Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Involuntary Shutdown [Solved]

Started by Triskelion , Aug 06 2012 05:31 PM

  • This topic is locked This topic is locked

#1
Triskelion
Posted 06 August 2012 - 05:31 PM

Triskelion

    Member

  • Member
  • PipPipPip
  • 663 posts
My friend's computer is getting the "System will shut down in 60 seconds" message when he boots up.
If I boot in safemode then I can keep it open long enough to compete an OTL scan.

Here is the OTL log;

OTL logfile created on: 2012-08-06 5:20:45 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\rhan125205\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

1.97 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 79.17% Memory free
3.82 Gb Paging File | 3.66 Gb Available in Paging File | 95.92% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.66 Gb Total Space | 4.34 Gb Free Space | 4.03% Space Free | Partition Type: NTFS
Drive D: | 223.42 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 4.12 Gb Total Space | 0.72 Gb Free Space | 17.45% Space Free | Partition Type: FAT32
Drive F: | 238.50 Mb Total Space | 237.86 Mb Free Space | 99.73% Space Free | Partition Type: FAT

Computer Name: A101062 | User Name: rhan125205 | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-08-06 16:22:08 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\rhan125205\Desktop\OTL.exe
PRC - [2011-02-04 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
PRC - [2008-04-13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012-05-27 12:53:31 | 000,056,320 | -H-- | M] () -- C:\WINDOWS\system32\krnlstat.dll
MOD - [2012-05-20 08:58:34 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\xromnop.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe /McCoreSvc -- (MSK80Service)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McProxy)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McNASvc)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McNaiAnn)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (mcmscsvc)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe /McCoreSvc -- (McMPFSvc)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\LMIC.tmp\LMI_Rescue_srv.exe -- (LMIRescue_77e8d014-e780-4195-af98-cc8585ca6a01)
SRV - [2012-06-14 19:57:57 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011-12-06 17:25:42 | 000,150,856 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2011-12-06 17:21:24 | 000,160,608 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011-12-06 17:21:08 | 000,166,288 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011-10-18 16:59:54 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011-02-04 20:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2011-02-04 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2011-01-28 12:28:50 | 000,203,080 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\McAfee\MSC\McAWFwk.exe -- (McAWFwk)
SRV - [2010-09-19 06:02:14 | 000,023,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe -- (CrmSqlStartupSvc)
SRV - [2010-01-07 14:38:18 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010-01-07 14:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010-01-07 14:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009-09-22 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2008-04-13 18:12:36 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\hamachi.dll -- (PCDRSRVC)
SRV - [2007-10-18 12:51:58 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2007-04-10 11:10:20 | 001,489,688 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS)
SRV - [2007-04-10 11:10:16 | 000,183,064 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv)
SRV - [2007-04-10 11:10:06 | 000,121,624 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS)
SRV - [2007-03-17 04:05:06 | 000,529,976 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\ThpSrv.exe -- (Thpsrv)
SRV - [2007-02-25 22:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006-11-13 00:11:00 | 000,136,736 | ---- | M] (Infineon Technologies AG) [Auto | Stopped] -- C:\WINDOWS\system32\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2006-10-04 22:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006-05-25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2005-12-14 11:00:32 | 000,126,976 | ---- | M] (TOSHIBA) [Auto | Stopped] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
SRV - [2005-01-17 02:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004-11-01 11:50:00 | 000,106,496 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe -- (awhost32)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011-10-15 12:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011-10-15 12:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011-10-15 12:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011-10-15 12:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011-10-15 12:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011-10-15 12:16:16 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011-10-15 12:16:16 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011-10-15 12:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011-10-15 12:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011-04-11 14:29:16 | 000,064,048 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\McPvDrv.sys -- (McPvDrv)
DRV - [2011-02-04 20:07:00 | 000,065,960 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2008-10-16 08:43:01 | 000,138,496 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\afd.sys -- (AFD)
DRV - [2008-05-30 10:46:52 | 000,104,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2007-09-04 01:14:06 | 000,006,528 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Thpevm.sys -- (Thpevm)
DRV - [2007-04-06 07:27:36 | 000,044,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI)
DRV - [2007-03-26 13:22:18 | 000,105,856 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2007-03-22 14:07:00 | 000,020,992 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\thpdrv.sys -- (Thpdrv)
DRV - [2007-03-12 05:32:40 | 004,486,144 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007-02-24 16:05:24 | 002,203,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)
DRV - [2007-02-22 16:10:30 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007-02-21 10:16:12 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007-02-19 13:15:32 | 000,134,016 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\trudf.sys -- (trudf)
DRV - [2007-02-15 17:44:06 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TVALZ.SYS -- (TVALZ)
DRV - [2007-01-24 00:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2006-12-12 11:34:22 | 000,039,080 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\psd.sys -- (PersonalSecureDrive)
DRV - [2006-11-28 01:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006-11-02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006-10-23 17:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006-09-19 06:28:00 | 000,036,608 | R--- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2006-05-05 17:00:02 | 000,013,568 | ---- | M] (UPEK Inc.) [File_System | Auto | Stopped] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys -- (FdRedir)
DRV - [2006-05-05 16:59:52 | 000,033,024 | ---- | M] (UPEK Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys -- (FileDisk2)
DRV - [2006-05-05 16:33:04 | 000,003,456 | ---- | M] (UPEK Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\Protector Suite QL\smihlp.sys -- (smihlp)
DRV - [2004-08-03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004-06-16 10:08:48 | 000,005,888 | ---- | M] (Toshiba Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E)
DRV - [2004-05-08 06:38:06 | 000,101,833 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004-03-05 12:52:22 | 000,008,368 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\awechomd.sys -- (awecho)
DRV - [2003-11-17 18:06:48 | 000,011,165 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AWLEGACY.sys -- (awlegacy)
DRV - [2003-10-23 09:32:20 | 000,016,984 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AW_HOST5.sys -- (AW_HOST)
DRV - [2003-07-23 03:44:18 | 000,018,848 | ---- | M] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\MLPTDR_Q.SYS -- (MLPTDR_Q)
DRV - [2003-04-21 12:00:32 | 000,013,898 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\GERNUWA.sys -- (Gernuwa)
DRV - [2003-01-29 00:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002-01-24 13:43:40 | 000,006,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tbiosdrv.sys -- (TBiosDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EA 08 BB C0 72 87 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7RNTN_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009-03-25 13:52:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012-03-23 17:26:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2012-03-23 17:24:14 | 000,000,000 | ---D | M]


