%SystemRoot%\system32\AV Protection 2011v121.exe
%AppData%\dwme.exe
%AppData%\ldr.ini
%AppData%\50C4D\
%AppData%\50C4D\DA54.0C4
%AppData%\50C4D\57741.exe
%AppData%\fJ6dEK8fR9YwUeO\
%AppData%\gkIVrlONtAuSiFp\
%AppData%\hP0ycS1iv3n4m6W\
%AppData%\XP0ucS1ib3n4Q6W\
%UserProfile%\Desktop\AV Protection 2011.lnk
%Temp%\dwme.exe
%Temp%\1A.tmp
%Temp%\16.tmp
%UserProfile%\Start Menu\Programs\AV Protection 2011\
%UserProfile%\Start Menu\Programs\AV Protection 2011\AV Protection 2011.lnk

Create/modify registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run\
jD2onF4pm5W7E8T8234A = %SystemRoot%\system32\AV Protection 2011v121.exe
AG5aQJ6dW8R9TwU = %AppData%\dwme.exe
C29.exe = %ProgramFiles%\LP\41F5\C29.exe

HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\wscsvc\
Start = 03000000

HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon\
Shell = explorer.exe,%AppData%\50C4D\57741.exe

Screenshots:

To register and uninstall this rogue application, you can try the following serial number:

9992665263

How to remove the infection of AV Protection 2011 (Rogue.Win32.AVProtection2011)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

System Fix Rogue Removal Instructions

emsi — Tue, 15 Nov 2011 09:31:34 +0000

The Emsisoft malware research team has discovered a new outbreak of the System Fix rogue. Emsisoft Anti-Malware detects this malware as Rogue.Win32.SystemFix.

System Fix is a rogue application, another variant of System Restore, Data Restore, Data Recovery, System Recovery, Master Utilities, PC Repair, HDD Repair and System Repair. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AllUsersProfiles%\Application Data\[random]
%AllUsersProfiles%\Application Data\[random].exe
%AllUsersProfiles%\Application Data\[random].exe
%AllUsersProfiles%\Application Data\~[random]
%AllUsersProfiles%\Application Data\~[random]
%AllUsersProfiles%\Local Settings\Temp\37dbffa0005fc824.exe
%AppData%\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
%UserProfile%\Desktop\System Fix.lnk
%Temp%\36.tmp
%Temp%\ulN4aaevqp3o76.exe.tmp
%Temp%\smtmp\
%Temp%\smtmp\1\
%Temp%\smtmp\2\
%Temp%\smtmp\4\
%UserProfile%\Start Menu\Programs\System Fix\
%UserProfile%\Start Menu\Programs\System Fix\System Fix.lnk
%UserProfile%\Start Menu\Programs\System Fix\Uninstall System Fix.lnk

Create/modify registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
[random]: %AllUsersProfiles%\Local Settings\Temp\37dbffa0005fc824.exe

HKEY_CURRENT_USER\Control Panel\
nsreg: 0010C24E
bin: 43003A005C0044006F00630075006D006500…

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\
DisableTaskMgr: 0×00000001

HKEY_CURRENT_USER\Software\
75fa38b7-8b94-4995-ad32-52e938867954:
BD: 43 00 3A 00 5C 00 44 00 6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 73 00 20 00 61 00…

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\
Use FormSuggest: “Yes”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
WarnonBadCertRecving: 0×00000000
CertificateRevocation: 0×00000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\
NoChangingWallPaper: 0×00000001
HidNoChangingWallPaperden: 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDesktop: 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\
LowRiskFileTypes: “.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;
.mp3;.m3u;.wav;.scr;”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\
SaveZoneInformation: 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
%random%: “%AllUsersProfile%\Application Data\%random%.exe”

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\
CheckExeSignatures: “no”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Hidden: 0×00000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
ShowSuperHidden: 0×00000000

HTTP Requests:

ld2repgnifnmgfk.com
85.121.39.27
galaxyadvanta.com
pubidviseron.com
subishiphil.com

Screenshots:

To register and uninstall this rogue application, you can try the following serial number, and enter any email:

1203978628012489708290478989147

How to remove the infection of System Fix (Rogue.Win32.SystemFix)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

AV Security 2012 Adware Removal Instructions

emsi — Thu, 10 Nov 2011 13:05:24 +0000

The Emsisoft malware research team has discovered a new outbreak of the AV Security 2012. Emsisoft Anti-Malware detects this malware as Adware.Win32.AVSecurity2012.

