Emsisoft New Malware Blog - Antimalware news, new rogue/spyware/scareware alerts and infection removal help

Jun 06

SysAntivirus Adware Removal Instructions

The Emsisoft malware research team has discoverd a new outbreak of the SysAntivirus adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.SysAntivirus.

SysAntivirus is a rogue security program, this is a new variant of XJR Antivirus, AKM Antivirus 2010 Pro and RTS Antivirus 2010. The maker of this rogue give it name as Sysinternals Antivirus. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files:

%ProgramFiles%\wp3.dat
%ProgramFiles%\wp4.dat
%ProgramFiles%\wpp.exe
%ProgramFiles%\adc_w32.dll
%ProgramFiles%\alggui.exe
%ProgramFiles%\nuar.old
%ProgramFiles%\skynet.dat
%ProgramFiles%\svchost.exe
%ProgramFiles%\Sysinternals Antivirus\Sysinternals Antivirus.exe
%UserProfile%\Desktop\Sysinternals Antivirus.lnk
%UserProfile%\Start Menu\Programs\Sysinternals Antivirus\Sysinternals Antivirus.lnk
C:\Sysinternals Antivirus\Sysinternals Antivirus.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\Classes\CLSID\{149256D5-E103-4523-BB43-2CFB066839D6}
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{149256D5-E103-4523-BB43-2CFB066839D6}\InprocServer32
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{149256D5-E103-4523-BB43-2CFB066839D6}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdbUpd
HKEY_CURRENT_USER\software\Sysinternals Antivirus
HKEY_CURRENT_USER\software\Sysinternals Antivirus\wpp
HKEY_CURRENT_USER\software\Sysinternals Antivirus\wpp\Registration
HKEY_CURRENT_USER\software\Sysinternals Antivirus\wpp\setdata
HKEY_USERS\S-1-5-18\Software\Sysinternals Antivirus
HKEY_USERS\S-1-5-18\Software\Sysinternals Antivirus\Sysinternals Antivirus
HKEY_USERS\S-1-5-18\Software\Sysinternals Antivirus\Sysinternals Antivirus\Registration
HKEY_USERS\S-1-5-18\Software\Sysinternals Antivirus\Sysinternals Antivirus\setdata

Screenshots:

How to remove the infection of SysAntivirus (Adware.Win32.SysAntivirus)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Tags: Rogue, SysAntivirus
Posted in Malware Alerts, Removal Help | Comments Off

Jun 03

Security Master AV Adware Removal Instructions

The Emsisoft malware research team has discovered a new outbreak of the Security Master AV adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.SecurityMasterAV.

Security Master AV is a rogue security software that show false warning messages and show misleading scan results, this is another variant from My Security Engine, or CleanUP Antivirus. It will start automatically when your computer starts. The installer will also create numerous harmless files on your computer, usually at Recent folder, that are used to impersonate malware files. Once the program is running it will scan your computer and then display these files as infections, but will not allow you to remove them until you purchase the program.

Create new files:

%AllUsersProfile%\Application Data\%random%\SMAV.ico
%AllUsersProfile%\Application Data\%random%\SM%random%.exe
%AllUsersProfile%\Application Data\SM%random%AV\SM%random%AV.cfg
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Master AV.lnk
%UserProfile%\Application Data\Security Master AV\cookies.sqlite
%UserProfile%\Desktop\Security Master AV.lnk
%UserProfile%\Recent\dudl.exe
%UserProfile%\Recent\eb.tmp
%UserProfile%\Recent\fix.dll
%UserProfile%\Recent\hymt.exe
%UserProfile%\Recent\hymt.sys
%UserProfile%\Recent\kernel32.exe
%UserProfile%\Recent\kernel32.tmp
%UserProfile%\Recent\PE.tmp
%UserProfile%\Recent\ppal.sys
%UserProfile%\Recent\SICKBOY.tmp
%UserProfile%\Recent\tempdoc.exe
%UserProfile%\Recent\tjd.tmp
%UserProfile%\Recent\CLSV.exe
%UserProfile%\Recent\CLSV.sys
%UserProfile%\Start Menu\Security Master AV.lnk
%UserProfile%\Start Menu\Programs\Security Master AV.lnk