Hosts file not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Reg Error: Value error.) - {74B92A3B-E4FB-40F4-83E4-1B8D7C9F64B0} - C:\WINDOWS\system32\fastsrch.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Afaria Client Event Monitor] C:\Program Files\afaria\Bin\XCMonitor.exe File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [atchk] C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation)
O4 - HKLM..\Run: [CB6.exe] C:\Program Files\Internet Explorer\A1A4\CB6.exe File not found
O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()
O4 - HKLM..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe (TOSHIBA)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [Map GRPS] C:\WINDOWS\System32\net.exe (Microsoft Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McPvTray_exe] C:\Program Files\McAfee\MAT\McPvTray.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSCRM] c:\Program Files\Microsoft Dynamics CRM\Client\ConfigWizard\CrmForOutlookInstaller.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRotateSysTray] C:\WINDOWS\System32\nvsysrot.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [sadtxy] C:\Documents and Settings\rhan125205\Local Settings\Temp\sadtxy.dll ()
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [ThpSrv] C:\WINDOWS\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE (TOSHIBA)
O4 - HKLM..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE (TOSHIBA)
O4 - HKLM..\Run: [TOSDCR] C:\WINDOWS\System32\TOSDCR.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSODDCtl] C:\WINDOWS\System32\TPSODDCtl.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [uigcnc] C:\Documents and Settings\rhan125205\Local Settings\Temp\uigcnc.dll (DT Soft Ltd)
O4 - HKLM..\Run: [upshet] C:\Documents and Settings\NetworkService\Application Data\upshet.dll (DT Soft Ltd)
O4 - HKLM..\Run: [wlwmst] C:\WINDOWS\TEMP\wlwmst.dll (DT Soft Ltd.)
O4 - HKLM..\Run: [WMEncSourcePluginWrapper] C:\Documents and Settings\NetworkService\Local Settings\Application Data\WMEncSourcePluginWrapper\WMEncSourcePluginWrapper.exe (tttt Corporation)
O4 - HKLM..\Run: [WMTFormatConversion] C:\Program Files\Common Files\WMT\WMTFormatConversion.exe (tttt Corporation)
O4 - HKCU..\Run: [271946150] C:\Documents and Settings\rhan125205\Local Settings\Application Data\sbt.exe File not found
O4 - HKCU..\Run: [DSF-DFS Updates Installation] C:\Nodesys\MAJ\ExemajLauncher.exe (DSF)
O4 - HKCU..\Run: [Inspector] C:\Documents and Settings\rhan125205\Application Data\Protector-xcvg.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://www.avdlext.com/iNotes6W.cab (iNotes6 Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1285687280921 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1285687272828 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} https://www2.gotomee...ets/g2mdlax.cab (GoToMeeting Web Starter)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://www.avdlext.com/dwa7W.cab (Domino Web Access 7 Control)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://mwmus.webex....bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 75.153.176.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7C43BD0-3005-4259-8402-3607F658C774}: DhcpNameServer = 192.168.1.254 75.153.176.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\elo {00EC3410-15A6-11D2-A1EF-00A0249C4CB1} - C:\Program Files\Eloquent\440\System\EloProtDLL.dll ()
O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\WINDOWS\System32\vrlogon.dll (UPEK Inc.)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\rhan125205\Application Data\42DA7\07EA1.exe) - File not found
O20 - Winlogon\Notify\PCANotify: DllName - (PCANotify.dll) - C:\WINDOWS\System32\PCANotify.dll (Symantec Corporation)
O20 - Winlogon\Notify\psfus: DllName - (psqlpwd.dll) - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\xromnop: DllName - (C:\Documents and Settings\NetworkService\Local Settings\Application Data\xromnop.dll) - C:\Documents and Settings\NetworkService\Local Settings\Application Data\xromnop.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\rhan125205\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\rhan125205\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\_avp32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\_avpcc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\_avpm.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\~1.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\~2.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\a.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\aAvgApi.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AAWTray.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\About.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ackwin32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\adaware.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Ad-Aware.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\advxdwin.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AdwarePrj.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\agent.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\agentsvr.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\agentw.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\alertsvc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\alevir.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\alogserv.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AlphaAV: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AlphaAV.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AluSchedulerSvc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\amon9x.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AntispywarXP2009.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\anti-trojan.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Anti-Virus Professional.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\antivirus.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AntiVirus_Pro.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AntivirusPlus: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AntivirusPlus.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AntivirusPro_2010.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AntivirusXP: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AntivirusXP.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\antivirusxppro2009.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ants.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\apimonitor.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\aplica32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\apvxdwin.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\arr.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashAvast.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashBug.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashChest.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashCnsnt.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashDisp.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashLogV.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashMaiSv.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashPopWz.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashQuick.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashServ.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashSimp2.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashSimpl.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashSkPcc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashSkPck.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashUpd.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashWebSv.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\aswChLic.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\aswRegSvr.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\aswRunDll.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\aswUpdSv.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\atcon.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\atguard.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\atro55en.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\atupdater.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\atwatch.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\au.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\aupdate.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\autodown.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\auto-protect.nav80try.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\autotrace.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\autoupdate.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\av360.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avadmin.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avastSvc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avastUI.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AVCare.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avcenter.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avciman.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avconfig.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avconsol.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ave32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AVENGINE.EXE: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgcc32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgchk.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgcmgr.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgcsrvx.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgctrl.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgdumpx.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgemc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgiproxy.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgnsx.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgnt.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgrsx.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgscanx.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgserv.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgserv9.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgsrmax.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgtray.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avguard.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgui.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgupd.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgw.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgwdsvc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avkpop.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avkserv.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avkservice.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avkwctl9.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avltmain.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avmailc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avmcdlg.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avnotify.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avnt.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avp32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avpcc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avpdos32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avpm.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avptc32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avpupd.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avsched32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avshadow.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avsynmgr.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avupgsvc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AVWEBGRD.EXE: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avwin.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avwin95.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avwinnt.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avwsc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avwupd.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avwupd32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avwupsrv.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avxmonitor9x.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avxmonitornt.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avxquar.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\b.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\backweb.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bargains.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bd_professional.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bdfvcl.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bdfvwiz.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\BDInProcPatch.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bdmcon.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\BDMsnScan.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\BDSurvey.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\beagle.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\belt.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bidef.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bidserver.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bipcp.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bipcpevalsetup.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bisp.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\blackd.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\blackice.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\blink.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\blss.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bootconf.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bootwarn.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\borg2.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bpc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\brasil.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\brastk.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\brw.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bs120.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bspatch.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bundle.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bvt.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\c.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cavscan.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ccapp.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ccevtmgr.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ccpxysvc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ccSvcHst.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cdp.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfd.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfgwiz.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfiadmin.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfiaudit.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfinet.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfinet32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfp.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfpconfg.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfplogvw.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfpupdat.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\claw95.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\claw95cf.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\clean.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cleaner.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cleaner3.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cleanIELow.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cleanpc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\click.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cmd32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cmdagent.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cmesys.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cmgrdian.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cmon016.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\connectionmonitor.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\control: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cpd.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cpf9x206.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cpfnt206.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\crashrep.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\csc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cssconfg.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cssupdat.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cssurf.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ctrl.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cv.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cwnb181.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cwntdwmo.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\d.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\datemanager.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dcomx.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\defalert.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\defscangui.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\defwatch.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\deloeminfs.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\deputy.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\divx.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dllcache.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dllreg.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\doors.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dop.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dpf.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dpfsetup.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dpps2.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\driverctrl.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\drwatson.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\drweb32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\drwebupw.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dssagent.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dvp95.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dvp95_0.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ecengine.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\efpeadm.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\emsw.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ent.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\esafe.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\escanhnt.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\escanv95.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\espwatch.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ethereal.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\etrustcipe.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\evpn.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\exantivirus-cnet.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\exe.avxw.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\expert.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\explore.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fact.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\f-agnt95.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fameh32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fast.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fch32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fih32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\findviru.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\firewall.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fixcfg.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fixfp.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fnrb32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fprot.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\f-prot.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\f-prot95.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fp-win.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fp-win_trial.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\frmwrk32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\frw.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsaa.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsav.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsav32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsav530stbyb.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsav530wtbyb.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsav95.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsgk32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsm32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsma32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsmb32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\f-stopw.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\gator.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\gav.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\gbmenu.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\gbn976rl.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\gbpoll.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\generics.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\gmt.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\guard.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\guarddog.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\guardgui.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hacktracersetup.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hbinst.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hbsrv.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\History.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\homeav2010.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hotactio.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hotpatch.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\htlog.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\htpatch.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hwpe.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hxdl.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hxiul.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\iamapp.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\iamserv.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\iamstats.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ibmasn.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ibmavsp.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\icload95.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\icloadnt.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\icmon.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\icsupp95.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\icsuppnt.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Identity.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\idle.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\iedll.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\iedriver.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\IEShow.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\iface.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ifw2000.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\inetlnfo.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\infus.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\infwin.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\init.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\init32.exe : Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\install[1].exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\install[2].exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\install[3].exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\install[4].exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\install[5].exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\intdel.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\intren.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\iomon98.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\istsvc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\jammer.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\jdbgmrg.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\jedi.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\JsRcGen.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\kavlite40eng.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\kavpers40eng.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\kavpf.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\kazza.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\keenvalue.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\kerio-pf-213-en-win.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\kerio-wrl-421-en-win.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\kerio-wrp-421-en-win.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\killprocesssetup161.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ldnetmon.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ldpro.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ldpromenu.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ldscan.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\licmgr.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\lnetinfo.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\loader.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\localnet.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\lockdown.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\lockdown2000.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\lookout.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\lordpe.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\lsetup.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\luall.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\luau.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\lucomserver.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\luinit.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\luspt.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\MalwareRemoval.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mapisvc32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcagent.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcmnhdlr.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcmscsvc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcnasvc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcproxy.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\McSACore.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcshell.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcshield.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcsysmon.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mctool.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcupdate.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcvsrte.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcvsshld.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\md.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mfin32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mfw2en.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mfweng3.02d30.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mgavrtcl.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mgavrte.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mghtml.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mgui.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\minilog.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mmod.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\monitor.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\moolive.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mostat.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mpfagent.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mpfservice.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\MPFSrv.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mpftray.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mrflux.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mrt.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msa.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msapp.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\MSASCui.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msbb.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msblast.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mscache.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msccn32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mscman.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msconfig: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msdm.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msdos.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msiexec16.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mslaugh.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msmgt.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msmsgri32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msseces.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mssmmc32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mssys.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msvxd.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mu0311ad.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mwatch.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\n32scanw.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nav.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navap.navapsvc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navapsvc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navapw32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navdx.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navlu32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navnt.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navstub.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navw32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navwnt.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nc2000.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ncinst4.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ndd32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\neomonitor.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\neowatchlog.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\netarmor.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\netd32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\netinfo.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\netmon.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\netscanpro.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\netspyhunter-1.2.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\netutils.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nisserv.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nisum.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nmain.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nod32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\normist.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\norton_internet_secu_3.0_407.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\notstart.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\npf40_tw_98_nt_me_2k.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\npfmessenger.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nprotect.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\npscheck.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\npssvc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nsched32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nssys32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nstask32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nsupdate.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nt.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ntrtscan.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ntvdm.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ntxconfig.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nui.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nupgrade.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nvarch16.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nvc95.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nvsvc32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nwinst4.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nwservice.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nwtool16.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\OAcat.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\OAhlp.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\OAReg.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\oasrv.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\oaui.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\oaview.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ODSW.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ollydbg.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\onsrvr.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\optimize.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ostronet.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\otfix.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\outpost.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\outpostinstall.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\outpostproinstall.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ozn695m5.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\padmin.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\panixk.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\patch.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pav.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pavcl.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PavFnSvr.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pavproxy.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pavprsrv.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pavsched.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pavsrv51.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pavw.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PC_Antispyware2010.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pccwin98.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pcfwallicon.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pcip10117_0.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pcscan.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pctsAuxs.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pctsGui.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pctsSvc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pctsTray.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pdfndr.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pdsetup.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PerAvir.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\periscope.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\persfw.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\personalguard: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\personalguard.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\perswf.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pf2.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pfwadmin.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pgmonitr.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pingscan.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\platin.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pop3trap.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\poproxy.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\popscan.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\portdetective.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\portmonitor.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\powerscan.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ppinupdt.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pptbc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ppvstop.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\prizesurfer.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\prmt.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\prmvr.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\procdump.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\processmonitor.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\procexplorerv1.0.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\programauditor.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\proport.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\protector.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\protectx.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PSANCU.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PSANHost.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PSANToManager.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PsCtrls.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PsImSvc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PskSvc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pspf.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PSUNMain.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\purge.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\qconsole.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\qh.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\qserver.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Quick Heal.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\QuickHealCleaner.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rapapp.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rav7.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rav7win.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rav8win32eng.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ray.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rb32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rcsync.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\realmon.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\reged.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\regedt32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rescue.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rescue32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rrguard.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rscdwld.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rshell.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rtvscan.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rtvscn95.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rulaunch.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rwg: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rwg.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\SafetyKeeper.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\safeweb.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sahagent.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Save.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\SaveArmor.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\SaveDefense.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\SaveKeep.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\savenow.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sbserv.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\scam32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\scan32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\scan95.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\scanpm.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\scrscan.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Secure Veteran.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\secureveteran.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Security Center.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\SecurityFighter.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\securitysoldier.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\serv95.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\setloadorder.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\setup_flowprotector_us.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\setupvameeval.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sgssfw32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sh.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\shellspyinstall.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\shield.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\shn.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\showbehind.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\signcheck.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\smart.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\smartprotector.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\smc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\smrtdefp.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sms.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\smss32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\snetcfg.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\soap.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sofi.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\SoftSafeness.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sperm.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\spf.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sphinx.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\spoler.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\spoolcv.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\spoolsv32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\spywarexpguard.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\spyxx.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\srexe.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\srng.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ss3edit.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ssg_4104.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ssgrate.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\st2.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\start.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\stcloader.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\supftrl.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\support.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\supporter5.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\svc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\svchostc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\svchosts.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\svshost.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sweep95.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sweepnet.sweepsrv.sys.swnetsup.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\symlcsvc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\symproxysvc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\symtray.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\system.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\system32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sysupd.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tapinstall.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\taumon.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tbscan.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tca.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tcm.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tds2-98.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tds2-nt.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tds-3.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\teekids.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tfak.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tfak5.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tgbob.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\titanin.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\titaninxp.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\TPSrv.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\trickler.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\trjscan.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\trjsetup.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\trojantrap3.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\TrustWarrior.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tsadbot.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tsc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tvmd.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tvtmd.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\undoboot.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\updat.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\upgrad.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\utpost.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vbcmserv.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vbcons.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vbust.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vbwin9x.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vbwinntw.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vcsetup.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vet32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vet95.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vettray.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vfsetup.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vir-help.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\virusmdpersonalfirewall.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\VisthAux.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\VisthLic.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\VisthUpd.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vnlan300.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vnpc3000.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vpc32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vpc42.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vpfw30s.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vptray.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vscan40.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vscenu6.02d30.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vsched.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vsecomr.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vshwin32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vsisetup.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vsmain.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vsmon.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vsstat.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vswin9xe.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vswinntse.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vswinperse.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\w32dsm89.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\W3asbas.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\w9x.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\watchdog.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\webdav.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\WebProxy.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\webscanx.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\webtrap.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wfindv32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\whoswatchingme.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wimmun32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\win32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\win32us.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winactive.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winav.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\win-bugsfix.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\windll32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\window.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\windows Police Pro.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\windows.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wininetd.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wininitx.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winlogin.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winmain.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winppr32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winrecon.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winservn.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winssk32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winstart.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winstart001.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wintsk32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winupdate.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wkufind.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wnad.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wnt.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wradmin.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wrctrl.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wsbgate.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wscfxas.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wscfxav.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wscfxfw.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wsctool.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wupdater.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wupdt.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wyvernworksfirewall.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\xp_antispyware.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\xpdeluxe.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\xpf202en.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\zapro.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\zapsetup3001.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\zatutor.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\zonalm2601.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\zonealarm.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-04-22 14:17:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011-02-11 14:23:16 | 000,000,045 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{2c86e5f5-51f4-11df-a42f-001f3b435e47}\Shell - "" = AutoRun
O33 - MountPoints2\{2c86e5f5-51f4-11df-a42f-001f3b435e47}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2c86e5f5-51f4-11df-a42f-001f3b435e47}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O33 - MountPoints2\{35b319ad-3bb3-11dd-a193-001f3b435e47}\Shell - "" = AutoRun
O33 - MountPoints2\{35b319ad-3bb3-11dd-a193-001f3b435e47}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{35b319ad-3bb3-11dd-a193-001f3b435e47}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O33 - MountPoints2\{6f06a365-303c-11df-a409-001f3b435e47}\Shell - "" = AutoRun
O33 - MountPoints2\{6f06a365-303c-11df-a409-001f3b435e47}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6f06a365-303c-11df-a409-001f3b435e47}\Shell\AutoRun\command - "" = F:\Foresight.exe
O33 - MountPoints2\{71a8f23b-90f6-11df-a496-001f3b435e47}\Shell - "" = AutoRun
O33 - MountPoints2\{71a8f23b-90f6-11df-a496-001f3b435e47}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{71a8f23b-90f6-11df-a496-001f3b435e47}\Shell\AutoRun\command - "" = F:\laucher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: dianrsm - (C:\WINDOWS\system32\krnlstat.dll) - C:\WINDOWS\system32\krnlstat.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-08-06 16:57:33 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\rhan125205\Desktop\OTL.exe
[2012-08-06 16:24:43 | 000,000,000 | R-SD | C] -- C:\Documents and Settings\rhan125205\My Documents\My Safe
[2012-06-02 08:40:39 | 000,131,584 | -HS- | C] (DT Soft Ltd) -- C:\Documents and Settings\NetworkService\Application Data\upshet.dll
[64 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[32 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[21 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-08-06 17:12:24 | 000,573,888 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-08-06 17:12:24 | 000,114,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-08-06 17:08:28 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-08-06 17:08:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-08-06 17:06:17 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012-08-06 17:03:00 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B04F67C6-07AC-4498-B692-D587CE7560AA}.job
[2012-08-06 17:00:58 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012-08-06 17:00:30 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2012-08-06 17:00:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2012-08-06 16:25:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012-08-06 16:22:08 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\rhan125205\Desktop\OTL.exe
[2012-07-23 20:00:01 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2012-07-23 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[64 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[32 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[21 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-06-17 12:10:13 | 000,438,272 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\hwgqca.exe
[2012-06-15 20:01:00 | 000,303,616 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\pcusxg.exe
[2012-05-27 20:41:37 | 000,000,076 | ---- | C] () -- C:\Documents and Settings\rhan125205\Local Settings\Application Data\A101062.cfg
[2012-05-27 19:16:11 | 000,381,952 | ---- | C] () -- C:\Documents and Settings\rhan125205\Local Settings\Application Data\pndxxi.exe
[2012-05-27 12:53:31 | 000,056,320 | -H-- | C] () -- C:\WINDOWS\System32\krnlstat.dll
[2012-05-27 12:53:09 | 000,381,952 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\mmrdfdqrw.exe
[2012-05-27 12:51:23 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\fastsrch.dll
[2012-05-21 13:17:10 | 000,093,696 | ---- | C] () -- C:\Documents and Settings\rhan125205\Local Settings\Application Data\{c3131f86-0aed-77e5-ce7e-7f7775ca1ffe}\L\80000032.@
[2012-05-21 13:07:12 | 000,232,960 | ---- | C] () -- C:\Documents and Settings\rhan125205\Local Settings\Application Data\{c3131f86-0aed-77e5-ce7e-7f7775ca1ffe}\U\00000008.@
[2012-05-21 13:07:10 | 000,092,160 | ---- | C] () -- C:\Documents and Settings\rhan125205\Local Settings\Application Data\{c3131f86-0aed-77e5-ce7e-7f7775ca1ffe}\U\80000032.@
[2012-05-21 13:07:10 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\rhan125205\Local Settings\Application Data\{c3131f86-0aed-77e5-ce7e-7f7775ca1ffe}\L\00000004.@
[2012-05-21 13:07:00 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\rhan125205\Local Settings\Application Data\{c3131f86-0aed-77e5-ce7e-7f7775ca1ffe}\U\80000000.@
[2012-05-21 13:06:58 | 000,002,048 | ---- | C] () -- C:\Documents and Settings\rhan125205\Local Settings\Application Data\{c3131f86-0aed-77e5-ce7e-7f7775ca1ffe}\U\00000004.@
[2012-05-21 13:06:58 | 000,001,632 | ---- | C] () -- C:\Documents and Settings\rhan125205\Local Settings\Application Data\{c3131f86-0aed-77e5-ce7e-7f7775ca1ffe}\U\000000cb.@
[2012-05-20 08:58:34 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\xromnop.dll
[2012-05-02 18:37:34 | 000,087,552 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe
[2012-03-22 18:08:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\rhan125205\Application Data\result.db
[2012-03-22 18:08:25 | 001,824,768 | ---- | C] () -- C:\Documents and Settings\rhan125205\Application Data\Protector-xcvg.exe
[2011-09-04 11:15:07 | 000,001,444 | -HS- | C] () -- C:\Documents and Settings\rhan125205\Local Settings\Application Data\hk4rmndv2048bm77p2u14bmahl7um167t57115w881ij
[2011-09-04 11:15:07 | 000,001,444 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\hk4rmndv2048bm77p2u14bmahl7um167t57115w881ij
[2011-09-04 11:15:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\rhan125205\Local Settings\Application Data\qlea.exe
[2011-09-04 11:15:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\fafx.exe
[2011-09-04 11:15:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vgqk.exe
[2011-09-04 11:15:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\rhan125205\Local Settings\Application Data\uagu.exe
[2011-09-04 11:15:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\rhan125205\Local Settings\Application Data\rjry.exe
[2011-09-04 11:15:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pdii.exe
[2011-09-04 11:15:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\otwk.exe
[2011-09-04 11:15:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\rhan125205\Local Settings\Application Data\lewg.exe
[2011-08-19 22:06:57 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\rhan125205\.pr_stat_data
[2011-08-19 21:59:21 | 000,000,032 | ---- | C] () -- C:\WINDOWS\FDPV.INI
[2011-08-19 21:59:21 | 000,000,011 | ---- | C] () -- C:\WINDOWS\FDPV_AD.INI
[2011-03-31 06:49:01 | 000,347,109 | ---- | C] () -- C:\WINDOWS\uninstall Washing2.exe
[2011-03-31 06:37:05 | 000,347,109 | ---- | C] () -- C:\WINDOWS\uninstall Washing1.exe
[2011-03-31 06:35:13 | 000,347,109 | ---- | C] () -- C:\WINDOWS\uninstall Washingt.exe
[2011-02-25 13:01:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iireport49.INI
[2011-02-25 13:01:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iireport45.INI
[2011-02-25 12:57:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\IIREPO~4.INI
[2010-09-17 10:47:23 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\rhan125205\Local Settings\Application Data\fusioncache.dat
[2010-04-16 08:01:02 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\rhan125205\Local Settings\Application Data\keyfile3.drm
[2010-04-07 14:41:03 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2008-11-27 14:15:58 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\rhan125205\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-09-10 08:46:16 | 000,149,504 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2008-05-30 09:38:11 | 000,000,620 | RHS- | C] () -- C:\Documents and Settings\rhan125205\ntuser.pol
[2008-01-24 13:27:28 | 000,002,134 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2007-04-22 13:43:56 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\rhan125205\Local Settings\Application Data\{c3131f86-0aed-77e5-ce7e-7f7775ca1ffe}\@

========== LOP Check ==========

[2012-05-27 12:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F4D55F3E000435DB0002FB71D151FC4E
[2008-01-25 13:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon
[2008-12-26 14:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma
[2009-06-04 15:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Marlin
[2010-04-16 12:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NewspaperDirect
[2011-11-16 16:31:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012-03-22 18:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rhan125205\Application Data\42DA7
[2009-09-10 08:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rhan125205\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008-01-25 13:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rhan125205\Application Data\Infineon
[2010-05-22 07:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rhan125205\Application Data\InterVideo
[2010-04-16 12:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rhan125205\Application Data\NewspaperDirect
[2010-09-29 06:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rhan125205\Application Data\PriceGong
[2008-01-24 14:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rhan125205\Application Data\Protector Suite
[2007-04-22 15:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rhan125205\Application Data\toshiba
[2011-11-16 16:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rhan125205\Application Data\Uniblue
[2010-03-30 10:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rhan125205\Application Data\webex
[2010-09-28 10:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rhan125205\Application Data\Windows Desktop Search
[2010-11-30 21:25:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rhan125205\Application Data\Windows Search
[2012-06-02 03:00:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\Afaria.job
[2012-06-02 00:45:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2012-07-01 09:00:44 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2012-06-24 10:00:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2012-06-24 11:00:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2012-06-24 12:00:09 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2012-06-02 13:01:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2012-07-07 14:02:45 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2012-06-23 15:00:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2012-07-02 16:01:34 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2012-08-06 17:00:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2012-07-02 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2012-06-02 01:00:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2012-07-02 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2012-07-23 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2012-06-22 21:00:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2012-06-01 22:00:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2012-06-01 23:00:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2012-06-02 00:12:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2012-06-02 01:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2012-06-02 02:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2012-06-02 03:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2012-06-02 04:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2012-06-02 02:01:23 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2012-06-02 05:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2012-06-02 06:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2012-06-02 07:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2012-07-01 08:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2012-07-01 09:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2012-06-24 10:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2012-06-24 11:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2012-06-24 12:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2012-06-02 13:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2012-07-07 14:00:20 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2012-06-02 03:00:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2012-06-23 15:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2012-07-02 16:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2012-08-06 17:00:30 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2012-07-02 18:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2012-07-02 19:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2012-07-23 20:00:01 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2012-06-22 21:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2012-06-01 22:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2012-06-01 23:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2012-06-02 04:00:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2012-06-02 05:00:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2012-06-02 06:00:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2012-06-02 07:00:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2012-07-01 08:01:43 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2011-04-02 11:43:04 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\Security Platform Backup Schedule.job
[2012-08-06 17:03:00 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B04F67C6-07AC-4498-B692-D587CE7560AA}.job

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB40006$] -> -> Unknown point type

< End of report >

Here is the Extras Log;

OTL Extras logfile created on: 2012-08-06 5:20:45 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\rhan125205\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

1.97 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 79.17% Memory free
3.82 Gb Paging File | 3.66 Gb Available in Paging File | 95.92% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.66 Gb Total Space | 4.34 Gb Free Space | 4.03% Space Free | Partition Type: NTFS
Drive D: | 223.42 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 4.12 Gb Total Space | 0.72 Gb Free Space | 17.45% Space Free | Partition Type: FAT32
Drive F: | 238.50 Mb Total Space | 237.86 Mb Free Space | 99.73% Space Free | Partition Type: FAT