AV Security 2012 is a rogue application. This is another variant of System Security 2011, AV Protection Online, Guard Online and Cloud Protection. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%SystemRoot%\system32\AV Security 2012v121.exe
%AppData%\ldr.ini
%AppData%\[random]\
%AppData%\[random]\
%AppData%\[random]\AV Security 2012.ico
%AppData%\[random]\
%UserProfile%\Desktop\AV Security 2012.lnk
%UserProfile%\Local Settings\Temp\B.tmp
%UserProfile%\Start Menu\Programs\AV Security 2012\
%UserProfile%\Start Menu\Programs\AV Security 2012\AV Security 2012.lnk

Create new registry entry:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run
“[random]=%SystemRoot%\system32\AV Security 2012v121.exe”

Screenshots:

To register and uninstall this rogue application, you can try the following serial number:

9992665263

How to remove the infection of AV Security 2012 (Adware.Win32.AVSecurity2012)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Privacy Protection Adware Removal Instructions

emsi — Mon, 07 Nov 2011 09:23:52 +0000

The Emsisoft malware research team has discovered a new outbreak of the Privacy Protection. Emsisoft Anti-Malware detects this malware as Adware.Win32.PrivacyProtection.

Privacy Protection is a rogue application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AllUsersProfiles%\Application Data\privacy.exe
%AllUsersProfiles%\Desktop\Privacy Protection.lnk
%Temp%\6C.tmp

Create new registry entries:

HKEY_CURRENT_USER\Software\EFF9375FC10561A906A809B93DD5038F
FRun=”0″
O`ld=”Qshw`bx!Qsnudbuhno”
Q`ui=”B;]Enbtldour!`oe!Rduuhofr]@mm!Trdsr]@qqmhb`uhno!E…”

HKEY_CURRENT_USER|\Software\Microsoft\Windows\CurrentVersion\Run
Privacy Protection = %AllUsersProfiles%\Application Data\privacy.exe

Screenshots:

How to remove the infection of Privacy Protection (Adware.Win32.PrivacyProtection)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

System Security 2011 Adware Removal Instructions

emsi — Mon, 24 Oct 2011 02:57:03 +0000

The Emsisoft malware research team has discovered a new outbreak of the System Security 2011. Emsisoft Anti-Malware detects this malware as Adware.Win32.SystemSecurity2011.

System Security 2011 is a rogue application. This is another variant of AV Protection Online, Guard Online and Cloud Protection. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%SystemRoot%\system32\[random].exe
%AppData%\ldr.ini
%AppData%\svhostu.exe
%AppData%\[random]\
%AppData%\[random]\
%AppData%\[random]\
%AppData%\[random]\System Security 2011.ico
%AppData%\[random]\
%UserProfile%\Desktop\System Security 2011.lnk
%UserProfile%\Local Settings\Temp\B.tmp
%UserProfile%\Local Settings\Temp\svhostu.exe
%UserProfile%\Start Menu\Programs\System Security 2011\
%UserProfile%\Start Menu\Programs\System Security 2011\System Security 2011.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run\
(String) [random] = %SystemRoot%\system32\[random].exe
(String) [random] = %AppData%\svhostu.exe

Screenshots:

To register and uninstall this rogue application, you can try the following serial number:

9992665263

How to remove the infection of System Security 2011 (Adware.Win32.SystemSecurity2011)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

AV Protection Online Adware Removal Instructions

emsi — Wed, 19 Oct 2011 16:54:07 +0000

The Emsisoft malware research team has discovered a new outbreak of the AV Protection Online. Emsisoft Anti-Malware detects this malware as Adware.Win32.AVProtectionOnline.