Create new registry entries:

HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “Security Master AV”
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\a.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aAvgApi.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AAWTray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\About.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ackwin32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Ad-Aware.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\adaware.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\advxdwin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AdwarePrj.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\agent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\agentsvr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\agentw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\alertsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\alevir.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\alogserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AlphaAV
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AlphaAV.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AluSchedulerSvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\amon9x.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\anti-trojan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Anti-Virus Professional.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntispywarXP2009.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\antivirus.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusPlus
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusPlus.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusPro_2010.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusXP
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntivirusXP.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\antivirusxppro2009.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AntiVirus_Pro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ants.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\apimonitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aplica32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\apvxdwin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\arr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Arrakis3.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashAvast.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashBug.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashChest.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashCnsnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashDisp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashLogV.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashMaiSv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashPopWz.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashQuick.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashServ.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashSimp2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashSimpl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashSkPcc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashSkPck.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashUpd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ashWebSv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aswChLic.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aswRegSvr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aswRunDll.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aswUpdSv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atcon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atguard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atro55en.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atupdater.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\atwatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\au.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\aupdate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\auto-protect.nav80try.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\autodown.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\autotrace.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\autoupdate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\av360.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avadmin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AVCare.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avcenter.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avciman.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avconfig.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avconsol.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ave32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AVENGINE.EXE
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgcc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgchk.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgcmgr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgcsrvx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgctrl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgdumpx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgemc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgiproxy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgnsx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgrsx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgscanx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgserv9.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgsrmax.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgtray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgupd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avgwdsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avkpop.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avkserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avkservice.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avkwctl9.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avltmain.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avmailc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avmcdlg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avnotify.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avp32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avpcc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avpdos32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avpm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avptc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avpupd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avsched32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avsynmgr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avupgsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\AVWEBGRD.EXE
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwin95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwinnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwsc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwupd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwupd32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avwupsrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avxmonitor9x.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avxmonitornt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\avxquar.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\b.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\backweb.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bargains.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdfvcl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdfvwiz.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\BDInProcPatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdmcon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\BDMsnScan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdreinit.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdsubwiz.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\BDSurvey.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdtkexec.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdwizreg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bd_professional.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\beagle.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\belt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bidef.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bidserver.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bipcp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bipcpevalsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bisp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\blackd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\blackice.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\blink.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\blss.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bootconf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bootwarn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\borg2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bpc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\brasil.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\brastk.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\brw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bs120.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bspatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bundle.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bvt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\c.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cavscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ccapp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ccevtmgr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ccpxysvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ccSvcHst.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cdp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfgwiz.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfiadmin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfiaudit.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfinet.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfinet32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfpconfg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfplogvw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cfpupdat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Cl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\claw95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\claw95cf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\clean.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cleaner.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cleaner3.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cleanIELow.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cleanpc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\click.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmd32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmdagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmesys.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmgrdian.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cmon016.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\connectionmonitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\control
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cpd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cpf9×206.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cpfnt206.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\crashrep.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\csc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cssconfg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cssupdat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cssurf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ctrl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cwnb181.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\cwntdwmo.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\d.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\datemanager.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dcomx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\defalert.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\defscangui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\defwatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\deloeminfs.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\deputy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dllcache.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dllreg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\doors.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dop.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dpf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dpfsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dpps2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\driverctrl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\drwatson.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\drweb32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\drwebupw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dssagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dvp95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\dvp95_0.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ecengine.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\efpeadm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ekrn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\emsw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\esafe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\escanhnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\escanv95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\espwatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ethereal.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\etrustcipe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\evpn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\exantivirus-cnet.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\exe.avxw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\expert.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\explore.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\f-agnt95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\f-prot.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\f-prot95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\f-stopw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fact.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fameh32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fast.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fch32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fih32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\findviru.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\firewall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fixcfg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fixfp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fnrb32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fp-win.