Computer Name: A101062 | User Name: rhan125205 | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 1
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\afaria\Bin\XcListener.exe" = C:\Program Files\afaria\Bin\XcListener.exe:*:Enabled:Afaria Client Listener
"C:\WINDOWS\LMI3.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI3.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\Program Files\Sony\Reader\Data\bin\eBook Library.exe" = C:\Program Files\Sony\Reader\Data\bin\eBook Library.exe:*:Enabled:eBook Library -- (Sony Corporation)
"C:\WINDOWS\LMI17.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI17.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\WINDOWS\LMI18.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI18.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\WINDOWS\LMI1F.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI1F.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\WINDOWS\LMI1.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI1.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\Program Files\Microsoft Dynamics CRM\Client\res\web\bin\Microsoft.Crm.Application.Hoster.exe" = C:\Program Files\Microsoft Dynamics CRM\Client\res\web\bin\Microsoft.Crm.Application.Hoster.exe:*:Enabled:Microsoft CRM Web Service Hoster -- (Microsoft Corporation)
"C:\WINDOWS\LMI10.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI10.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\WINDOWS\LMI1E.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI1E.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\WINDOWS\LMI9.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI9.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\WINDOWS\LMI35.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI35.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\WINDOWS\LMIA.tmp\lmi_rescue.exe" = C:\WINDOWS\LMIA.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\WINDOWS\LMI108.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI108.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\WINDOWS\LMI171.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI171.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\WINDOWS\LMIB.tmp\lmi_rescue.exe" = C:\WINDOWS\LMIB.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\WINDOWS\LMI11C.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI11C.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\WINDOWS\LMI85.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI85.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\WINDOWS\LMI58.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI58.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\WINDOWS\LMI126.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI126.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\WINDOWS\LMI89.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI89.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\WINDOWS\LMI2A.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI2A.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\WINDOWS\LMI3B.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI3B.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue -- (LogMeIn, Inc.)
"C:\Program Files\Symantec\pcAnywhere\awhost32.exe" = C:\Program Files\Symantec\pcAnywhere\awhost32.exe:*:Enabled:pcAnywhere Host -- (Symantec Corporation)
"C:\WINDOWS\LMI115.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI115.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\WINDOWS\LMI3E.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI3E.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\WINDOWS\LMI5A.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI5A.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue -- (LogMeIn, Inc.)
"C:\WINDOWS\LMI45.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI45.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\WINDOWS\LMI2E.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI2E.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\WINDOWS\LMI44.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI44.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\WINDOWS\LMI19.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI19.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\Documents and Settings\rhan125205\Local Settings\Temp\LMIR0001.tmp\lmi_rescue.exe" = C:\Documents and Settings\rhan125205\Local Settings\Temp\LMIR0001.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue -- (LogMeIn, Inc.)
"C:\Desjardins\Accueil\accueil.exe" = C:\Desjardins\Accueil\accueil.exe:*:Enabled:Desjardins Fusion -- (Desjardins Sécurité financière)
"C:\Desjardins\RENTE\MAX.exe" = C:\Desjardins\RENTE\MAX.exe:*:Enabled:Desjardins Rente/Annuity -- (AVDL)
"C:\Documents and Settings\rhan125205\Local Settings\Temp\LMIR0004.tmp\lmi_rescue.exe" = C:\Documents and Settings\rhan125205\Local Settings\Temp\LMIR0004.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\Documents and Settings\rhan125205\Local Settings\Temp\LMIR0005.tmp\lmi_rescue.exe" = C:\Documents and Settings\rhan125205\Local Settings\Temp\LMIR0005.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue -- (LogMeIn, Inc.)
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host
"C:\WINDOWS\TEMP\eofhqs\setup.exe" = C:\WINDOWS\TEMP\eofhqs\setup.exe:*:Enabled:setup -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{01A1F818-FB64-4DBE-BB03-C3DCDBA19368}" = Lotus Notes 6.5.5
"{0867AFE1-3469-11D7-8193-0010B5BCE08C}" = ABF / FNA
"{08B31070-171E-11D6-BECF-000629F77048}" = MenuFusion
"{09064D50-FF4A-407C-9B13-15B9D231EBA2}" = RegimeRetraiteIndividuel
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AE17B00-31FA-11D6-BED9-000629F77048}" = Avantage d'Or / Golden Edge
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{10895847-3460-11D7-8193-0010B5BCE08C}" = Zone retraite / Retirement zone
"{115E8183-866A-11D3-97DF-0000F8D8F2E9}" = Symantec pcAnywhere
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{12CAA28E-56CA-4C3D-B3F2-7311540DD410}" = TurboTax 2011
"{140E70E0-0846-11D3-8189-000629690678}" = Data Refresh Insurance and Funds (Part A - Vb6) - DO NOT REMOVE
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}" = TOSHIBA Security Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F8077B0-587A-4C78-9A12-A022E1519B4D}" = RepartitionActif
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24AE6B5B-3D5A-488C-9224-1BEE11F75DD9}" = TurboTax 2010
"{24FC0EEC-A7AD-4B12-B7A5-F99E2B4C4E1C}" = JBIG Image Viewer Plug-In
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 23
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (CRM)
"{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}" = Zune Language Pack (DE)
"{3B8D9FA4-745C-47C9-962D-4ABE6ACE136B}" = TOSHIBA Mobile Extension3
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CB028EF-5512-45F0-870A-CF98FCB6C271}" = DSF Client pour Outlook
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer
"{40EC6323-497B-44DA-8A88-74578622D9B3}" = Zune Language Pack (IT)
"{4323A3CF-D66F-46BC-AD16-B94D7BF05CF1}" = TOSHIBA Dual Pointing Device Utility
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AC23178-EEBC-4BAF-8CC0-AB15C8897AC9}" = Log Parser 2.2
"{4F937EE8-09DA-40D7-BDE2-1AC842160809}" = Lanceur d'installsheild
"{539D63C6-4EF4-4B9E-9926-85053F119171}" = Microsoft Dynamics CRM 4.0 for Microsoft Office Outlook
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E994A95-9388-4D10-8E68-54B8CBF894D3}" = Microsoft Application Error Reporting
"{62BFB4C2-8C4E-4D91-BD7D-81C06EAAC3C0}" = Windows Rights Management Client with Service Pack 2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{698C92A9-66A7-11D6-8178-0010B5BCE08C}" = Presentations
"{6AF5CAB9-FD0A-494F-8AA6-784D4B5D06C5}" = Microsoft Baseline Security Analyzer 2.1
"{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}" = QuickTime
"{71D74FCD-8DB9-4BEB-9C9D-1D19F2E02AE3}" = Microsoft Report Viewer Redistributable 2005
"{737629F4-4111-4FD4-9071-29873B7C6426}" = Protector Suite 5.4
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7CF6604E-BCB8-4B5F-A1CC-1E6DA0C60151}" = MSXML
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B705ED7-A86B-4895-9955-BA80E0B3F40B}" = Calculatrice Financière / Invest
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{912CED74-88D3-4C5B-ACB0-13231864975D}" = PressReader
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACBDDE2-DD2D-4103-8ECE-D1A9F7F03D1A}" = TOSHIBA Power Saver
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9CC826E7-4848-4CB2-A3F6-A24356CAB464}" = PRS-505 User's Guide
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}" = PRS-500 USB driver
"{A2335A5E-CC61-466B-A208-D8314001D997}" = Infineon TPM Professional Package
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A52FD2D4-9AB2-43B1-8DC7-49A26724F3AF}" = Manulife - Concepts
"{A5B48A19-F319-6BFB-82DE-A18ED1087221}" = Acrobat.com
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BBF5493A-05FB-4449-90DE-84A61EB78154}" = TOSHIBA SD Memory Boot Utility
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
"{C239BCD7-882A-478F-A5CF-DDEB074A4291}" = eBook Library by Sony
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DA9294A5-0A4E-11D9-81F5-00B0D075DF5C}" = DVXP
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DE723887-712F-499D-8B82-5A1EC8F46062}" = SetupCrystalReports
"{E008BEB1-AB63-46C1-BD3D-08D3A1F8E26D}" = McAfee Agent
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FE1B0626-2CF2-11D6-BBD6-005004CD1EA0}" = Visual Basic system files
"75070B1806113224B16C70296B90DD1AD8A53479" = Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"CAIFA Resource Library 1.0" = CAIFA Resource Library 1.0
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"EloquentPresenter4440" = Eloquent Presenter! v4.4.0.151
"GLGI CRA Responder 2009" = GLGI CRA Responder 2009
"HECI" = Intel® Management Engine Interface
"HP-LaserJet 1020 series" = LaserJet 1020 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"InstallShield_{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
"InstallShield_{9ACBDDE2-DD2D-4103-8ECE-D1A9F7F03D1A}" = TOSHIBA Power Saver
"InstallShield_{9DA03FFD-4592-4C64-BAB6-5104567B737D}" = Zoom Installation Package
"InstallShield_{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"KONICA MINOLTA PagePro 1350W" = KONICA MINOLTA PagePro 1350W
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.5 (Symantec Corporation)
"MESOL" = Intel® Active Management Technology Device Software
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OrderReminder HP LaserJet 1020" = OrderReminder HP LaserJet 1020
"ProInst" = Intel® PROSet/Wireless Software
"PROR" = Microsoft Office Professional 2007
"PROSet" = Intel® Network Connections Drivers
"RealPlayer 6.0" = RealPlayer
"TDspBtn" = TOSHIBA Display Devices Change Utility
"TFNF5" = TOSHIBA Hotkey Utility for Display Devices
"TME" = Uninstall for TOSHIBA Mobile Extension3
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"Washington, DC #1" = Washington, DC #1
"Washington, DC #2" = Washington, DC #2
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.5.0.457

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2012-08-06 6:48:26 PM | Computer Name = A101062 | Source = nview_info | ID = 11141121
Description =

Error - 2012-08-06 6:51:42 PM | Computer Name = A101062 | Source = Winlogon | ID = 1015
Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with
status code 5. The machine must now be restarted.

Error - 2012-08-06 6:53:55 PM | Computer Name = A101062 | Source = Intel® AMT | ID = 2002
Description = [UNS] Failed to subscribe to local Intel® AMT.

Error - 2012-08-06 6:54:00 PM | Computer Name = A101062 | Source = Intel® AMT | ID = 2002
Description = [UNS] Failed to subscribe to local Intel® AMT.

Error - 2012-08-06 6:57:55 PM | Computer Name = A101062 | Source = Winlogon | ID = 1015
Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with
status code 5. The machine must now be restarted.

Error - 2012-08-06 6:59:52 PM | Computer Name = A101062 | Source = Intel® AMT | ID = 2002
Description = [UNS] Failed to subscribe to local Intel® AMT.

Error - 2012-08-06 7:02:28 PM | Computer Name = A101062 | Source = nview_info | ID = 11141121
Description =

Error - 2012-08-06 7:04:07 PM | Computer Name = A101062 | Source = Winlogon | ID = 1015
Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with
status code 5. The machine must now be restarted.

Error - 2012-08-06 7:06:21 PM | Computer Name = A101062 | Source = Intel® AMT | ID = 2002
Description = [UNS] Failed to subscribe to local Intel® AMT.

Error - 2012-08-06 7:06:26 PM | Computer Name = A101062 | Source = Intel® AMT | ID = 2002
Description = [UNS] Failed to subscribe to local Intel® AMT.

[ System Events ]
Error - 2012-08-06 7:09:43 PM | Computer Name = A101062 | Source = Service Control Manager | ID = 7001
Description = The McAfee Validation Trust Protection Service service depends on
the McAfee Inc. mfehidk service which failed to start because of the following error:
%%31

Error - 2012-08-06 7:09:43 PM | Computer Name = A101062 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 2012-08-06 7:09:43 PM | Computer Name = A101062 | Source = Service Control Manager | ID = 7001
Description = The McAfee McShield service depends on the McAfee Validation Trust
Protection Service service which failed to start because of the following error:
%%1068

Error - 2012-08-06 7:09:43 PM | Computer Name = A101062 | Source = Service Control Manager | ID = 7001
Description = The McAfee Firewall Core Service service depends on the McAfee Validation
Trust Protection Service service which failed to start because of the following
error: %%1068

Error - 2012-08-06 7:09:43 PM | Computer Name = A101062 | Source = Service Control Manager | ID = 7001
Description = The McAfee Anti-Spam Service service depends on the McAfee Firewall
Core Service service which failed to start because of the following error: %%1068

Error - 2012-08-06 7:09:43 PM | Computer Name = A101062 | Source = Service Control Manager | ID = 7001
Description = The McAfee Personal Firewall Service service depends on the McAfee
Firewall Core Service service which failed to start because of the following error:
%%1068

Error - 2012-08-06 7:09:43 PM | Computer Name = A101062 | Source = Service Control Manager | ID = 7001
Description = The McAfee Network Agent service depends on the McAfee Firewall Core
Service service which failed to start because of the following error: %%1068

Error - 2012-08-06 7:09:43 PM | Computer Name = A101062 | Source = Service Control Manager | ID = 7001
Description = The McAfee Proxy Service service depends on the McAfee Firewall Core
Service service which failed to start because of the following error: %%1068

Error - 2012-08-06 7:09:43 PM | Computer Name = A101062 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD awlegacy AW_HOST Fips intelppm IPSec mfehidk MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip TMEI3E

Error - 2012-08-06 7:27:53 PM | Computer Name = A101062 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

[ WebConfigManagerLo Events ]
Error - 2012-08-06 6:48:26 PM | Computer Name = A101062 | Source = nview_info | ID = 11141121
Description =

Error - 2012-08-06 6:51:42 PM | Computer Name = A101062 | Source = Winlogon | ID = 1015
Description =

Error - 2012-08-06 6:53:55 PM | Computer Name = A101062 | Source = Intel® AMT | ID = 2002
Description =

Error - 2012-08-06 6:54:00 PM | Computer Name = A101062 | Source = Intel® AMT | ID = 2002
Description =

Error - 2012-08-06 6:57:55 PM | Computer Name = A101062 | Source = Winlogon | ID = 1015
Description =

Error - 2012-08-06 6:59:52 PM | Computer Name = A101062 | Source = Intel® AMT | ID = 2002
Description =

Error - 2012-08-06 7:02:28 PM | Computer Name = A101062 | Source = nview_info | ID = 11141121
Description =

Error - 2012-08-06 7:04:07 PM | Computer Name = A101062 | Source = Winlogon | ID = 1015
Description =

Error - 2012-08-06 7:06:21 PM | Computer Name = A101062 | Source = Intel® AMT | ID = 2002
Description =

Error - 2012-08-06 7:06:26 PM | Computer Name = A101062 | Source = Intel® AMT | ID = 2002
Description =


< End of report >
  • 0

Advertisements

#2
CompCav
Posted 08 August 2012 - 03:11 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Hi, Triskelion! Posted ImageMy nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.


Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.

Step 1.


If you cannot access the internet on the infected machine in safe mode with networking, please do this step. If you can access the internet then go on to step 2.

Panda Vaccine




  • Please download Panda USB Vaccine (you must provide valid e-mail and they will send you download link to this e-mail address) to your desktop.
  • Install and run the program.

  • Double-click on the file USBVaccine.zip located on your desktop.
  • A file viewer will open. Double-click on the file USBVaccineSetup.exe. Please select Yes if you are asked if you want to allow the program to make changes to the computer.
  • Follow the steps on screen to install the program on your computer.

  • Plug in your USB drive and click on Vaccinate USB and Vaccinate Computer.

Now download the following tools to the USB flash drive:

RogueKiller

aswMBR

Combofix


You will need to insert the USB drive in the infected computer and copy the tool to the desktop instead of download as instructed in the next steps.


Step 2.

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
  • Note: If RogueKiller will not run please try it several times, if it still does not run rename it winlogon.com and try it several times.
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on ShortcutsFix

    Posted Image
  • The report has been created on the desktop.

Please post:

All RKreport.txt text files located on your desktop.