AV Protection Online is a rogue application. This is another variant of Guard Online and Cloud Protection. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%SystemRoot%\system32\[random].exe
%AppData%\[random]\
%AppData%\[random]\
%AppData%\[random]\
%AppData%\[random]\
%AppData%\[random]\AV Protection Online.ico
%AppData%\ldr.ini
%AppData%\svhostu.exe
%UserProfile%\Desktop\AV Protection Online.lnk
%UserProfile%\Local Settings\Temp\svhostu.exe
%UserProfile%\Local Settings\Temp\B.tmp
%UserProfile%\Start Menu\Programs\AV Protection Online\
%UserProfile%\Start Menu\Programs\AV Protection Online\AV Protection Online.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run\
(String) [random] = %SystemRoot%\system32\[random].exe
(String) [random] = %UserProfile%\Local Settings\Temp\svhostu.exe

Screenshots:

To register and uninstall this rogue application, you can try the following serial number:

9992665263

How to remove the infection of AV Protection Online (Adware.Win32.AVProtectionOnline)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Cloud Protection Adware Removal Instructions

emsi — Wed, 12 Oct 2011 15:29:01 +0000

The Emsisoft malware research team has discovered a new outbreak of the Cloud Protection. Emsisoft Anti-Malware detects this malware as Adware.Win32.CloudProtection.

Cloud Protection is a rogue application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%ProgramFiles%\Internet Explorer\BE.tmp
%SystemRoot%\system32\%random%.exe
%AppData%\svhostu.exe
%AppData%\ldr.ini
%AppData%\%random%\
%AppData%\%random%\
%AppData%\%random%\
%AppData%\%random%\Cloud Protection.ico
%AppData%\%random%\
%UserProfile%\Desktop\Cloud Protection.lnk
%UserProfile%\Local Settings\Temp\BF.tmp
%UserProfile%\Local Settings\Temp\C1.tmp
%UserProfile%\Local Settings\Temp\svhostu.exe
%UserProfile%\Start Menu\Programs\Cloud Protection\
%UserProfile%\Start Menu\Programs\Cloud Protection\Cloud Protection.lnk
%UserProfile%\Start Menu\Programs\Startup\crss.exe

Create new registry entries:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run
“%random%=C:\WINDOWS\system32\%random%.exe”
“%random%=%UserProfile%\Local Settings\Temp\svhostu.exe”

Screenshots:

To register and uninstall this rogue application, you can try the following serial number:

9992665263

How to remove the infection of Cloud Protection (Adware.Win32.CloudProtection)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Guard Online Adware Removal Instructions

emsi — Wed, 12 Oct 2011 09:07:51 +0000

The Emsisoft malware research team has discovered a new outbreak of the Guard Online. Emsisoft Anti-Malware detects this malware as Adware.Win32.GuardOnline.

Guard Online is a rogue application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%ProgramFiles%\Internet Explorer\5C.tmp
%SystemRoot%\system32\%random%.exe
%AppData%\ldr.ini
%AppData%\%random%\
%AppData%\%random%\
%AppData%\%random%\Guard Online .ico
%AppData%\%random%\
%UserProfile%\Desktop\Guard Online .lnk
%UserProfile%\Local Settings\Temp\DX5B.tmp
%UserProfile%\Local Settings\Temp\DX5B.tmp.exe
%UserProfile%\Local Settings\Temp\5D.tmp
%UserProfile%\Start Menu\Programs\Guard Online\
%UserProfile%\Start Menu\Programs\Startup\crss.exe

Create new registry entry:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run
“%random%=%SystemRoot%\system32\%random%.exe”

Screenshots:

To register and uninstall this rogue application, you can try the following serial number:

9992665263

How to remove the infection of Guard Online (Adware.Win32.GuardOnline)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

System Restore Adware Removal Instructions

emsi — Wed, 12 Oct 2011 08:54:26 +0000

The Emsisoft malware research team has discovered a new outbreak of the System Restore adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.SystemRestore.

System Restore is a rogue application, another variant of Data Restore, Data Recovery, System Recovery, Master Utilities, PC Repair, HDD Repair and System Repair. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

%AllUsersProfiles%\Application Data\~%random%r
%AllUsersProfiles%\Application Data\%random%.exe
%AllUsersProfiles%\Application Data\%random%.exe
%AllUsersProfiles%\Application Data\%random%
%AllUsersProfiles%\Application Data\~%random%
%UserProfile%\Desktop\System Restore.lnk
%UserProfile%\Local Settings\Temp\smtmp\
%UserProfile%\Local Settings\Temp\smtmp\1\
%UserProfile%\Local Settings\Temp\smtmp\2\
%UserProfile%\Local Settings\Temp\smtmp\4\
%UserProfile%\Start Menu\Programs\System Restore\
%UserProfile%\Start Menu\Programs\System Restore\System Restore.lnk
%UserProfile%\Start Menu\Programs\System Restore\Uninstall System Restore.lnk