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fp-win_trial.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fprot.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\frmwrk32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\frw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsaa.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav530stbyb.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav530wtbyb.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsav95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsgk32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsm32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsma32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\fsmb32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gator.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gbmenu.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gbn976rl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gbpoll.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\generics.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\gmt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\guard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\guarddog.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\guardgui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hacktracersetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hbinst.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hbsrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\History.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\homeav2010.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hotactio.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hotpatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\htlog.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\htpatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hwpe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hxdl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\hxiul.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iamapp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iamserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iamstats.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ibmasn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ibmavsp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icload95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icloadnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icsupp95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\icsuppnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Identity.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\idle.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iedll.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iedriver.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\IEShow.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iface.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ifw2000.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\inetlnfo.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\infus.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\infwin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\init.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\init32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\install[1].exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\install[2].exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\install[3].exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\install[4].exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\install[5].exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\intdel.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\intren.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\iomon98.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\istsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\jammer.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\jdbgmrg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\jedi.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\JsRcGen.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kavlite40eng.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kavpers40eng.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kavpf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kazza.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\keenvalue.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kerio-pf-213-en-win.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kerio-wrl-421-en-win.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\kerio-wrp-421-en-win.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\killprocesssetup161.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\launcher.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ldnetmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ldpro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ldpromenu.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ldscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\licmgr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\livesrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lnetinfo.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\loader.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\localnet.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lockdown.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lockdown2000.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lookout.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lordpe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\luall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\luau.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\lucomserver.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\luinit.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\luspt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\MalwareRemoval.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mapisvc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcmnhdlr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcmscsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcnasvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcproxy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\McSACore.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcshell.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcshield.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcsysmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mctool.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcupdate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcvsrte.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mcvsshld.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\md.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mfin32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mfw2en.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mfweng3.02d30.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mgavrtcl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mgavrte.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mghtml.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mgui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\minilog.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mmod.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\monitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\moolive.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mostat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mpfagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mpfservice.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\MPFSrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mpftray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mrflux.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mrt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msa.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msapp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msbb.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msblast.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mscache.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msccn32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mscman.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msconfig
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msdm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msdos.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msfwsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msiexec16.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mslaugh.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmgt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\MsMpEng.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msmsgri32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mssmmc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mssys.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\msvxd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mu0311ad.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\mwatch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\n32scanw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navap.navapsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navapsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navapw32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navdx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navlu32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navstub.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navw32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\navwnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nc2000.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ncinst4.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ndd32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\neomonitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\neowatchlog.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netarmor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netd32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netinfo.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netscanpro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netspyhunter-1.2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\netutils.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nisserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nisum.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nmain.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nod32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\normist.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\norton_internet_secu_3.0_407.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\notstart.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\npf40_tw_98_nt_me_2k.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\npfmessenger.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nprotect.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\npscheck.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\npssvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nsched32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nssys32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nstask32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nsupdate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ntrtscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ntvdm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ntxconfig.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nupgrade.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nvarch16.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nvc95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nvsvc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nwinst4.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nwservice.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\nwtool16.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\OAcat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\OAhlp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\OAReg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\oasrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\oaui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\oaview.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\OcHealthMon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ODSW.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ollydbg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\onsrvr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\optimize.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ostronet.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\otfix.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\outpost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\outpostinstall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\outpostproinstall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ozn695m5.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\padmin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\panixk.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\patch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavcl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PavFnSvr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavproxy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavprsrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavsched.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavsrv51.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pavw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pccwin98.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pcfwallicon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pcip10117_0.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pcscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsAuxs.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsGui.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsSvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pctsTray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PC_Antispyware2010.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pdfndr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pdsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PerAvir.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\periscope.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\persfw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\personalguard