Step 3.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Reg Error: Value error.) - {74B92A3B-E4FB-40F4-83E4-1B8D7C9F64B0} - C:\WINDOWS\system32\fastsrch.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKLM..\Run: [CB6.exe] C:\Program Files\Internet Explorer\A1A4\CB6.exe File not found
O4 - HKLM..\Run: [uigcnc] C:\Documents and Settings\rhan125205\Local Settings\Temp\uigcnc.dll (DT Soft Ltd)
O4 - HKLM..\Run: [upshet] C:\Documents and Settings\NetworkService\Application Data\upshet.dll (DT Soft Ltd)
O4 - HKLM..\Run: [wlwmst] C:\WINDOWS\TEMP\wlwmst.dll (DT Soft Ltd.)
O4 - HKCU..\Run: [271946150] C:\Documents and Settings\rhan125205\Local Settings\Application Data\sbt.exe File not found
O4 - HKCU..\Run: [DSF-DFS Updates Installation] C:\Nodesys\MAJ\ExemajLauncher.exe (DSF)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\rhan125205\Application Data\42DA7\07EA1.exe) - File not found
O20 - Winlogon\Notify\xromnop: DllName - (C:\Documents and Settings\NetworkService\Local Settings\Application Data\xromnop.dll) - C:\Documents and Settings\NetworkService\Local Settings\Application Data\xromnop.dll ()
O27 - HKLM IFEO\_avp32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\_avpcc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\_avpm.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\~1.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\~2.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\a.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\aAvgApi.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AAWTray.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\About.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ackwin32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\adaware.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Ad-Aware.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\advxdwin.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AdwarePrj.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\agent.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\agentsvr.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\agentw.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\alertsvc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\alevir.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\alogserv.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AlphaAV: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AlphaAV.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AluSchedulerSvc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\amon9x.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AntispywarXP2009.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\anti-trojan.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Anti-Virus Professional.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\antivirus.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AntiVirus_Pro.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AntivirusPlus: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AntivirusPlus.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AntivirusPro_2010.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AntivirusXP: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AntivirusXP.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\antivirusxppro2009.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ants.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\apimonitor.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\aplica32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\apvxdwin.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\arr.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashAvast.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashBug.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashChest.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashCnsnt.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashDisp.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashLogV.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashMaiSv.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashPopWz.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashQuick.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashServ.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashSimp2.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashSimpl.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashSkPcc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashSkPck.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashUpd.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashWebSv.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\aswChLic.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\aswRegSvr.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\aswRunDll.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\aswUpdSv.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\atcon.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\atguard.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\atro55en.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\atupdater.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\atwatch.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\au.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\aupdate.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\autodown.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\auto-protect.nav80try.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\autotrace.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\autoupdate.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\av360.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avadmin.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avastSvc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avastUI.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AVCare.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avcenter.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avciman.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avconfig.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avconsol.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ave32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AVENGINE.EXE: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgcc32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgchk.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgcmgr.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgcsrvx.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgctrl.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgdumpx.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgemc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgiproxy.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgnsx.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgnt.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgrsx.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgscanx.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgserv.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgserv9.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgsrmax.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgtray.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avguard.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgui.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgupd.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgw.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgwdsvc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avkpop.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avkserv.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avkservice.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avkwctl9.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avltmain.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avmailc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avmcdlg.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avnotify.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avnt.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avp32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avpcc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avpdos32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avpm.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avptc32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avpupd.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avsched32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avshadow.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avsynmgr.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avupgsvc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AVWEBGRD.EXE: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avwin.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avwin95.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avwinnt.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avwsc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avwupd.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avwupd32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avwupsrv.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avxmonitor9x.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avxmonitornt.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avxquar.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\b.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\backweb.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bargains.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bd_professional.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bdfvcl.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bdfvwiz.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\BDInProcPatch.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bdmcon.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\BDMsnScan.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\BDSurvey.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\beagle.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\belt.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bidef.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bidserver.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bipcp.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bipcpevalsetup.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bisp.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\blackd.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\blackice.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\blink.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\blss.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bootconf.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bootwarn.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\borg2.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bpc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\brasil.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\brastk.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\brw.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bs120.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bspatch.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bundle.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bvt.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\c.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cavscan.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ccapp.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ccevtmgr.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ccpxysvc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ccSvcHst.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cdp.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfd.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfgwiz.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfiadmin.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfiaudit.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfinet.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfinet32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfp.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfpconfg.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfplogvw.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfpupdat.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\claw95.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\claw95cf.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\clean.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cleaner.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cleaner3.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cleanIELow.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cleanpc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\click.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cmd32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cmdagent.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cmesys.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cmgrdian.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cmon016.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\connectionmonitor.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\control: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cpd.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cpf9x206.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cpfnt206.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\crashrep.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\csc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cssconfg.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cssupdat.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cssurf.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ctrl.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cv.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cwnb181.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cwntdwmo.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\d.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\datemanager.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dcomx.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\defalert.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\defscangui.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\defwatch.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\deloeminfs.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\deputy.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\divx.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dllcache.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dllreg.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\doors.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dop.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dpf.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dpfsetup.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dpps2.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\driverctrl.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\drwatson.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\drweb32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\drwebupw.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dssagent.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dvp95.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dvp95_0.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ecengine.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\efpeadm.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\emsw.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ent.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\esafe.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\escanhnt.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\escanv95.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\espwatch.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ethereal.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\etrustcipe.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\evpn.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\exantivirus-cnet.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\exe.avxw.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\expert.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\explore.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fact.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\f-agnt95.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fameh32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fast.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fch32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fih32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\findviru.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\firewall.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fixcfg.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fixfp.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fnrb32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fprot.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\f-prot.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\f-prot95.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fp-win.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fp-win_trial.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\frmwrk32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\frw.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsaa.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsav.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsav32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsav530stbyb.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsav530wtbyb.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsav95.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsgk32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsm32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsma32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsmb32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\f-stopw.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\gator.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\gav.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\gbmenu.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\gbn976rl.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\gbpoll.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\generics.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\gmt.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\guard.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\guarddog.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\guardgui.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hacktracersetup.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hbinst.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hbsrv.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\History.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\homeav2010.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hotactio.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hotpatch.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\htlog.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\htpatch.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hwpe.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hxdl.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hxiul.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\iamapp.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\iamserv.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\iamstats.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ibmasn.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ibmavsp.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\icload95.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\icloadnt.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\icmon.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\icsupp95.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\icsuppnt.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Identity.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\idle.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\iedll.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\iedriver.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\IEShow.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\iface.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ifw2000.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\inetlnfo.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\infus.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\infwin.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\init.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\init32.exe : Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\install[1].exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\install[2].exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\install[3].exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\install[4].exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\install[5].exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\intdel.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\intren.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\iomon98.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\istsvc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\jammer.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\jdbgmrg.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\jedi.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\JsRcGen.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\kavlite40eng.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\kavpers40eng.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\kavpf.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\kazza.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\keenvalue.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\kerio-pf-213-en-win.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\kerio-wrl-421-en-win.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\kerio-wrp-421-en-win.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\killprocesssetup161.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ldnetmon.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ldpro.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ldpromenu.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ldscan.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\licmgr.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\lnetinfo.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\loader.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\localnet.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\lockdown.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\lockdown2000.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\lookout.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\lordpe.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\lsetup.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\luall.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\luau.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\lucomserver.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\luinit.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\luspt.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\MalwareRemoval.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mapisvc32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcagent.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcmnhdlr.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcmscsvc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcnasvc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcproxy.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\McSACore.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcshell.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcshield.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcsysmon.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mctool.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcupdate.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcvsrte.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcvsshld.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\md.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mfin32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mfw2en.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mfweng3.02d30.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mgavrtcl.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mgavrte.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mghtml.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mgui.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\minilog.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mmod.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\monitor.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\moolive.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mostat.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mpfagent.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mpfservice.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\MPFSrv.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mpftray.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mrflux.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mrt.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msa.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msapp.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\MSASCui.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msbb.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msblast.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mscache.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msccn32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mscman.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msconfig: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msdm.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msdos.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msiexec16.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mslaugh.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msmgt.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msmsgri32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msseces.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mssmmc32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mssys.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msvxd.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mu0311ad.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mwatch.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\n32scanw.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nav.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navap.navapsvc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navapsvc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navapw32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navdx.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navlu32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navnt.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navstub.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navw32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navwnt.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nc2000.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ncinst4.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ndd32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\neomonitor.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\neowatchlog.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\netarmor.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\netd32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\netinfo.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\netmon.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\netscanpro.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\netspyhunter-1.2.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\netutils.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nisserv.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nisum.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nmain.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nod32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\normist.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\norton_internet_secu_3.0_407.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\notstart.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\npf40_tw_98_nt_me_2k.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\npfmessenger.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nprotect.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\npscheck.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\npssvc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nsched32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nssys32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nstask32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nsupdate.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nt.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ntrtscan.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ntvdm.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ntxconfig.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nui.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nupgrade.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nvarch16.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nvc95.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nvsvc32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nwinst4.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nwservice.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nwtool16.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\OAcat.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\OAhlp.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\OAReg.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\oasrv.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\oaui.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\oaview.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ODSW.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ollydbg.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\onsrvr.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\optimize.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ostronet.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\otfix.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\outpost.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\outpostinstall.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\outpostproinstall.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ozn695m5.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\padmin.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\panixk.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\patch.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pav.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pavcl.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PavFnSvr.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pavproxy.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pavprsrv.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pavsched.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pavsrv51.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pavw.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PC_Antispyware2010.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pccwin98.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pcfwallicon.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pcip10117_0.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pcscan.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pctsAuxs.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pctsGui.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pctsSvc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pctsTray.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pdfndr.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pdsetup.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PerAvir.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\periscope.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\persfw.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\personalguard: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\personalguard.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\perswf.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pf2.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pfwadmin.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pgmonitr.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pingscan.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\platin.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pop3trap.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\poproxy.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\popscan.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\portdetective.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\portmonitor.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\powerscan.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ppinupdt.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pptbc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ppvstop.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\prizesurfer.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\prmt.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\prmvr.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\procdump.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\processmonitor.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\procexplorerv1.0.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\programauditor.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\proport.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\protector.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\protectx.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PSANCU.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PSANHost.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PSANToManager.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PsCtrls.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PsImSvc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PskSvc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pspf.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PSUNMain.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\purge.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\qconsole.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\qh.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\qserver.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Quick Heal.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\QuickHealCleaner.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rapapp.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rav7.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rav7win.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rav8win32eng.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ray.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rb32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rcsync.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\realmon.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\reged.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\regedt32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rescue.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rescue32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rrguard.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rscdwld.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rshell.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rtvscan.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rtvscn95.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rulaunch.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rwg: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rwg.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\SafetyKeeper.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\safeweb.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sahagent.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Save.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\SaveArmor.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\SaveDefense.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\SaveKeep.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\savenow.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sbserv.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\scam32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\scan32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\scan95.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\scanpm.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\scrscan.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Secure Veteran.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\secureveteran.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Security Center.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\SecurityFighter.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\securitysoldier.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\serv95.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\setloadorder.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\setup_flowprotector_us.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\setupvameeval.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sgssfw32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sh.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\shellspyinstall.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\shield.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\shn.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\showbehind.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\signcheck.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\smart.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\smartprotector.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\smc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\smrtdefp.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sms.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\smss32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\snetcfg.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\soap.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sofi.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\SoftSafeness.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sperm.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\spf.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sphinx.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\spoler.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\spoolcv.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\spoolsv32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\spywarexpguard.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\spyxx.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\srexe.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\srng.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ss3edit.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ssg_4104.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ssgrate.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\st2.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\start.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\stcloader.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\supftrl.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\support.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\supporter5.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\svc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\svchostc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\svchosts.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\svshost.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sweep95.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sweepnet.sweepsrv.sys.swnetsup.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\symlcsvc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\symproxysvc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\symtray.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\system.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\system32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sysupd.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tapinstall.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\taumon.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tbscan.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tca.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tcm.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tds2-98.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tds2-nt.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tds-3.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\teekids.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tfak.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tfak5.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tgbob.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\titanin.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\titaninxp.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\TPSrv.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\trickler.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\trjscan.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\trjsetup.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\trojantrap3.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\TrustWarrior.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tsadbot.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tsc.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tvmd.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tvtmd.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\undoboot.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\updat.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\upgrad.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\utpost.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vbcmserv.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vbcons.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vbust.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vbwin9x.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vbwinntw.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vcsetup.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vet32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vet95.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vettray.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vfsetup.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vir-help.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\virusmdpersonalfirewall.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\VisthAux.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\VisthLic.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\VisthUpd.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vnlan300.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vnpc3000.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vpc32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vpc42.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vpfw30s.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vptray.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vscan40.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vscenu6.02d30.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vsched.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vsecomr.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vshwin32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vsisetup.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vsmain.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vsmon.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vsstat.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vswin9xe.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vswinntse.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vswinperse.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\w32dsm89.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\W3asbas.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\w9x.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\watchdog.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\webdav.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\WebProxy.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\webscanx.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\webtrap.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wfindv32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\whoswatchingme.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wimmun32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\win32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\win32us.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winactive.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winav.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\win-bugsfix.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\windll32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\window.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\windows Police Pro.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\windows.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wininetd.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wininitx.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winlogin.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winmain.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winppr32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winrecon.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winservn.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winssk32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winstart.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winstart001.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wintsk32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winupdate.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wkufind.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wnad.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wnt.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wradmin.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wrctrl.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wsbgate.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wscfxas.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wscfxav.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wscfxfw.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wsctool.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wupdater.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wupdt.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wyvernworksfirewall.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\xp_antispyware.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\xpdeluxe.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\xpf202en.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\zapro.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\zapsetup3001.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\zatutor.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\zonalm2601.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\zonealarm.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O33 - MountPoints2\{2c86e5f5-51f4-11df-a42f-001f3b435e47}\Shell - "" = AutoRun
O33 - MountPoints2\{2c86e5f5-51f4-11df-a42f-001f3b435e47}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2c86e5f5-51f4-11df-a42f-001f3b435e47}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O33 - MountPoints2\{35b319ad-3bb3-11dd-a193-001f3b435e47}\Shell - "" = AutoRun
O33 - MountPoints2\{35b319ad-3bb3-11dd-a193-001f3b435e47}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{35b319ad-3bb3-11dd-a193-001f3b435e47}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O33 - MountPoints2\{6f06a365-303c-11df-a409-001f3b435e47}\Shell - "" = AutoRun
O33 - MountPoints2\{6f06a365-303c-11df-a409-001f3b435e47}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6f06a365-303c-11df-a409-001f3b435e47}\Shell\AutoRun\command - "" = F:\Foresight.exe
O33 - MountPoints2\{71a8f23b-90f6-11df-a496-001f3b435e47}\Shell - "" = AutoRun
O33 - MountPoints2\{71a8f23b-90f6-11df-a496-001f3b435e47}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{71a8f23b-90f6-11df-a496-001f3b435e47}\Shell\AutoRun\command - "" = F:\laucher.exe
O36 - AppCertDlls: dianrsm - (C:\WINDOWS\system32\krnlstat.dll) - C:\WINDOWS\system32\krnlstat.dll ()
[2012-08-06 17:06:17 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012-06-17 12:10:13 | 000,438,272 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\hwgqca.exe
[2012-06-15 20:01:00 | 000,303,616 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\pcusxg.exe
[2012-05-27 20:41:37 | 000,000,076 | ---- | C] () -- C:\Documents and Settings\rhan125205\Local Settings\Application Data\A101062.cfg
[2012-05-27 19:16:11 | 000,381,952 | ---- | C] () -- C:\Documents and Settings\rhan125205\Local Settings\Application Data\pndxxi.exe
[2012-05-27 12:53:31 | 000,056,320 | -H-- | C] () -- C:\WINDOWS\System32\krnlstat.dll
[2012-05-27 12:53:09 | 000,381,952 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\mmrdfdqrw.exe
[2012-05-27 12:51:23 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\fastsrch.dll
[2012-05-20 08:58:34 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\xromnop.dll
[2012-05-02 18:37:34 | 000,087,552 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe
[2012-03-22 18:08:25 | 001,824,768 | ---- | C] () -- C:\Documents and Settings\rhan125205\Application Data\Protector-xcvg.exe
[2011-09-04 11:15:07 | 000,001,444 | -HS- | C] () -- C:\Documents and Settings\rhan125205\Local Settings\Application Data\hk4rmndv2048bm77p2u14bmahl7um167t57115w881ij
[2011-09-04 11:15:07 | 000,001,444 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\hk4rmndv2048bm77p2u14bmahl7um167t57115w881ij
[2011-09-04 11:15:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\rhan125205\Local Settings\Application Data\qlea.exe
[2011-09-04 11:15:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\fafx.exe
[2011-09-04 11:15:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vgqk.exe
[2011-09-04 11:15:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\rhan125205\Local Settings\Application Data\uagu.exe
[2011-09-04 11:15:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\rhan125205\Local Settings\Application Data\rjry.exe
[2011-09-04 11:15:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pdii.exe
[2011-09-04 11:15:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\otwk.exe
[2011-09-04 11:15:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\rhan125205\Local Settings\Application Data\lewg.exe



:files
ipconfig /flushdns /c
C:\WINDOWS\tasks\At*.job
C:\Documents and Settings\rhan125205\Local Settings\Application Data\{c3131f86-0aed-77e5-ce7e-7f7775ca1ffe}



:reg


:Commands
[purity]
[resethosts]
[emptytemp]
[createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 3.

Try to reboot into normal mode, if you can go on with downloading and running ComboFix.

If you still cannot stay in normal mode run Combofix from there just make sure that when Combofix reboots that you are there to put the computer back in safe mode for it to finish after it reboots.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. This infection will require a reboot to correct so make sure these are turned off and will not turn back on at reboot. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    Posted Image
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" for further review.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If you cannot connect to the internet or have other issues after ComboFix completes, simply reboot the computer.


Step 4.

Please post:

All RKreport.txt logs
OTL fix log
Combofix.txt


Also give me an update on the current issues with the computer.
  • 0

#3
Triskelion
Posted 08 August 2012 - 11:40 PM

Triskelion

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 663 posts
Thanks CompCav. Here's where we are at...

RKreport1:

RogueKiller V7.6.5 [08/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode
User: rhan125205 [Admin rights]
Mode: Scan -- Date: 08/08/2012 22:43:06