Create/modify registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\
DisableTaskMgr: 0×00000001

HKEY_CURRENT_USER\Software\
75fa38b7-8b94-4995-ad32-52e938867954:
BD: 43 00 3A 00 5C 00 44 00 6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 73 00 20 00 61 00…

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\
Use FormSuggest: “Yes”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
WarnonBadCertRecving: 0×00000000
CertificateRevocation: 0×00000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\
NoChangingWallPaper: 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDesktop: 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\
LowRiskFileTypes: “.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;
.mp3;.m3u;.wav;.scr;”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\
SaveZoneInformation: 0×00000001

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
%random%: “%AllUsersProfile%\Application Data\%random%.exe”

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\
CheckExeSignatures: “no”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Hidden: 0×00000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
ShowSuperHidden: 0×00000000

Screenshots:

To register and uninstall this rogue application, you can try the following serial number, and enter any email:

1203978628012489708290478989147

How to remove the infection of System Restore (Adware.Win32.SystemRestore)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Emsisoft New Malware Blog

Windows Pro Safety Release Rogue Removal Instructions

Related Posts:

Windows Safeguard Upgrade Rogue Removal Instructions

Related Posts:

Windows Secure Surfer Rogue Removal Instructions

Related Posts:

Windows Be-on Guard Edition Rogue Removal Instructions

Related Posts:

Windows Abnormality Checker Rogue Removal Instructions

Related Posts:

Windows Pro Solutions Rogue Removal Instructions

Related Posts:

Windows Sleek Performance Rogue Removal Instructions

Related Posts:

Windows ProSecurity Scanner Rogue Removal Instructions

Related Posts:

Total Anti Malware Protection Rogue Removal Instructions

Related Posts:

Best Antivirus Software Rogue Removal Instructions

Related Posts:

Windows Advanced User Patch Rogue Removal Instructions

Related Posts:

Windows Pro Web Helper Rogue Removal Instructions

Related Posts:

Windows Internet Booster Rogue Removal Instructions

Related Posts:

Windows Safety Module Rogue Removal Instructions

Related Posts:

Windows Recovery Series Rogue Removal Instructions

Related Posts:

Data Recovery Rogue Removal Instructions

Related Posts:

Windows Safety Checkpoint Rogue Removal Instructions

Related Posts:

Windows Premium Guard Rogue Removal Instructions

Related Posts:

Windows Efficiency Accelerator Rogue Removal Instructions

Related Posts:

Windows Performance Adviser Rogue Removal Instructions

Related Posts:

Windows Safety Toolkit Rogue Removal Instructions

Related Posts:

Windows Foolproof Protector Rogue Removal Instructions

Related Posts:

Windows Guard Solutions Rogue Removal Instructions

Related Posts:

Windows Crucial Scanner Rogue Removal Instructions

Related Posts:

Windows Safety Manager Rogue Removal Instructions

Related Posts:

Windows Antivirus Patch Rogue Removal Instructions

Related Posts:

Windows Protection Unit Rogue Removal Instructions

Related Posts:

Windows Antibreaking System Rogue Removal Instructions

Related Posts:

Windows Component Protector Rogue Removal Instructions

Related Posts:

Windows Stability Maximizer Rogue Removal Instructions

Related Posts:

Windows Cleaning Tools Rogue Removal Instructions

Related Posts:

Windows Efficiency Reservoir Rogue Removal Instructions

Related Posts:

Windows Care Taker Rogue Removal Instructions

Related Posts:

Windows Custodian Utility Rogue Removal Instructions

Related Posts:

Advanced Antispyware Solution Rogue Removal Instructions

Related Posts:

Windows Shielding Utility Rogue Removal Instructions

Related Posts:

SMART HDD Rogue Removal Instructions

Related Posts:

Windows Warding System Rogue Removal Instructions

Related Posts:

Windows First-Class Protector Rogue Removal Instructions

Related Posts:

Windows Activity Debugger Rogue Removal Instructions