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\personalguard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\perswf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pf2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pfwadmin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pgmonitr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pingscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\platin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pop3trap.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\poproxy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\popscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\portdetective.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\portmonitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\powerscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ppinupdt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pptbc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ppvstop.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\prizesurfer.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\prmt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\prmvr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\procdump.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\processmonitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\procexplorerv1.0.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\programauditor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\proport.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\protector.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\protectx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PSANCU.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PSANHost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PSANToManager.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PsCtrls.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PsImSvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PskSvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\pspf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\PSUNMain.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\purge.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\qconsole.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\qh.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\qserver.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Quick Heal.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\QuickHealCleaner.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rapapp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rav7.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rav7win.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rav8win32eng.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rb32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rcsync.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\realmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\reged.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\regedt32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rescue.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rescue32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rrguard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rscdwld.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rshell.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rtvscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rtvscn95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rulaunch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rwg
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\rwg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SafetyKeeper.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\safeweb.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sahagent.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Save.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SaveArmor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SaveDefense.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SaveKeep.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\savenow.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sbserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scam32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scan32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scan95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scanpm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\scrscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\seccenter.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Secure Veteran.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\secureveteran.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Security Center.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SecurityFighter.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\securitysoldier.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\serv95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\setloadorder.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\setupvameeval.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\setup_flowprotector_us.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sgssfw32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sh.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\shellspyinstall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\shield.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\shn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\showbehind.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\signcheck.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smart.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smartprotector.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smrtdefp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sms.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\smss32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\snetcfg.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\soap.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sofi.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\SoftSafeness.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sperm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spf.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sphinx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spoler.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spoolcv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spoolsv32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spywarexpguard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\spyxx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\srexe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\srng.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ss3edit.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ssgrate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\ssg_4104.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\st2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\start.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\stcloader.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\supftrl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\support.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\supporter5.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\svc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\svchostc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\svchosts.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\svshost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sweep95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sweepnet.sweepsrv.sys.swnetsup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\symlcsvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\symproxysvc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\symtray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\system.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\system32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\sysupd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\taskmgr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\taumon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tbscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tca.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tcm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tds-3.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tds2-98.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tds2-nt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\teekids.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tfak.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tfak5.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tgbob.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\titanin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\titaninxp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\TPSrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\trickler.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\trjscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\trjsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\trojantrap3.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\TrustWarrior.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tsadbot.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tsc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tvmd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\tvtmd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\uiscan.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\undoboot.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\updat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\upgrad.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\upgrepl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\utpost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbcmserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbcons.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbust.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbwin9x.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vbwinntw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vcsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vet32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vet95.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vettray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vfsetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vir-help.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\virusmdpersonalfirewall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\VisthAux.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\VisthLic.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\VisthUpd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vnlan300.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vnpc3000.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vpc32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vpc42.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vpfw30s.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vptray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vscan40.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vscenu6.02d30.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsched.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsecomr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vshwin32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsisetup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsmain.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsserv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsstat.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vswin9xe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vswinntse.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vswinperse.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\w32dsm89.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\W3asbas.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\w9x.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\watchdog.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\webdav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\WebProxy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\webscanx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\webtrap.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wfindv32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\whoswatchingme.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wimmun32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\win-bugsfix.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\win32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\win32us.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winactive.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\windll32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\window.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\windows Police Pro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\windows.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wininetd.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wininitx.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winlogin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winmain.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winppr32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winrecon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winservn.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winss.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winssk32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winssnotify.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\WinSSUI.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winstart.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winstart001.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wintsk32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\winupdate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wkufind.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wnad.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wnt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wradmin.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wrctrl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wsbgate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wscfxas.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wscfxav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wscfxfw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wsctool.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wupdater.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wupdt.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\wyvernworksfirewall.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\xpdeluxe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\xpf202en.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\xp_antispyware.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zapro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zapsetup3001.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zatutor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zonalm2601.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\zonealarm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\_avpcc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\_avpm.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\~1.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\~2.exe