¤¤¤ Bad processes: 2 ¤¤¤
[ZeroAccess] n -- c:\windows\system32\n -> UNLOADED
[SVCHOST] svchost.exe -- C:\WINDOWS\System32\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 830 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : 271946150 (C:\Documents and Settings\rhan125205\Local Settings\Application Data\sbt.exe) -> FOUND
[SUSP PATH] HKCU\[...]\Run : Inspector (C:\Documents and Settings\rhan125205\Application Data\Protector-xcvg.exe) -> FOUND
[BLACKLIST DLL] HKLM\[...]\Run : uigcnc (rundll32.exe "C:\DOCUME~1\RHAN12~1\LOCALS~1\Temp\uigcnc.dll",CompileShader) -> FOUND
[BLACKLIST DLL] HKLM\[...]\Run : sadtxy (rundll32.exe "C:\DOCUME~1\RHAN12~1\LOCALS~1\Temp\sadtxy.dll",CreateFontIndirectA) -> FOUND
[BLACKLIST DLL] HKLM\[...]\Run : wlwmst (rundll32.exe "C:\WINDOWS\TEMP\wlwmst.dll",MessageBoxChecked) -> FOUND
[SUSP PATH] HKLM\[...]\Run : WMEncSourcePluginWrapper ("C:\Documents and Settings\NetworkService\Local Settings\Application Data\WMEncSourcePluginWrapper\WMEncSourcePluginWrapper.exe" /y) -> FOUND
[BLACKLIST DLL] HKLM\[...]\Run : upshet (rundll32.exe "C:\Documents and Settings\NetworkService\Application Data\upshet.dll",SteamAPI_UnregisterCallback) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-3563514748-568730901-2704639424-1014[...]\Run : 271946150 (C:\Documents and Settings\rhan125205\Local Settings\Application Data\sbt.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-3563514748-568730901-2704639424-1014[...]\Run : Inspector (C:\Documents and Settings\rhan125205\Application Data\Protector-xcvg.exe) -> FOUND
[SUSP PATH] HKUS\.DEFAULT[...]\RunOnce : F4D55F3E000435DB0002FB71D151FC4E (C:\Documents and Settings\All Users\Application Data\F4D55F3E000435DB0002FB71D151FC4E\F4D55F3E000435DB0002FB71D151FC4E.exe) -> FOUND
[SUSP PATH] HKUS\.DEFAULT[...]\RunOnce : pcusxg (C:\DOCUME~1\NETWOR~1\LOCALS~1\APPLIC~1\pcusxg.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-18[...]\RunOnce : F4D55F3E000435DB0002FB71D151FC4E (C:\Documents and Settings\All Users\Application Data\F4D55F3E000435DB0002FB71D151FC4E\F4D55F3E000435DB0002FB71D151FC4E.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-18[...]\RunOnce : pcusxg (C:\DOCUME~1\NETWOR~1\LOCALS~1\APPLIC~1\pcusxg.exe) -> FOUND
[SUSP PATH] HKCU\[...]\Winlogon : Shell (explorer.exe,C:\Documents and Settings\rhan125205\Application Data\42DA7\07EA1.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-3563514748-568730901-2704639424-1014[...]\Winlogon : Shell (explorer.exe,C:\Documents and Settings\rhan125205\Application Data\42DA7\07EA1.exe) -> FOUND
[SUSP PATH] At16.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> FOUND
[SUSP PATH] At15.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> FOUND
[SUSP PATH] At14.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> FOUND
[SUSP PATH] At13.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> FOUND
[SUSP PATH] At12.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> FOUND
[SUSP PATH] At11.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> FOUND
[SUSP PATH] At10.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> FOUND
[SUSP PATH] At1.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> FOUND
[SUSP PATH] At25.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> FOUND
[SUSP PATH] At24.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> FOUND
[SUSP PATH] At23.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> FOUND
[SUSP PATH] At22.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> FOUND
[SUSP PATH] At21.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> FOUND
[SUSP PATH] At20.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> FOUND
[SUSP PATH] At2.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> FOUND
[SUSP PATH] At19.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> FOUND
[SUSP PATH] At18.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> FOUND
[SUSP PATH] At17.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> FOUND
[SUSP PATH] At34.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> FOUND
[SUSP PATH] At33.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> FOUND
[SUSP PATH] At32.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> FOUND
[SUSP PATH] At31.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> FOUND
[SUSP PATH] At30.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> FOUND
[SUSP PATH] At3.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> FOUND
[SUSP PATH] At29.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> FOUND
[SUSP PATH] At28.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> FOUND
[SUSP PATH] At27.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> FOUND
[SUSP PATH] At26.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> FOUND
[SUSP PATH] At43.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> FOUND
[SUSP PATH] At42.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> FOUND
[SUSP PATH] At41.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> FOUND
[SUSP PATH] At40.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> FOUND
[SUSP PATH] At4.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> FOUND
[SUSP PATH] At39.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> FOUND
[SUSP PATH] At38.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> FOUND
[SUSP PATH] At37.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> FOUND
[SUSP PATH] At36.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> FOUND
[SUSP PATH] At35.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> FOUND
[SUSP PATH] At9.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> FOUND
[SUSP PATH] At8.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> FOUND
[SUSP PATH] At7.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> FOUND
[SUSP PATH] At6.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> FOUND
[SUSP PATH] At5.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> FOUND
[SUSP PATH] At48.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> FOUND
[SUSP PATH] At47.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> FOUND
[SUSP PATH] At46.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> FOUND
[SUSP PATH] At45.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> FOUND
[SUSP PATH] At44.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : a.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : aAvgApi.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : AAWTray.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : About.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ackwin32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : Ad-Aware.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : adaware.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : advxdwin.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : AdwarePrj.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : agent.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : agentsvr.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : agentw.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : alertsvc.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : alevir.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : alogserv.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : AlphaAV (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : AlphaAV.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : AluSchedulerSvc.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : amon9x.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : anti-trojan.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : Anti-Virus Professional.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : AntispywarXP2009.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : antivirus.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : AntivirusPlus (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : AntivirusPlus.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : AntivirusPro_2010.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : AntivirusXP (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : AntivirusXP.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : antivirusxppro2009.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : AntiVirus_Pro.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ants.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : apimonitor.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : aplica32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : apvxdwin.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : arr.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ashAvast.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ashBug.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ashChest.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ashCnsnt.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ashDisp.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ashLogV.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ashMaiSv.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ashPopWz.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ashQuick.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ashServ.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ashSimp2.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ashSimpl.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ashSkPcc.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ashSkPck.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ashUpd.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ashWebSv.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : aswChLic.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : aswRegSvr.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : aswRunDll.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : aswUpdSv.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : atcon.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : atguard.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : atro55en.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : atupdater.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : atwatch.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : au.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : aupdate.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : auto-protect.nav80try.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : autodown.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : autotrace.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : autoupdate.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : av360.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avadmin.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avastSvc.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avastUI.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : AVCare.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avcenter.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avciman.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avconfig.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avconsol.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ave32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : AVENGINE.EXE (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avgcc32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avgchk.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avgcmgr.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avgcsrvx.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avgctrl.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avgdumpx.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avgemc.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avgiproxy.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avgnsx.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avgnt.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avgrsx.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avgscanx.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avgserv.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avgserv9.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avgsrmax.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avgtray.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avguard.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avgui.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avgupd.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avgw.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avgwdsvc.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avkpop.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avkserv.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avkservice.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avkwctl9.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avltmain.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avmailc.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avmcdlg.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avnotify.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avnt.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avp32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avpcc.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avpdos32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avpm.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avptc32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avpupd.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avsched32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avshadow.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avsynmgr.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avupgsvc.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : AVWEBGRD.EXE (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avwin.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avwin95.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avwinnt.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avwsc.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avwupd.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avwupd32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avwupsrv.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avxmonitor9x.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avxmonitornt.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avxquar.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : b.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : backweb.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : bargains.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : bdfvcl.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : bdfvwiz.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : BDInProcPatch.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : bdmcon.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : BDMsnScan.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : BDSurvey.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : bd_professional.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : beagle.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : belt.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : bidef.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : bidserver.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : bipcp.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : bipcpevalsetup.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : bisp.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : blackd.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : blackice.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : blink.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : blss.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : bootconf.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : bootwarn.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : borg2.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : bpc.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : brasil.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : brastk.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : brw.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : bs120.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : bspatch.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : bundle.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : bvt.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : c.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : cavscan.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ccapp.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ccevtmgr.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ccpxysvc.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ccSvcHst.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : cdp.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : cfd.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : cfgwiz.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : cfiadmin.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : cfiaudit.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : cfinet.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : cfinet32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : cfp.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : cfpconfg.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : cfplogvw.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : cfpupdat.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : claw95.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : claw95cf.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : clean.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : cleaner.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : cleaner3.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : cleanIELow.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : cleanpc.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : click.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : cmd32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : cmdagent.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : cmesys.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : cmgrdian.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : cmon016.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : connectionmonitor.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : control (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : cpd.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : cpf9x206.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : cpfnt206.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : crashrep.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : csc.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : cssconfg.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : cssupdat.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : cssurf.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ctrl.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : cv.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : cwnb181.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : cwntdwmo.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : d.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : datemanager.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : dcomx.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : defalert.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : defscangui.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : defwatch.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : deloeminfs.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : deputy.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : divx.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : dllcache.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : dllreg.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : doors.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : dop.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : dpf.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : dpfsetup.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : dpps2.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : driverctrl.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : drwatson.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : drweb32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : drwebupw.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : dssagent.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : dvp95.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : dvp95_0.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ecengine.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : efpeadm.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : emsw.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ent.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : esafe.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : escanhnt.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : escanv95.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : espwatch.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ethereal.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : etrustcipe.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : evpn.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : exantivirus-cnet.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : exe.avxw.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : expert.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : explore.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : f-agnt95.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : f-prot.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : f-prot95.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : f-stopw.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : fact.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : fameh32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : fast.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : fch32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : fih32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : findviru.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : firewall.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : fixcfg.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : fixfp.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : fnrb32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : fp-win.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : fp-win_trial.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : fprot.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : frmwrk32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : frw.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : fsaa.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : fsav.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : fsav32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : fsav530stbyb.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : fsav530wtbyb.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : fsav95.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : fsgk32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : fsm32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : fsma32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : fsmb32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : gator.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : gav.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : gbmenu.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : gbn976rl.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : gbpoll.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : generics.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : gmt.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : guard.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : guarddog.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : guardgui.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : hacktracersetup.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : hbinst.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : hbsrv.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : History.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : homeav2010.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : hotactio.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : hotpatch.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : htlog.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : htpatch.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : hwpe.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : hxdl.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : hxiul.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : iamapp.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : iamserv.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : iamstats.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ibmasn.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ibmavsp.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : icload95.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : icloadnt.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : icmon.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : icsupp95.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : icsuppnt.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : Identity.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : idle.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : iedll.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : iedriver.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : IEShow.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : iface.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ifw2000.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : inetlnfo.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : infus.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : infwin.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : init.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : init32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : install[1].exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : install[2].exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : install[3].exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : install[4].exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : install[5].exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : intdel.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : intren.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : iomon98.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : istsvc.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : jammer.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : jdbgmrg.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : jedi.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : JsRcGen.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : kavlite40eng.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : kavpers40eng.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : kavpf.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : kazza.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : keenvalue.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : kerio-pf-213-en-win.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : kerio-wrl-421-en-win.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : kerio-wrp-421-en-win.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : killprocesssetup161.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ldnetmon.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ldpro.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ldpromenu.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ldscan.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : licmgr.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : lnetinfo.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : loader.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : localnet.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : lockdown.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : lockdown2000.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : lookout.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : lordpe.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : lsetup.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : luall.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : luau.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : lucomserver.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : luinit.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : luspt.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : MalwareRemoval.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : mapisvc32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : mcagent.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : mcmnhdlr.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : mcmscsvc.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : mcnasvc.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : mcproxy.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : McSACore.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : mcshell.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : mcshield.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : mcsysmon.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : mctool.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : mcupdate.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : mcvsrte.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : mcvsshld.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : md.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : mfin32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : mfw2en.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : mfweng3.02d30.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : mgavrtcl.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : mgavrte.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : mghtml.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : mgui.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : minilog.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : mmod.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : monitor.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : moolive.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : mostat.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : mpfagent.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : mpfservice.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : MPFSrv.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : mpftray.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : mrflux.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : mrt.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : msa.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : msapp.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : MSASCui.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : msbb.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : msblast.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : mscache.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : msccn32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : mscman.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : msconfig (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : msdm.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : msdos.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : msiexec16.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : mslaugh.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : msmgt.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : msmsgri32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : msseces.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : mssmmc32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : mssys.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : msvxd.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : mu0311ad.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : mwatch.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : n32scanw.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : nav.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : navap.navapsvc.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : navapsvc.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : navapw32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : navdx.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : navlu32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : navnt.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : navstub.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : navw32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : navwnt.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : nc2000.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ncinst4.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ndd32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : neomonitor.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : neowatchlog.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : netarmor.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : netd32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : netinfo.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : netmon.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : netscanpro.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : netspyhunter-1.2.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : netutils.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : nisserv.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : nisum.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : nmain.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : nod32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : normist.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : norton_internet_secu_3.0_407.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : notstart.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : npf40_tw_98_nt_me_2k.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : npfmessenger.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : nprotect.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : npscheck.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : npssvc.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : nsched32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : nssys32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : nstask32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : nsupdate.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : nt.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ntrtscan.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ntvdm.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ntxconfig.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : nui.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : nupgrade.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : nvarch16.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : nvc95.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : nvsvc32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : nwinst4.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : nwservice.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : nwtool16.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : OAcat.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : OAhlp.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : OAReg.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : oasrv.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : oaui.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : oaview.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ODSW.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ollydbg.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : onsrvr.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : optimize.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ostronet.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : otfix.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : outpost.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : outpostinstall.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : outpostproinstall.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ozn695m5.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : padmin.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : panixk.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : patch.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : pav.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : pavcl.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : PavFnSvr.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : pavproxy.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : pavprsrv.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : pavsched.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : pavsrv51.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : pavw.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : pc.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : pccwin98.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : pcfwallicon.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : pcip10117_0.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : pcscan.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : pctsAuxs.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : pctsGui.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : pctsSvc.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : pctsTray.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : PC_Antispyware2010.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : pdfndr.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : pdsetup.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : PerAvir.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : periscope.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : persfw.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : personalguard (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : personalguard.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : perswf.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : pf2.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : pfwadmin.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : pgmonitr.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : pingscan.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : platin.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : pop3trap.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : poproxy.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : popscan.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : portdetective.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : portmonitor.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : powerscan.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ppinupdt.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : pptbc.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ppvstop.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : prizesurfer.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : prmt.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : prmvr.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : procdump.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : processmonitor.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : procexplorerv1.0.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : programauditor.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : proport.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : protector.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : protectx.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : PSANCU.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : PSANHost.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : PSANToManager.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : PsCtrls.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : PsImSvc.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : PskSvc.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : pspf.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : PSUNMain.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : purge.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : qconsole.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : qh.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : qserver.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : Quick Heal.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : QuickHealCleaner.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : rapapp.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : rav7.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : rav7win.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : rav8win32eng.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ray.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : rb32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : rcsync.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : realmon.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : reged.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : regedt32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : rescue.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : rescue32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : rrguard.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : rscdwld.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : rshell.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : rtvscan.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : rtvscn95.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : rulaunch.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : rwg (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : rwg.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : SafetyKeeper.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : safeweb.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : sahagent.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : Save.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : SaveArmor.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : SaveDefense.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : SaveKeep.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : savenow.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : sbserv.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : sc.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : scam32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : scan32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : scan95.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : scanpm.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : scrscan.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : Secure Veteran.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : secureveteran.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : Security Center.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : SecurityFighter.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : securitysoldier.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : serv95.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : setloadorder.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : setupvameeval.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : setup_flowprotector_us.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : sgssfw32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : sh.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : shellspyinstall.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : shield.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : shn.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : showbehind.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : signcheck.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : smart.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : smartprotector.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : smc.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : smrtdefp.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : sms.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : smss32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : snetcfg.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : soap.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : sofi.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : SoftSafeness.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : sperm.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : spf.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : sphinx.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : spoler.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : spoolcv.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : spoolsv32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : spywarexpguard.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : spyxx.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : srexe.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : srng.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ss3edit.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ssgrate.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ssg_4104.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : st2.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : start.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : stcloader.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : supftrl.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : support.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : supporter5.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : svc.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : svchostc.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : svchosts.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : svshost.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : sweep95.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : sweepnet.sweepsrv.sys.swnetsup.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : symlcsvc.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : symproxysvc.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : symtray.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : system.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : system32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : sysupd.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : tapinstall.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : taumon.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : tbscan.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : tc.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : tca.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : tcm.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : tds-3.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : tds2-98.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : tds2-nt.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : teekids.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : tfak.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : tfak5.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : tgbob.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : titanin.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : titaninxp.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : TPSrv.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : trickler.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : trjscan.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : trjsetup.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : trojantrap3.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : TrustWarrior.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : tsadbot.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : tsc.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : tvmd.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : tvtmd.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : undoboot.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : updat.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : upgrad.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : utpost.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : vbcmserv.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : vbcons.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : vbust.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : vbwin9x.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : vbwinntw.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : vcsetup.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : vet32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : vet95.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : vettray.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : vfsetup.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : vir-help.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : virusmdpersonalfirewall.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : VisthAux.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : VisthLic.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : VisthUpd.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : vnlan300.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : vnpc3000.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : vpc32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : vpc42.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : vpfw30s.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : vptray.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : vscan40.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : vscenu6.02d30.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : vsched.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : vsecomr.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : vshwin32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : vsisetup.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : vsmain.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : vsmon.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : vsstat.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : vswin9xe.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : vswinntse.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : vswinperse.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : w32dsm89.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : W3asbas.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : w9x.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : watchdog.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : webdav.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : WebProxy.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : webscanx.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : webtrap.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : wfindv32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : whoswatchingme.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : wimmun32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : win-bugsfix.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : win32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : win32us.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : winactive.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : winav.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : windll32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : window.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : windows Police Pro.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : windows.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : wininetd.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : wininitx.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : winlogin.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : winmain.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : winppr32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : winrecon.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : winservn.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : winssk32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : winstart.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : winstart001.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : wintsk32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : winupdate.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : wkufind.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : wnad.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : wnt.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : wradmin.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : wrctrl.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : wsbgate.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : wscfxas.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : wscfxav.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : wscfxfw.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : wsctool.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : wupdater.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : wupdt.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : wyvernworksfirewall.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : xpdeluxe.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : xpf202en.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : xp_antispyware.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : zapro.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : zapsetup3001.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : zatutor.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : zonalm2601.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : zonealarm.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : _avp32.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : _avpcc.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : _avpm.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ~1.exe (svchost.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ~2.exe (svchost.exe) -> FOUND
[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> FOUND
[SCRSV] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\WINDOWS\Washingt.scr) -> FOUND
[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Documents and Settings\rhan125205\Local Settings\Application Data\{c3131f86-0aed-77e5-ce7e-7f7775ca1ffe}\n.) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] n : c:\documents and settings\rhan125205\local settings\application data\{c3131f86-0aed-77e5-ce7e-7f7775ca1ffe}\n --> FOUND
[ZeroAccess][FILE] @ : c:\documents and settings\rhan125205\local settings\application data\{c3131f86-0aed-77e5-ce7e-7f7775ca1ffe}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\documents and settings\rhan125205\local settings\application data\{c3131f86-0aed-77e5-ce7e-7f7775ca1ffe}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\documents and settings\rhan125205\local settings\application data\{c3131f86-0aed-77e5-ce7e-7f7775ca1ffe}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac\desktop.ini --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤
[ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS542512K9SA00 +++++
--- User ---
[MBR] e52868cf7622caab71a66cc22ebe8ded
[BSP] 83375b27a0b6cce36851a58109a9db5c : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 110242 Mo
1 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 225777510 | Size: 4228 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: USB Flash Disk USB Device +++++
--- User ---
[MBR] 05e5d2d3291328e91643276c3dc9f6b3
[BSP] 30b44fa83a3a25131c00ee7508ea5e9a : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 513 | Size: 238 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt


RKreport2:

RogueKiller V7.6.5 [08/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode
User: rhan125205 [Admin rights]
Mode: Remove -- Date: 08/08/2012 22:45:13

¤¤¤ Bad processes: 2 ¤¤¤
[ZeroAccess] n -- c:\windows\system32\n -> UNLOADED
[SVCHOST] svchost.exe -- C:\WINDOWS\System32\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 825 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : 271946150 (C:\Documents and Settings\rhan125205\Local Settings\Application Data\sbt.exe) -> DELETED
[SUSP PATH] HKCU\[...]\Run : Inspector (C:\Documents and Settings\rhan125205\Application Data\Protector-xcvg.exe) -> DELETED
[BLACKLIST DLL] HKLM\[...]\Run : uigcnc (rundll32.exe "C:\DOCUME~1\RHAN12~1\LOCALS~1\Temp\uigcnc.dll",CompileShader) -> DELETED
[BLACKLIST DLL] HKLM\[...]\Run : sadtxy (rundll32.exe "C:\DOCUME~1\RHAN12~1\LOCALS~1\Temp\sadtxy.dll",CreateFontIndirectA) -> DELETED
[BLACKLIST DLL] HKLM\[...]\Run : wlwmst (rundll32.exe "C:\WINDOWS\TEMP\wlwmst.dll",MessageBoxChecked) -> DELETED
[SUSP PATH] HKLM\[...]\Run : WMEncSourcePluginWrapper ("C:\Documents and Settings\NetworkService\Local Settings\Application Data\WMEncSourcePluginWrapper\WMEncSourcePluginWrapper.exe" /y) -> DELETED
[BLACKLIST DLL] HKLM\[...]\Run : upshet (rundll32.exe "C:\Documents and Settings\NetworkService\Application Data\upshet.dll",SteamAPI_UnregisterCallback) -> DELETED
[SUSP PATH] HKUS\.DEFAULT[...]\RunOnce : F4D55F3E000435DB0002FB71D151FC4E (C:\Documents and Settings\All Users\Application Data\F4D55F3E000435DB0002FB71D151FC4E\F4D55F3E000435DB0002FB71D151FC4E.exe) -> DELETED
[SUSP PATH] HKUS\.DEFAULT[...]\RunOnce : pcusxg (C:\DOCUME~1\NETWOR~1\LOCALS~1\APPLIC~1\pcusxg.exe) -> DELETED
[SUSP PATH] HKCU\[...]\Winlogon : Shell (explorer.exe,C:\Documents and Settings\rhan125205\Application Data\42DA7\07EA1.exe) -> DELETED
[SUSP PATH] At16.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> DELETED
[SUSP PATH] At15.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> DELETED
[SUSP PATH] At14.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> DELETED
[SUSP PATH] At13.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> DELETED
[SUSP PATH] At12.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> DELETED
[SUSP PATH] At11.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> DELETED
[SUSP PATH] At10.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> DELETED
[SUSP PATH] At1.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> DELETED
[SUSP PATH] At25.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> DELETED
[SUSP PATH] At24.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> DELETED
[SUSP PATH] At23.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> DELETED
[SUSP PATH] At22.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> DELETED
[SUSP PATH] At21.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> DELETED
[SUSP PATH] At20.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> DELETED
[SUSP PATH] At2.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> DELETED
[SUSP PATH] At19.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> DELETED
[SUSP PATH] At18.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> DELETED
[SUSP PATH] At17.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> DELETED
[SUSP PATH] At34.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> DELETED
[SUSP PATH] At33.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> DELETED
[SUSP PATH] At32.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> DELETED
[SUSP PATH] At31.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> DELETED
[SUSP PATH] At30.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> DELETED
[SUSP PATH] At3.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> DELETED
[SUSP PATH] At29.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> DELETED
[SUSP PATH] At28.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> DELETED
[SUSP PATH] At27.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> DELETED
[SUSP PATH] At26.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> DELETED
[SUSP PATH] At43.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> DELETED
[SUSP PATH] At42.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> DELETED
[SUSP PATH] At41.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> DELETED
[SUSP PATH] At40.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> DELETED
[SUSP PATH] At4.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> DELETED
[SUSP PATH] At39.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> DELETED
[SUSP PATH] At38.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> DELETED
[SUSP PATH] At37.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> DELETED
[SUSP PATH] At36.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> DELETED
[SUSP PATH] At35.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> DELETED
[SUSP PATH] At9.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> DELETED
[SUSP PATH] At8.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> DELETED
[SUSP PATH] At7.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> DELETED
[SUSP PATH] At6.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> DELETED
[SUSP PATH] At5.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe -> DELETED
[SUSP PATH] At48.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> DELETED
[SUSP PATH] At47.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> DELETED
[SUSP PATH] At46.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> DELETED
[SUSP PATH] At45.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> DELETED
[SUSP PATH] At44.job @ : C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe_ -> DELETED
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> NOT REMOVED, USE PROXYFIX
[IFEO] HKLM\[...]\Image File Execution Options : a.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : aAvgApi.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : AAWTray.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : About.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ackwin32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : Ad-Aware.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : adaware.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : advxdwin.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : AdwarePrj.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : agent.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : agentsvr.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : agentw.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : alertsvc.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : alevir.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : alogserv.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : AlphaAV (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : AlphaAV.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : AluSchedulerSvc.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : amon9x.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : anti-trojan.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : Anti-Virus Professional.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : AntispywarXP2009.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : antivirus.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : AntivirusPlus (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : AntivirusPlus.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : AntivirusPro_2010.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : AntivirusXP (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : AntivirusXP.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : antivirusxppro2009.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : AntiVirus_Pro.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ants.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : apimonitor.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : aplica32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : apvxdwin.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : arr.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ashAvast.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ashBug.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ashChest.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ashCnsnt.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ashDisp.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ashLogV.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ashMaiSv.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ashPopWz.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ashQuick.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ashServ.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ashSimp2.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ashSimpl.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ashSkPcc.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ashSkPck.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ashUpd.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ashWebSv.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : aswChLic.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : aswRegSvr.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : aswRunDll.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : aswUpdSv.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : atcon.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : atguard.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : atro55en.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : atupdater.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : atwatch.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : au.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : aupdate.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : auto-protect.nav80try.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : autodown.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : autotrace.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : autoupdate.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : av360.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avadmin.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avastSvc.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avastUI.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : AVCare.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avcenter.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avciman.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avconfig.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avconsol.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ave32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : AVENGINE.EXE (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avgcc32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avgchk.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avgcmgr.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avgcsrvx.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avgctrl.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avgdumpx.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avgemc.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avgiproxy.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avgnsx.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avgnt.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avgrsx.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avgscanx.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avgserv.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avgserv9.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avgsrmax.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avgtray.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avguard.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avgui.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avgupd.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avgw.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avgwdsvc.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avkpop.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avkserv.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avkservice.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avkwctl9.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avltmain.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avmailc.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avmcdlg.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avnotify.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avnt.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avp32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avpcc.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avpdos32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avpm.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avptc32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avpupd.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avsched32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avshadow.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avsynmgr.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avupgsvc.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : AVWEBGRD.EXE (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avwin.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avwin95.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avwinnt.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avwsc.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avwupd.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avwupd32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avwupsrv.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avxmonitor9x.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avxmonitornt.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : avxquar.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : b.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : backweb.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : bargains.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : bdfvcl.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : bdfvwiz.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : BDInProcPatch.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : bdmcon.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : BDMsnScan.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : BDSurvey.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : bd_professional.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : beagle.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : belt.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : bidef.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : bidserver.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : bipcp.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : bipcpevalsetup.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : bisp.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : blackd.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : blackice.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : blink.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : blss.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : bootconf.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : bootwarn.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : borg2.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : bpc.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : brasil.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : brastk.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : brw.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : bs120.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : bspatch.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : bundle.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : bvt.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : c.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : cavscan.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ccapp.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ccevtmgr.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ccpxysvc.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ccSvcHst.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : cdp.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : cfd.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : cfgwiz.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : cfiadmin.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : cfiaudit.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : cfinet.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : cfinet32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : cfp.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : cfpconfg.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : cfplogvw.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : cfpupdat.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : claw95.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : claw95cf.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : clean.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : cleaner.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : cleaner3.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : cleanIELow.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : cleanpc.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : click.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : cmd32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : cmdagent.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : cmesys.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : cmgrdian.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : cmon016.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : connectionmonitor.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : control (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : cpd.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : cpf9x206.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : cpfnt206.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : crashrep.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : csc.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : cssconfg.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : cssupdat.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : cssurf.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ctrl.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : cv.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : cwnb181.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : cwntdwmo.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : d.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : datemanager.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : dcomx.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : defalert.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : defscangui.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : defwatch.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : deloeminfs.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : deputy.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : divx.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : dllcache.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : dllreg.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : doors.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : dop.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : dpf.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : dpfsetup.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : dpps2.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : driverctrl.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : drwatson.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : drweb32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : drwebupw.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : dssagent.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : dvp95.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : dvp95_0.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ecengine.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : efpeadm.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : emsw.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ent.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : esafe.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : escanhnt.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : escanv95.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : espwatch.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ethereal.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : etrustcipe.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : evpn.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : exantivirus-cnet.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : exe.avxw.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : expert.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : explore.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : f-agnt95.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : f-prot.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : f-prot95.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : f-stopw.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : fact.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : fameh32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : fast.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : fch32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : fih32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : findviru.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : firewall.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : fixcfg.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : fixfp.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : fnrb32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : fp-win.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : fp-win_trial.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : fprot.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : frmwrk32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : frw.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : fsaa.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : fsav.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : fsav32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : fsav530stbyb.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : fsav530wtbyb.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : fsav95.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : fsgk32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : fsm32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : fsma32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : fsmb32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : gator.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : gav.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : gbmenu.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : gbn976rl.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : gbpoll.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : generics.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : gmt.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : guard.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : guarddog.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : guardgui.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : hacktracersetup.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : hbinst.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : hbsrv.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : History.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : homeav2010.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : hotactio.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : hotpatch.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : htlog.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : htpatch.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : hwpe.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : hxdl.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : hxiul.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : iamapp.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : iamserv.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : iamstats.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ibmasn.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ibmavsp.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : icload95.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : icloadnt.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : icmon.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : icsupp95.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : icsuppnt.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : Identity.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : idle.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : iedll.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : iedriver.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : IEShow.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : iface.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ifw2000.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : inetlnfo.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : infus.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : infwin.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : init.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : init32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : install[1].exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : install[2].exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : install[3].exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : install[4].exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : install[5].exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : intdel.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : intren.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : iomon98.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : istsvc.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : jammer.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : jdbgmrg.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : jedi.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : JsRcGen.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : kavlite40eng.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : kavpers40eng.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : kavpf.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : kazza.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : keenvalue.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : kerio-pf-213-en-win.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : kerio-wrl-421-en-win.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : kerio-wrp-421-en-win.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : killprocesssetup161.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ldnetmon.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ldpro.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ldpromenu.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ldscan.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : licmgr.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : lnetinfo.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : loader.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : localnet.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : lockdown.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : lockdown2000.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : lookout.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : lordpe.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : lsetup.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : luall.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : luau.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : lucomserver.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : luinit.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : luspt.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : MalwareRemoval.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : mapisvc32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : mcagent.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : mcmnhdlr.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : mcmscsvc.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : mcnasvc.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : mcproxy.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : McSACore.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : mcshell.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : mcshield.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : mcsysmon.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : mctool.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : mcupdate.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : mcvsrte.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : mcvsshld.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : md.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : mfin32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : mfw2en.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : mfweng3.02d30.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : mgavrtcl.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : mgavrte.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : mghtml.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : mgui.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : minilog.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : mmod.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : monitor.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : moolive.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : mostat.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : mpfagent.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : mpfservice.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : MPFSrv.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : mpftray.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : mrflux.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : mrt.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : msa.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : msapp.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : MSASCui.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : msbb.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : msblast.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : mscache.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : msccn32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : mscman.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : msconfig (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : msdm.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : msdos.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : msiexec16.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : mslaugh.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : msmgt.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : msmsgri32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : msseces.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : mssmmc32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : mssys.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : msvxd.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : mu0311ad.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : mwatch.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : n32scanw.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : nav.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : navap.navapsvc.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : navapsvc.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : navapw32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : navdx.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : navlu32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : navnt.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : navstub.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : navw32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : navwnt.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : nc2000.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ncinst4.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ndd32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : neomonitor.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : neowatchlog.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : netarmor.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : netd32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : netinfo.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : netmon.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : netscanpro.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : netspyhunter-1.2.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : netutils.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : nisserv.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : nisum.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : nmain.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : nod32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : normist.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : norton_internet_secu_3.0_407.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : notstart.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : npf40_tw_98_nt_me_2k.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : npfmessenger.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : nprotect.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : npscheck.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : npssvc.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : nsched32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : nssys32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : nstask32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : nsupdate.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : nt.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ntrtscan.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ntvdm.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ntxconfig.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : nui.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : nupgrade.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : nvarch16.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : nvc95.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : nvsvc32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : nwinst4.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : nwservice.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : nwtool16.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : OAcat.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : OAhlp.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : OAReg.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : oasrv.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : oaui.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : oaview.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ODSW.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ollydbg.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : onsrvr.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : optimize.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ostronet.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : otfix.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : outpost.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : outpostinstall.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : outpostproinstall.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ozn695m5.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : padmin.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : panixk.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : patch.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : pav.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : pavcl.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : PavFnSvr.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : pavproxy.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : pavprsrv.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : pavsched.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : pavsrv51.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : pavw.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : pc.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : pccwin98.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : pcfwallicon.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : pcip10117_0.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : pcscan.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : pctsAuxs.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : pctsGui.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : pctsSvc.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : pctsTray.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : PC_Antispyware2010.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : pdfndr.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : pdsetup.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : PerAvir.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : periscope.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : persfw.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : personalguard (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : personalguard.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : perswf.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : pf2.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : pfwadmin.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : pgmonitr.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : pingscan.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : platin.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : pop3trap.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : poproxy.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : popscan.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : portdetective.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : portmonitor.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : powerscan.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ppinupdt.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : pptbc.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ppvstop.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : prizesurfer.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : prmt.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : prmvr.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : procdump.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : processmonitor.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : procexplorerv1.0.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : programauditor.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : proport.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : protector.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : protectx.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : PSANCU.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : PSANHost.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : PSANToManager.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : PsCtrls.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : PsImSvc.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : PskSvc.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : pspf.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : PSUNMain.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : purge.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : qconsole.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : qh.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : qserver.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : Quick Heal.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : QuickHealCleaner.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : rapapp.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : rav7.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : rav7win.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : rav8win32eng.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ray.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : rb32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : rcsync.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : realmon.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : reged.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : regedt32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : rescue.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : rescue32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : rrguard.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : rscdwld.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : rshell.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : rtvscan.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : rtvscn95.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : rulaunch.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : rwg (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : rwg.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : SafetyKeeper.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : safeweb.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : sahagent.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : Save.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : SaveArmor.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : SaveDefense.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : SaveKeep.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : savenow.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : sbserv.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : sc.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : scam32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : scan32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : scan95.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : scanpm.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : scrscan.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : Secure Veteran.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : secureveteran.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : Security Center.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : SecurityFighter.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : securitysoldier.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : serv95.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : setloadorder.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : setupvameeval.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : setup_flowprotector_us.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : sgssfw32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : sh.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : shellspyinstall.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : shield.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : shn.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : showbehind.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : signcheck.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : smart.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : smartprotector.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : smc.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : smrtdefp.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : sms.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : smss32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : snetcfg.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : soap.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : sofi.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : SoftSafeness.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : sperm.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : spf.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : sphinx.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : spoler.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : spoolcv.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : spoolsv32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : spywarexpguard.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : spyxx.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : srexe.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : srng.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ss3edit.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ssgrate.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ssg_4104.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : st2.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : start.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : stcloader.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : supftrl.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : support.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : supporter5.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : svc.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : svchostc.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : svchosts.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : svshost.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : sweep95.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : sweepnet.sweepsrv.sys.swnetsup.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : symlcsvc.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : symproxysvc.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : symtray.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : system.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : system32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : sysupd.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : tapinstall.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : taumon.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : tbscan.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : tc.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : tca.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : tcm.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : tds-3.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : tds2-98.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : tds2-nt.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : teekids.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : tfak.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : tfak5.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : tgbob.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : titanin.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : titaninxp.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : TPSrv.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : trickler.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : trjscan.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : trjsetup.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : trojantrap3.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : TrustWarrior.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : tsadbot.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : tsc.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : tvmd.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : tvtmd.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : undoboot.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : updat.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : upgrad.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : utpost.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : vbcmserv.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : vbcons.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : vbust.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : vbwin9x.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : vbwinntw.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : vcsetup.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : vet32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : vet95.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : vettray.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : vfsetup.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : vir-help.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : virusmdpersonalfirewall.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : VisthAux.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : VisthLic.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : VisthUpd.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : vnlan300.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : vnpc3000.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : vpc32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : vpc42.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : vpfw30s.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : vptray.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : vscan40.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : vscenu6.02d30.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : vsched.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : vsecomr.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : vshwin32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : vsisetup.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : vsmain.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : vsmon.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : vsstat.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : vswin9xe.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : vswinntse.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : vswinperse.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : w32dsm89.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : W3asbas.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : w9x.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : watchdog.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : webdav.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : WebProxy.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : webscanx.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : webtrap.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : wfindv32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : whoswatchingme.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : wimmun32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : win-bugsfix.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : win32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : win32us.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : winactive.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : winav.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : windll32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : window.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : windows Police Pro.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : windows.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : wininetd.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : wininitx.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : winlogin.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : winmain.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : winppr32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : winrecon.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : winservn.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : winssk32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : winstart.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : winstart001.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : wintsk32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : winupdate.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : wkufind.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : wnad.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : wnt.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : wradmin.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : wrctrl.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : wsbgate.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : wscfxas.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : wscfxav.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : wscfxfw.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : wsctool.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : wupdater.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : wupdt.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : wyvernworksfirewall.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : xpdeluxe.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : xpf202en.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : xp_antispyware.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : zapro.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : zapsetup3001.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : zatutor.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : zonalm2601.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : zonealarm.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : _avp32.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : _avpcc.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : _avpm.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ~1.exe (svchost.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ~2.exe (svchost.exe) -> DELETED
[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> REPLACED (1)
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> REPLACED (1)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)
[SCRSV] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\WINDOWS\Washingt.scr) -> REPLACED (c:\windows\system32\logon.scr)
[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Documents and Settings\rhan125205\Local Settings\Application Data\{c3131f86-0aed-77e5-ce7e-7f7775ca1ffe}\n.) -> REPLACED (c:\windows\system32\shell32.dll)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] n : c:\documents and settings\rhan125205\local settings\application data\{c3131f86-0aed-77e5-ce7e-7f7775ca1ffe}\n --> REMOVED
[ZeroAccess][FILE] @ : c:\documents and settings\rhan125205\local settings\application data\{c3131f86-0aed-77e5-ce7e-7f7775ca1ffe}\@ --> REMOVED
[Del.Parent][FILE] 00000004.@ : c:\documents and settings\rhan125205\local settings\application data\{c3131f86-0aed-77e5-ce7e-7f7775ca1ffe}\U\00000004.@ --> REMOVED
[Del.Parent][FILE] 00000008.@ : c:\documents and settings\rhan125205\local settings\application data\{c3131f86-0aed-77e5-ce7e-7f7775ca1ffe}\U\00000008.@ --> REMOVED
[Del.Parent][FILE] 000000cb.@ : c:\documents and settings\rhan125205\local settings\application data\{c3131f86-0aed-77e5-ce7e-7f7775ca1ffe}\U\000000cb.@ --> REMOVED
[Del.Parent][FILE] 80000000.@ : c:\documents and settings\rhan125205\local settings\application data\{c3131f86-0aed-77e5-ce7e-7f7775ca1ffe}\U\80000000.@ --> REMOVED
[Del.Parent][FILE] 80000032.@ : c:\documents and settings\rhan125205\local settings\application data\{c3131f86-0aed-77e5-ce7e-7f7775ca1ffe}\U\80000032.@ --> REMOVED
[ZeroAccess][FOLDER] U : c:\documents and settings\rhan125205\local settings\application data\{c3131f86-0aed-77e5-ce7e-7f7775ca1ffe}\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : c:\documents and settings\rhan125205\local settings\application data\{c3131f86-0aed-77e5-ce7e-7f7775ca1ffe}\L\00000004.@ --> REMOVED
[Del.Parent][FILE] 1afb2d56 : c:\documents and settings\rhan125205\local settings\application data\{c3131f86-0aed-77e5-ce7e-7f7775ca1ffe}\L\1afb2d56 --> REMOVED
[Del.Parent][FILE] 55490ac4 : c:\documents and settings\rhan125205\local settings\application data\{c3131f86-0aed-77e5-ce7e-7f7775ca1ffe}\L\55490ac4 --> REMOVED
[Del.Parent][FILE] 80000032.@ : c:\documents and settings\rhan125205\local settings\application data\{c3131f86-0aed-77e5-ce7e-7f7775ca1ffe}\L\80000032.@ --> REMOVED
[ZeroAccess][FOLDER] L : c:\documents and settings\rhan125205\local settings\application data\{c3131f86-0aed-77e5-ce7e-7f7775ca1ffe}\L --> REMOVED
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac\desktop.ini --> REMOVED AT REBOOT