Modify hosts file:

127.0.0.1 localhost
74.125.45.100 4-open-davinci.com
74.125.45.100 securitysoftwarepayments.com
74.125.45.100 privatesecuredpayments.com
74.125.45.100 secure.privatesecuredpayments.com
74.125.45.100 getantivirusplusnow.com
74.125.45.100 secure-plus-payments.com
74.125.45.100 www.getantivirusplusnow.com
74.125.45.100 www.secure-plus-payments.com
74.125.45.100 www.getavplusnow.com
74.125.45.100 safebrowsing-cache.google.com
74.125.45.100 urs.microsoft.com
74.125.45.100 www.securesoftwarebill.com
74.125.45.100 secure.paysecuresystem.com
74.125.45.100 paysoftbillsolution.com
74.125.45.100 protected.maxisoftwaremart.com
173.236.107.243 www.google.com
173.236.107.243 google.com
173.236.107.243 google.com.au
173.236.107.243 www.google.com.au
173.236.107.243 google.be
173.236.107.243 www.google.be
173.236.107.243 google.com.br
173.236.107.243 www.google.com.br
173.236.107.243 google.ca
173.236.107.243 www.google.ca
173.236.107.243 google.ch
173.236.107.243 www.google.ch
173.236.107.243 google.de
173.236.107.243 www.google.de
173.236.107.243 google.dk
173.236.107.243 www.google.dk
173.236.107.243 google.fr
173.236.107.243 www.google.fr
173.236.107.243 google.ie
173.236.107.243 www.google.ie
173.236.107.243 google.it
173.236.107.243 www.google.it
173.236.107.243 google.co.jp
173.236.107.243 www.google.co.jp
173.236.107.243 google.nl
173.236.107.243 www.google.nl
173.236.107.243 google.no
173.236.107.243 www.google.no
173.236.107.243 google.co.nz
173.236.107.243 www.google.co.nz
173.236.107.243 google.pl
173.236.107.243 www.google.pl
173.236.107.243 google.se
173.236.107.243 www.google.se
173.236.107.243 google.co.uk
173.236.107.243 www.google.co.uk
173.236.107.243 google.co.za
173.236.107.243 www.google.co.za
173.236.107.243 www.google-analytics.com
173.236.107.243 www.bing.com
173.236.107.243 search.yahoo.com
173.236.107.243 www.search.yahoo.com
173.236.107.243 uk.search.yahoo.com
173.236.107.243 ca.search.yahoo.com
173.236.107.243 de.search.yahoo.com
173.236.107.243 fr.search.yahoo.com
173.236.107.243 au.search.yahoo.com

Screenshots:

How to remove the infection of Security Master AV (Adware.Win32.SecurityMasterAV)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Tags: Rogue, SecurityMasterAV
Posted in Malware Alerts, Removal Help | Comments Off

May 28

Win Antispyware Center Adware Removal Instructions

The Emsisoft malware research team has discoverd a new outbreak of the Win Antispyware Center adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WinAntispywareCenter.

Win Antispyware Center is a rogue security program. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files:

%ProgramFiles%\WinAntispywareCenter\av.exe
%UserProfile%\Local Settings\Temp\10.tmp

Create or modify registry entries:

HKEY_LOCAL_MACHINE\software\Classes\secfile
HKEY_LOCAL_MACHINE\software\Classes\secfile\DefaultIcon
HKEY_LOCAL_MACHINE\software\Classes\secfile\shell
HKEY_LOCAL_MACHINE\software\Classes\secfile\shell\open
HKEY_LOCAL_MACHINE\software\Classes\secfile\shell\open\command
HKEY_LOCAL_MACHINE\software\Classes\secfile\shell\runas
HKEY_LOCAL_MACHINE\software\Classes\secfile\shell\runas\command
HKEY_LOCAL_MACHINE\software\Classes\secfile\shell\start
HKEY_LOCAL_MACHINE\software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\software\Win Antispyware Center
HKEY_LOCAL_MACHINE\software\Classes\.exe\shell\open\command
(Default) = “C:\Program Files\WinAntispywareCenter\av.exe” /START “%1″ %*
IsolatedCommand = “%1″ %*
HKEY_LOCAL_MACHINE\software\Classes\secfile\shell\open\command
(Default) = “C:\Program Files\WinAntispywareCenter\av.exe” /START “%1″ %*
IsolatedCommand = “%1″ %*
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run
Win Antispyware Center = C:\Program Files\WinAntispywareCenter\av.exe
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run
Win Antispyware Center = C:\Program Files\WinAntispywareCenter\av.exe

Screenshots:

How to remove the infection of Win Antispyware Center (Adware.Win32.WinAntispywareCenter)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Tags: Rogue, WinAntispywareCenter
Posted in Malware Alerts, Removal Help | Comments Off

May 26

XJR Antivirus Adware Removal Instructions

The Emsisoft malware research team has discoverd a new outbreak of the XJR Antivirus adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.XJRAntivirus.