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤
[ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS542512K9SA00 +++++
--- User ---
[MBR] e52868cf7622caab71a66cc22ebe8ded
[BSP] 83375b27a0b6cce36851a58109a9db5c : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 110242 Mo
1 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 225777510 | Size: 4228 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: USB Flash Disk USB Device +++++
--- User ---
[MBR] 05e5d2d3291328e91643276c3dc9f6b3
[BSP] 30b44fa83a3a25131c00ee7508ea5e9a : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 513 | Size: 238 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt


RKreport3:

RogueKiller V7.6.5 [08/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode
User: rhan125205 [Admin rights]
Mode: Shortcuts HJfix -- Date: 08/08/2012 22:55:57

¤¤¤ Bad processes: 2 ¤¤¤
[ZeroAccess] n -- c:\windows\system32\n -> UNLOADED
[SVCHOST] svchost.exe -- C:\WINDOWS\System32\svchost.exe -> KILLED [TermProc]

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 2 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 20 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 377 / Fail 0
My documents: Success 627 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 1380 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\Harddisk0\DP(1)0x7e00-0x1aea2e4e00+1 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\Harddisk0\DP(2)0x1aea2ecc00-0x10840b600+2 -- 0x3 --> Restored
[F:] \Device\Harddisk1\DP(1)0x40200-0xeebfe00+4 -- 0x3 --> Restored

¤¤¤ Infection : ZeroAccess ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt


OTL Log:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74B92A3B-E4FB-40F4-83E4-1B8D7C9F64B0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74B92A3B-E4FB-40F4-83E4-1B8D7C9F64B0}\ deleted successfully.
C:\WINDOWS\system32\fastsrch.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CB6.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\uigcnc not found.
C:\Documents and Settings\rhan125205\Local Settings\Temp\uigcnc.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\upshet not found.
C:\Documents and Settings\NetworkService\Application Data\upshet.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\wlwmst not found.
C:\WINDOWS\Temp\wlwmst.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\271946150 not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DSF-DFS Updates Installation deleted successfully.
C:\Nodesys\MAJ\ExemajLauncher.exe moved successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xromnop\ deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\xromnop.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe\ not found.
Invalid CLSID key: _avp32.exe
C:\WINDOWS\system32\svchost.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe\ not found.
Invalid CLSID key: _avpcc.exe
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpm.exe\ not found.
Invalid CLSID key: _avpm.exe
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon9x.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntispywarXP2009.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti-trojan.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Anti-Virus Professional.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirus.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus_Pro.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPro_2010.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxppro2009.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ants.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apimonitor.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aplica32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arr.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashAvast.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashBug.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashChest.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashCnsnt.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashMaiSv.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashPopWz.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashQuick.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimp2.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimpl.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPcc.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPck.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashWebSv.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswChLic.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRegSvr.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRunDll.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atguard.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atro55en.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atupdater.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atwatch.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\au.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aupdate.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autodown.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto-protect.nav80try.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autotrace.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoupdate.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastSvc.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastUI.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avciman.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ave32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcc32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgchk.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcmgr.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrvx.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgctrl.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgdumpx.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemc.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgiproxy.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnsx.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsx.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgscanx.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv9.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgsrmax.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgtray.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgui.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgupd.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgw.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkpop.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkserv.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkservice.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwctl9.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avltmain.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmailc.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmcdlg.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnt.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpcc.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpdos32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpm.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avptc32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpupd.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsched32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avshadow.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsynmgr.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avupgsvc.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin95.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwinnt.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwsc.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupsrv.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitor9x.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitornt.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxquar.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\b.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\backweb.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bargains.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bd_professional.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvcl.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvwiz.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDInProcPatch.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdmcon.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDMsnScan.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDSurvey.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\belt.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidef.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidserver.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcp.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcpevalsetup.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bisp.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackd.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackice.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blink.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blss.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootconf.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootwarn.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\borg2.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpc.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brasil.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brw.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bs120.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bspatch.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundle.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bvt.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\c.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cavscan.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccevtmgr.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccpxysvc.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cdp.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfd.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfgwiz.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiadmin.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiaudit.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpconfg.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfplogvw.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95cf.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clean.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner3.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanIELow.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanpc.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\click.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmesys.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmgrdian.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmon016.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\connectionmonitor.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\control\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpd.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf9x206.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpfnt206.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\crashrep.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssconfg.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssupdat.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssurf.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctrl.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cv.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwnb181.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwntdwmo.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\d.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\datemanager.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dcomx.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defalert.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defscangui.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defwatch.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deloeminfs.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deputy.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllcache.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllreg.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\doors.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpf.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpfsetup.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpps2.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\driverctrl.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwatson.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dssagent.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95_0.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\efpeadm.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\emsw.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ent.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\esafe.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanhnt.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanv95.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\espwatch.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ethereal.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\etrustcipe.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\evpn.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exantivirus-cnet.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exe.avxw.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\expert.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explore.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fact.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-agnt95.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fast.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fch32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fih32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\findviru.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firewall.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixcfg.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixfp.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot95.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win_trial.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frmwrk32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frw.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsaa.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530stbyb.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530wtbyb.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav95.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsgk32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsm32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsma32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsmb32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-stopw.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gator.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gav.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbmenu.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbpoll.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\generics.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gmt.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guard.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guarddog.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hacktracersetup.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbinst.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbsrv.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\History.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotactio.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotpatch.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htlog.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htpatch.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hwpe.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxdl.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxiul.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamapp.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamserv.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamstats.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmasn.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmavsp.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icload95.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icloadnt.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmon.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsupp95.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsuppnt.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Identity.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idle.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedll.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedriver.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEShow.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iface.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ifw2000.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\inetlnfo.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infus.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infwin.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe \ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[1].exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[2].exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[3].exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[4].exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[5].exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\intdel.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\intren.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iomon98.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\istsvc.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jammer.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jdbgmrg.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\JsRcGen.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavlite40eng.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpers40eng.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpf.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kazza.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\keenvalue.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-pf-213-en-win.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrl-421-en-win.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrp-421-en-win.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\killprocesssetup161.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldnetmon.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpro.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpromenu.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldscan.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\licmgr.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lnetinfo.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loader.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\localnet.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown2000.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lookout.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lordpe.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsetup.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luall.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luau.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lucomserver.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luinit.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luspt.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MalwareRemoval.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mapisvc32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcagent.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmnhdlr.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmscsvc.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcnasvc.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcproxy.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McSACore.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshell.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mctool.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcupdate.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsrte.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\md.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfin32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfw2en.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfweng3.02d30.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrtcl.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrte.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mghtml.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgui.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\minilog.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmod.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monitor.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\moolive.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfagent.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfservice.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPFSrv.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpftray.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrflux.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrt.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msapp.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msbb.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msblast.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscache.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msccn32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscman.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msdm.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msdos.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msiexec16.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mslaugh.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmgt.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmsgri32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssmmc32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssys.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msvxd.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mu0311ad.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mwatch.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\n32scanw.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nav.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navap.navapsvc.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navdx.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navlu32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navnt.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navstub.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navwnt.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nc2000.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ncinst4.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndd32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neomonitor.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neowatchlog.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netarmor.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netd32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netinfo.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netmon.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netscanpro.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netspyhunter-1.2.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netutils.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisserv.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisum.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nmain.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\normist.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\norton_internet_secu_3.0_407.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notstart.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npf40_tw_98_nt_me_2k.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfmessenger.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nprotect.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npscheck.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npssvc.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsched32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nssys32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nstask32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsupdate.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nt.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntrtscan.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntxconfig.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nui.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nupgrade.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvarch16.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvc95.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvsvc32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwinst4.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwservice.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwtool16.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAcat.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAhlp.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAReg.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oasrv.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaui.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaview.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ODSW.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ollydbg.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onsrvr.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\optimize.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ostronet.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\otfix.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostinstall.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostproinstall.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\padmin.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\panixk.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\patch.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pav.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavcl.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PavFnSvr.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavproxy.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavprsrv.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsched.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsrv51.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavw.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pc.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PC_Antispyware2010.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccwin98.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcfwallicon.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcip10117_0.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcscan.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsAuxs.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsGui.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsTray.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdfndr.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdsetup.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PerAvir.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\periscope.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\persfw.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\perswf.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pf2.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfwadmin.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pgmonitr.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pingscan.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pop3trap.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\poproxy.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\popscan.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\portdetective.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\portmonitor.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerscan.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppinupdt.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pptbc.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppvstop.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prizesurfer.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prmt.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prmvr.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procdump.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\processmonitor.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexplorerv1.0.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\programauditor.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\proport.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectx.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANCU.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANHost.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANToManager.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsCtrls.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsImSvc.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PskSvc.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pspf.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSUNMain.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\purge.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qconsole.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qh.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qserver.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quick Heal.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QuickHealCleaner.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rapapp.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7win.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav8win32eng.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ray.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rb32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rcsync.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\realmon.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\reged.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rrguard.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rscdwld.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rshell.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscan.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscn95.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rulaunch.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeweb.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sahagent.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Save.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveArmor.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveDefense.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveKeep.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\savenow.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sbserv.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sc.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scam32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan95.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanpm.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scrscan.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secure Veteran.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\secureveteran.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Security Center.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityFighter.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\securitysoldier.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\serv95.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setloadorder.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup_flowprotector_us.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setupvameeval.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sgssfw32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sh.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shellspyinstall.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shield.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shn.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\showbehind.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\signcheck.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smart.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartprotector.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smc.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smrtdefp.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sms.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smss32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snetcfg.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\soap.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sofi.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SoftSafeness.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sperm.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spf.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sphinx.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolcv.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spywarexpguard.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spyxx.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\srexe.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\srng.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ss3edit.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ssg_4104.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ssgrate.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\st2.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\start.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stcloader.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\supftrl.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\support.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\supporter5.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svc.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchostc.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchosts.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svshost.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweep95.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweepnet.sweepsrv.sys.swnetsup.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symproxysvc.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symtray.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\system.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\system32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sysupd.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taumon.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbscan.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tc.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tca.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcm.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-98.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-nt.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds-3.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\teekids.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak5.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tgbob.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titanin.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titaninxp.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TPSrv.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trickler.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjscan.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjsetup.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trojantrap3.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrustWarrior.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsadbot.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsc.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvmd.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvtmd.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\undoboot.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\updat.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upgrad.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utpost.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcmserv.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcons.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbust.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwin9x.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwinntw.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcsetup.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet95.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vettray.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vfsetup.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\virusmdpersonalfirewall.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthAux.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthLic.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthUpd.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnlan300.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnpc3000.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc42.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpfw30s.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vptray.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscan40.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscenu6.02d30.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsched.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsecomr.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vshwin32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsisetup.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmain.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmon.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswin9xe.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinntse.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinperse.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\w32dsm89.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\W3asbas.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\w9x.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\watchdog.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webdav.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WebProxy.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webtrap.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wfindv32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\whoswatchingme.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wimmun32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\win32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\win32us.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winactive.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winav.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\win-bugsfix.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windll32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\window.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows Police Pro.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wininetd.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wininitx.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winlogin.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winmain.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winppr32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winrecon.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winservn.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winssk32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart001.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintsk32.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupdate.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wkufind.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnad.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnt.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wradmin.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wrctrl.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsbgate.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxas.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxav.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxfw.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsctool.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdater.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wyvernworksfirewall.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp_antispyware.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpdeluxe.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpf202en.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutor.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonalm2601.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe\ not found.
File C:\WINDOWS\System32\svchost.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c86e5f5-51f4-11df-a42f-001f3b435e47}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c86e5f5-51f4-11df-a42f-001f3b435e47}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c86e5f5-51f4-11df-a42f-001f3b435e47}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c86e5f5-51f4-11df-a42f-001f3b435e47}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c86e5f5-51f4-11df-a42f-001f3b435e47}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c86e5f5-51f4-11df-a42f-001f3b435e47}\ not found.
File F:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35b319ad-3bb3-11dd-a193-001f3b435e47}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35b319ad-3bb3-11dd-a193-001f3b435e47}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35b319ad-3bb3-11dd-a193-001f3b435e47}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35b319ad-3bb3-11dd-a193-001f3b435e47}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35b319ad-3bb3-11dd-a193-001f3b435e47}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35b319ad-3bb3-11dd-a193-001f3b435e47}\ not found.
File F:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f06a365-303c-11df-a409-001f3b435e47}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f06a365-303c-11df-a409-001f3b435e47}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f06a365-303c-11df-a409-001f3b435e47}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f06a365-303c-11df-a409-001f3b435e47}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f06a365-303c-11df-a409-001f3b435e47}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f06a365-303c-11df-a409-001f3b435e47}\ not found.
File F:\Foresight.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71a8f23b-90f6-11df-a496-001f3b435e47}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71a8f23b-90f6-11df-a496-001f3b435e47}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71a8f23b-90f6-11df-a496-001f3b435e47}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71a8f23b-90f6-11df-a496-001f3b435e47}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71a8f23b-90f6-11df-a496-001f3b435e47}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71a8f23b-90f6-11df-a496-001f3b435e47}\ not found.
File F:\laucher.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\dianrsm deleted successfully.
C:\WINDOWS\system32\krnlstat.dll moved successfully.
C:\WINDOWS\system32\dds_trash_log.cmd moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\hwgqca.exe moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\pcusxg.exe moved successfully.
C:\Documents and Settings\rhan125205\Local Settings\Application Data\A101062.cfg moved successfully.
C:\Documents and Settings\rhan125205\Local Settings\Application Data\pndxxi.exe moved successfully.
File C:\WINDOWS\System32\krnlstat.dll not found.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\mmrdfdqrw.exe moved successfully.
File C:\WINDOWS\System32\fastsrch.dll not found.
File C:\Documents and Settings\NetworkService\Local Settings\Application Data\xromnop.dll not found.
C:\Documents and Settings\All Users\Application Data\YJf1hUh3.exe moved successfully.
C:\Documents and Settings\rhan125205\Application Data\Protector-xcvg.exe moved successfully.
C:\Documents and Settings\rhan125205\Local Settings\Application Data\hk4rmndv2048bm77p2u14bmahl7um167t57115w881ij moved successfully.
C:\Documents and Settings\All Users\Application Data\hk4rmndv2048bm77p2u14bmahl7um167t57115w881ij moved successfully.
C:\Documents and Settings\rhan125205\Local Settings\Application Data\qlea.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\fafx.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\vgqk.exe moved successfully.
C:\Documents and Settings\rhan125205\Local Settings\Application Data\uagu.exe moved successfully.
C:\Documents and Settings\rhan125205\Local Settings\Application Data\rjry.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\pdii.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\otwk.exe moved successfully.
C:\Documents and Settings\rhan125205\Local Settings\Application Data\lewg.exe moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
An internal error occurred: The request is not supported.

Please contact Microsoft Product Support Services for further help.
Additional information: Unable to query host name.
C:\Documents and Settings\rhan125205\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\rhan125205\Desktop\cmd.txt deleted successfully.
File\Folder C:\WINDOWS\tasks\At*.job not found.
Folder move failed. C:\Documents and Settings\rhan125205\Local Settings\Application Data\{c3131f86-0aed-77e5-ce7e-7f7775ca1ffe}\U scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\rhan125205\Local Settings\Application Data\{c3131f86-0aed-77e5-ce7e-7f7775ca1ffe}\L scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\rhan125205\Local Settings\Application Data\{c3131f86-0aed-77e5-ce7e-7f7775ca1ffe} scheduled to be moved on reboot.
========== REGISTRY ==========
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: admindra
->Temp folder emptied: 803515 bytes
->Temporary Internet Files folder emptied: 4613861 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 405 bytes

User: Administrator
->Temp folder emptied: 1230888 bytes
->Temporary Internet Files folder emptied: 661696 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 405 bytes

User: admintechno
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 405 bytes

User: All Users

User: Default User
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 42025 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 10725720 bytes

User: NetworkService
->Temp folder emptied: 606208 bytes
->Temporary Internet Files folder emptied: 202305570 bytes
->Java cache emptied: 712850 bytes
->Flash cache emptied: 52993 bytes

User: rhan125205
->Temp folder emptied: 769362784 bytes
->Temporary Internet Files folder emptied: 15110180 bytes
->Java cache emptied: 164649 bytes
->Flash cache emptied: 283832 bytes

User: SYSTEM

User: TEMP

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 23018682 bytes
%systemroot%\System32 .tmp files removed: 49780844 bytes
%systemroot%\System32\dllcache .tmp files removed: 12267256 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 934095027 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 2761720 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 4292892076 bytes

Total Files Cleaned = 6,029.00 mb

Unable to start System Restore Service. Error code 10

OTL by OldTimer - Version 3.2.56.0 log created on 08082012_225951

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\rhan125205\Local Settings\Application Data\{c3131f86-0aed-77e5-ce7e-7f7775ca1ffe}\U not found!
File\Folder C:\Documents and Settings\rhan125205\Local Settings\Application Data\{c3131f86-0aed-77e5-ce7e-7f7775ca1ffe}\L not found!
C:\Documents and Settings\rhan125205\Local Settings\Application Data\{c3131f86-0aed-77e5-ce7e-7f7775ca1ffe} folder moved successfully.