XJR Antivirus is a rogue security program, this is a new variant of AKM Antivirus 2010 Pro and RTS Antivirus 2010. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files:

%ProgramFiles%\wp4.dat
%ProgramFiles%\adc_w32.dll
%ProgramFiles%\alggui.exe
%ProgramFiles%\skynet.dat
%ProgramFiles%\svchost.exe
%ProgramFiles%\wp3.dat
%ProgramFiles%\XJR Antivirus\XJR Antivirus.exe
%UserProfile%\Desktop\XJR Antivirus.lnk
%UserProfile%\Start Menu\Programs\XJR Antivirus\XJR Antivirus.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\Classes\CLSID\{149256D5-E103-4523-BB43-2CFB066839D6}
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{149256D5-E103-4523-BB43-2CFB066839D6}\InprocServer32
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{149256D5-E103-4523-BB43-2CFB066839D6}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdbUpd
HKEY_CURRENT_USER\software\XJR Antivirus
HKEY_CURRENT_USER\software\XJR Antivirus\wpp
HKEY_CURRENT_USER\software\XJR Antivirus\wpp\Registration
HKEY_CURRENT_USER\software\XJR Antivirus\wpp\setdata
HKEY_CURRENT_USER\software\XJR Antivirus\XJR Antivirus
HKEY_CURRENT_USER\software\XJR Antivirus\XJR Antivirus\Registration
HKEY_CURRENT_USER\software\XJR Antivirus\XJR Antivirus\setdata

Modify registry entry:

HKEY_LOCAL_MACHINE\software\Classes\exefile\shell\open\command
Old: = “%1″ %*
New: = C:\Program Files\alggui.exe “%1″ %*

Screenshots:

How to remove the infection of XJR Antivirus (Adware.Win32.XJRAntivirus)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Tags: Rogue, XJRAntivirus
Posted in Malware Alerts, Removal Help | Comments Off

May 20

ByteDefender Adware Removal Instructions

The Emsisoft malware research team has discoverd a new outbreak of the ByteDefender adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.ByteDefender.

ByteDefender is a rogue security program. This is a new variant from Winiguard/Winisoft family. The author of ByteDefender also made SystemIron, SecurePcAv, SafePcAv, GuardWWW, MyPcSecure, PcSecureNet, PcsSecure, APcSafe, APcSecure, ProtectSoldier, ProtectDefender, ArmorDefender, DefendAPc, SysDefenders, InSysSecure, SysProtector, APcDefender, PcProtectar, PcsProtector,… etc. To further convince victim, SystemIron will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

%ProgramFiles%\ByteDefender Software\ByteDefender\ByteDefender.exe
%ProgramFiles%\ByteDefender Software\ByteDefender\Uninstall.exe
%ProgramFiles%\ByteDefender Software\ByteDefender\always_delete.xml
%ProgramFiles%\ByteDefender Software\ByteDefender\always_skip.xml
%ProgramFiles%\ByteDefender Software\ByteDefender\quarantine\quarantine.xml
%AllUsersProfile%\Start Menu\Programs\ByteDefender.lnk
%UserProfile%\Desktop\ByteDefender.lnk

Create new registry entries:

HKEY_LOCAL_MACHINE\software\ByteDefender
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\ByteDefender
HKEY_CURRENT_USER\software\ByteDefender
HKEY_CURRENT_USER\software\ByteDefender\agents
HKEY_CURRENT_USER\software\ByteDefender\general
HKEY_CURRENT_USER\software\ByteDefender\realtime
HKEY_CURRENT_USER\software\ByteDefender\scanner
HKEY_CURRENT_USER\software\ByteDefender\tasks
HKEY_CURRENT_USER\software\ByteDefender\tasks\0
HKEY_CURRENT_USER\software\ByteDefender\tasks\1
HKEY_CURRENT_USER\software\ByteDefender\updates
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “ByteDefender”
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “ByteDefender”

Screenshots:

How to remove the infection of ByteDefender (Adware.Win32.ByteDefender)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Tags: ByteDefender, Rogue
Posted in Malware Alerts, Removal Help | Comments Off

Categories

RECOMMENDATION

Archives

Meta

SysAntivirus Adware Removal Instructions

Security Master AV Adware Removal Instructions

Win Antispyware Center Adware Removal Instructions

XJR Antivirus Adware Removal Instructions

ByteDefender Adware Removal Instructions