PendingFileRenameOperations files...
File C:\Documents and Settings\rhan125205\Local Settings\Application Data\{c3131f86-0aed-77e5-ce7e-7f7775ca1ffe}\U not found!
File C:\Documents and Settings\rhan125205\Local Settings\Application Data\{c3131f86-0aed-77e5-ce7e-7f7775ca1ffe}\L not found!
File C:\Documents and Settings\rhan125205\Local Settings\Application Data\{c3131f86-0aed-77e5-ce7e-7f7775ca1ffe} not found!

Registry entries deleted on Reboot...

ISSUES REMAINING:

1. Tried to restart in normal mode as to dload ConboFix, however IE will not open? Decided to consult you before proceeding.
2. Also. windows will not display along bottom as to which programs or folders are open. Can that be reset or restored to visibility?
  • 0

#4
CompCav
Posted 09 August 2012 - 07:23 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Go ahead and run combofix from safe mode with networking if the internet works in safe mode.
  • 0

#5
CompCav
Posted 09 August 2012 - 07:40 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Try to reset the task bar with this fixit. Click the Fixit button about one third down the page.
  • 0

#6
Triskelion
Posted 09 August 2012 - 11:32 AM

Triskelion

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 663 posts
IE still doesn't open, even in safemode.
I put Combofix on a flash drive then moved it to the infected computer's desktop and am running it now.

Hopefully after Combofix is done I can access the internet and run the fixit you recommended for the task bar.

This isn't looking good. Combofix detected a rootkit infection.
Will let you know what happened when it's finished.

Here is the CF Log...

ComboFix 12-08-09.01 - rhan125205 2012-08-09 11:11:55.1.2 - x86
Running from: F:\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Start Menu\Programs\Windows AntiHazard Center.lnk
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\rhan125205\Application Data\PriceGong
c:\documents and settings\rhan125205\Application Data\PriceGong\Data\1.xml
c:\documents and settings\rhan125205\Application Data\PriceGong\Data\a.xml
c:\documents and settings\rhan125205\Application Data\PriceGong\Data\b.xml
c:\documents and settings\rhan125205\Application Data\PriceGong\Data\c.xml
c:\documents and settings\rhan125205\Application Data\PriceGong\Data\d.xml
c:\documents and settings\rhan125205\Application Data\PriceGong\Data\e.xml
c:\documents and settings\rhan125205\Application Data\PriceGong\Data\f.xml
c:\documents and settings\rhan125205\Application Data\PriceGong\Data\g.xml
c:\documents and settings\rhan125205\Application Data\PriceGong\Data\h.xml
c:\documents and settings\rhan125205\Application Data\PriceGong\Data\i.xml
c:\documents and settings\rhan125205\Application Data\PriceGong\Data\J.xml
c:\documents and settings\rhan125205\Application Data\PriceGong\Data\k.xml
c:\documents and settings\rhan125205\Application Data\PriceGong\Data\l.xml
c:\documents and settings\rhan125205\Application Data\PriceGong\Data\m.xml
c:\documents and settings\rhan125205\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\rhan125205\Application Data\PriceGong\Data\n.xml
c:\documents and settings\rhan125205\Application Data\PriceGong\Data\o.xml
c:\documents and settings\rhan125205\Application Data\PriceGong\Data\p.xml
c:\documents and settings\rhan125205\Application Data\PriceGong\Data\q.xml
c:\documents and settings\rhan125205\Application Data\PriceGong\Data\r.xml
c:\documents and settings\rhan125205\Application Data\PriceGong\Data\s.xml
c:\documents and settings\rhan125205\Application Data\PriceGong\Data\t.xml
c:\documents and settings\rhan125205\Application Data\PriceGong\Data\u.xml
c:\documents and settings\rhan125205\Application Data\PriceGong\Data\v.xml
c:\documents and settings\rhan125205\Application Data\PriceGong\Data\w.xml
c:\documents and settings\rhan125205\Application Data\PriceGong\Data\x.xml
c:\documents and settings\rhan125205\Application Data\PriceGong\Data\y.xml
c:\documents and settings\rhan125205\Application Data\PriceGong\Data\z.xml
c:\documents and settings\rhan125205\Application Data\result.db
c:\documents and settings\rhan125205\Start Menu\Programs\Security Shield.lnk
c:\documents and settings\rhan125205\WINDOWS
c:\documents and settings\TEMP\WINDOWS
c:\program files\INSTALL.LOG
c:\program files\Internet Explorer\SET29F.tmp
c:\program files\Internet Explorer\SET2A4.tmp
c:\program files\Internet Explorer\SET357.tmp
c:\windows\$NtUninstallKB40006$\1033282000\@
c:\windows\$NtUninstallKB40006$\1033282000\cfg.ini
c:\windows\$NtUninstallKB40006$\1033282000\Desktop.ini
c:\windows\$NtUninstallKB40006$\1033282000\L\00000004.@
c:\windows\$NtUninstallKB40006$\1033282000\L\201d3dde
c:\windows\$NtUninstallKB40006$\1033282000\L\55490ac4
c:\windows\$NtUninstallKB40006$\1033282000\L\ellhmyaa
c:\windows\$NtUninstallKB40006$\1033282000\oemid
c:\windows\$NtUninstallKB40006$\1033282000\U\00000001.@
c:\windows\$NtUninstallKB40006$\1033282000\U\00000002.@
c:\windows\$NtUninstallKB40006$\1033282000\U\00000004.@
c:\windows\$NtUninstallKB40006$\1033282000\U\80000000.@
c:\windows\$NtUninstallKB40006$\1033282000\U\80000004.@
c:\windows\$NtUninstallKB40006$\1033282000\U\80000032.@
c:\windows\$NtUninstallKB40006$\1033282000\version
c:\windows\$NtUninstallKB40006$\713765866
c:\windows\assembly\GAC\Desktop.ini
c:\windows\dasetup.log
c:\windows\system32\AegisI5Installer.exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\hamachi.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\system32\win.ini
F:\AUTORUN.INF
c:\windows\$NtUninstallKB40006$ . . . . Failed to delete
.
Infected copy of c:\windows\system32\drivers\afd.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_PCDRSRVC
-------\Service_PCDRSRVC
.
.
((((((((((((((((((((((((( Files Created from 2012-07-09 to 2012-08-09 )))))))))))))))))))))))))))))))
.
.
2012-08-09 04:59 . 2012-08-09 04:59 -------- d-----w- C:\_OTL
2012-08-09 04:42 . 2012-08-09 04:42 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-08-09 04:41 . 2012-08-09 04:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2012-08-09 04:40 . 2012-08-09 04:40 -------- d-----w- c:\program files\Panda USB Vaccine
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-15 01:57 . 2012-06-15 01:36 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-15 01:57 . 2012-03-10 00:29 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
1999-06-25 17:55 . 2008-09-10 14:46 149504 ----a-w- c:\program files\UNWISE.EXE
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
.
[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys
[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\I386\NTFS.SYS
.
[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2005-03-14 . 6129E70F3D2F1E60860C930EBEAF92C2 . 359936 . . [5.1.2600.2631] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
.
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
.
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
.
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll
.
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2004-08-04 12:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
.
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$NtUninstallKB956572_0$\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB894391$\rpcss.dll
[-] 2005-01-14 . 94456045BEB4545B5EBE1DCC85951AFA . 395776 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll
.
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2009-02-06 . 4712531AB7A01B7EE059853CA17D39BD . 110592 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\services.exe
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
.
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2004-08-04 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL
[-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
.
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974_0$\es.dll
.
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
.
[-] 2009-03-22 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2009-03-21 . B6ACAED7588295129791E0E6A2B0FADE . 986112 . . [5.1.2600.3541] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . 80202858D245FF07DAA1739C57A3E19B . 989184 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\$NtUninstallKB959426_0$\kernel32.dll
[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\$NtUninstallKB935839$\kernel32.dll
.
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
.
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
.
[-] 2010-11-06 . 1B62916D85DFC66158B1FD0CAC16BA05 . 3607040 . . [7.00.6000.21295] . . c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\mshtml.dll
[-] 2010-11-06 . 864E69F32656A7121444BA0193D7B64B . 5960704 . . [8.00.6001.23091] . . c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mshtml.dll
[-] 2010-11-06 . 864E69F32656A7121444BA0193D7B64B . 5960704 . . [8.00.6001.23091] . . c:\windows\SoftwareDistribution\Download\e4c2b7cb00daebf4f81844527ed9b20a\SP3QFE\mshtml.dll
[-] 2010-11-06 . D7CCA87057901C87ED8CC40DDCC7FA1B . 5959168 . . [8.00.6001.18999] . . c:\windows\SoftwareDistribution\Download\e4c2b7cb00daebf4f81844527ed9b20a\SP3GDR\mshtml.dll
[-] 2010-11-06 . D7CCA87057901C87ED8CC40DDCC7FA1B . 5959168 . . [8.00.6001.18999] . . c:\windows\system32\mshtml.dll
[-] 2010-11-06 . D7CCA87057901C87ED8CC40DDCC7FA1B . 5959168 . . [8.00.6001.18999] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2010-09-10 . DE41132DA8E5A3CD57201C6F2175EC05 . 5957120 . . [8.00.6001.18975] . . c:\windows\ie8updates\KB2416400-IE8\mshtml.dll
[-] 2010-09-10 . DE41132DA8E5A3CD57201C6F2175EC05 . 5957120 . . [8.00.6001.18975] . . c:\windows\SoftwareDistribution\Download\c0b2667570bfaadca71db300b030c7f4\SP3GDR\mshtml.dll
[-] 2010-09-10 . 8A03CC037E6B7D1796192815231B0C3F . 5958656 . . [8.00.6001.23067] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\mshtml.dll
[-] 2010-09-10 . 8A03CC037E6B7D1796192815231B0C3F . 5958656 . . [8.00.6001.23067] . . c:\windows\SoftwareDistribution\Download\c0b2667570bfaadca71db300b030c7f4\SP3QFE\mshtml.dll
[-] 2010-06-24 . 94DC7E938C57F3C3D1BC4A0F68FC5830 . 5954560 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\mshtml.dll
[-] 2010-06-24 . 94DC7E938C57F3C3D1BC4A0F68FC5830 . 5954560 . . [8.00.6001.23037] . . c:\windows\SoftwareDistribution\Download\009eaf510409174fd2f25593db4fddcd\SP3QFE\mshtml.dll
[-] 2010-06-24 . 4D7EF94795384CD2BBAAB078B7929FEA . 5951488 . . [8.00.6001.18939] . . c:\windows\SoftwareDistribution\Download\009eaf510409174fd2f25593db4fddcd\SP3GDR\mshtml.dll
[-] 2010-06-24 . 0FB7E2774BD643C181D673426AF3F62A . 3603968 . . [7.00.6000.21283] . . c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\mshtml.dll
[-] 2010-05-06 . C7B7A88CC7D7ABA5C395145BF92F46F7 . 5950976 . . [8.00.6001.18928] . . c:\windows\ie8updates\KB2360131-IE8\mshtml.dll
[-] 2010-05-06 . C7B7A88CC7D7ABA5C395145BF92F46F7 . 5950976 . . [8.00.6001.18928] . . c:\windows\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3GDR\mshtml.dll
[-] 2010-05-06 . 9BE28F749A7FE7F8F177C6AA2E9DA609 . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
[-] 2010-05-06 . 9BE28F749A7FE7F8F177C6AA2E9DA609 . 5953024 . . [8.00.6001.23019] . . c:\windows\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3QFE\mshtml.dll
[-] 2010-03-11 . 9289EBB759293A1381AB0C326A115AEC . 3602944 . . [7.00.6000.21228] . . c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\mshtml.dll
[-] 2010-03-11 . 94359CD5BB6AC1CC08088F4A4091FF1E . 3599872 . . [7.00.6000.17023] . . c:\windows\ie8\mshtml.dll
[-] 2010-01-05 . 3B8259EF10C0F1425395981E40ED0EAA . 3599360 . . [7.00.6000.16981] . . c:\windows\ie7updates\KB980182-IE7\mshtml.dll
[-] 2010-01-05 . 1673677DBD70142DB1294F1B6FC3323E . 3602944 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\mshtml.dll
[-] 2009-10-29 . 89A9658515A18E673034369E043FAB01 . 3598336 . . [7.00.6000.16945] . . c:\windows\ie7updates\KB978207-IE7\mshtml.dll
[-] 2009-10-29 . 8B48737260C273C9B0DACA84EA1CCDBD . 3602432 . . [7.00.6000.21148] . . c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\mshtml.dll
[-] 2009-04-29 . C6FD770D518FB024245A0EE217D72BC1 . 3598336 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll
[-] 2009-04-29 . 2B4315EC9E3124408A2A5074C4B97700 . 3596288 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB976325-IE7\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB982381-IE8\mshtml.dll
[-] 2008-10-17 . EACAEDEF6FA2A969DE5B36190D45396F . 3593216 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB969897-IE7\mshtml.dll
[-] 2008-10-16 . B74F31A4BD83797D7A083F922169287D . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[-] 2008-08-27 . 1AD035E04A7068EC2820B055A3131ED8 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[-] 2008-08-26 . 25CC085720EE3617FD1F8AB9E2F7CAB2 . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[-] 2008-06-24 . EC936148284F557F19C333178768109B . 3592192 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[-] 2008-06-23 . 28B8231CA8D55FC85E027A57C90F5C88 . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[-] 2008-04-24 . 8976CAB317105F7431B08EA32AB73C65 . 3591680 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll
[-] 2008-04-23 . 4D612FF5D3B7EEF200595AE6F95D5E68 . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2008-03-01 . AB2C88167D78D71D93558ACECB24CC7A . 3591680 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[-] 2008-03-01 . 4EE273E2B09317C1217EF0DB91F93534 . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[-] 2007-12-08 . A097C36412455F0C7E42377FAF8809B7 . 3592192 . . [7.00.6000.16608] . . c:\windows\SoftwareDistribution\Download\9489e810bc136788bfeb9b68b0d7dfee\sp2gdr\mshtml.dll
[-] 2007-12-07 . 976C46ED4A75FC66D9C596778898CE1E . 3593216 . . [7.00.6000.20733] . . c:\windows\SoftwareDistribution\Download\9489e810bc136788bfeb9b68b0d7dfee\sp2qfe\mshtml.dll
[-] 2007-10-31 . 8AB7ECF59D6EBBE986277B65ED4A40A1 . 3590656 . . [7.00.6000.16587] . . c:\windows\ie7updates\KB947864-IE7\mshtml.dll
[-] 2007-10-31 . 8AB7ECF59D6EBBE986277B65ED4A40A1 . 3590656 . . [7.00.6000.16587] . . c:\windows\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2GDR\mshtml.dll
[-] 2007-10-30 . 54D8B404F17AA74C666F7F3AEF2AE459 . 3593216 . . [7.00.6000.20710] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 . 54D8B404F17AA74C666F7F3AEF2AE459 . 3593216 . . [7.00.6000.20710] . . c:\windows\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2QFE\mshtml.dll
[-] 2007-10-30 . 79314A0A6B0DA78AFE491FF2D8B117BA . 3065856 . . [6.00.2900.3243] . . c:\windows\SoftwareDistribution\Download\fa58243222bcfe35e5467668df396003\sp2qfe\mshtml.dll
[-] 2007-08-13 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows\ie7updates\KB942615-IE7\mshtml.dll
[-] 2007-07-18 . 7CE243CFD47AD0DC431586CB8C542A11 . 3584000 . . [7.00.6000.20641] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll
[-] 2006-10-23 . 88E1C15BB1A9ED3CBA4D6F2F408D5010 . 3061248 . . [6.00.2900.3020] . . c:\windows\ie7\mshtml.dll
.
[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\I386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSVCRT.DLL
[-] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
.
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll
.
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
.
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
.
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
.
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
.
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
.
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
.
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
[-] 2010-11-06 . F4310169BC5EE25617301E8E78FE5C84 . 841216 . . [7.00.6000.21295] . . c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\wininet.dll
[-] 2010-11-06 . 9357C4249F4810FB0E49C13387A8A77C . 919552 . . [8.00.6001.23084] . . c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\wininet.dll
[-] 2010-11-06 . 9357C4249F4810FB0E49C13387A8A77C . 919552 . . [8.00.6001.23084] . . c:\windows\SoftwareDistribution\Download\e4c2b7cb00daebf4f81844527ed9b20a\SP3QFE\wininet.dll
[-] 2010-11-06 . 306A2B05EA9846278113964DC6E2C940 . 916480 . . [8.00.6001.18992] . . c:\windows\SoftwareDistribution\Download\e4c2b7cb00daebf4f81844527ed9b20a\SP3GDR\wininet.dll
[-] 2010-11-06 . 306A2B05EA9846278113964DC6E2C940 . 916480 . . [8.00.6001.18992] . . c:\windows\system32\wininet.dll
[-] 2010-11-06 . 306A2B05EA9846278113964DC6E2C940 . 916480 . . [8.00.6001.18992] . . c:\windows\system32\dllcache\wininet.dll
[-] 2010-09-10 . 36FE8ABC59AAFBE20CBE54BC372F9429 . 916480 . . [8.00.6001.18968] . . c:\windows\ie8updates\KB2416400-IE8\wininet.dll
[-] 2010-09-10 . 36FE8ABC59AAFBE20CBE54BC372F9429 . 916480 . . [8.00.6001.18968] . . c:\windows\SoftwareDistribution\Download\c0b2667570bfaadca71db300b030c7f4\SP3GDR\wininet.dll
[-] 2010-09-10 . 0555E190DCD06B8998E6DDCA42DAEB82 . 919552 . . [8.00.6001.23060] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\wininet.dll
[-] 2010-09-10 . 0555E190DCD06B8998E6DDCA42DAEB82 . 919552 . . [8.00.6001.23060] . . c:\windows\SoftwareDistribution\Download\c0b2667570bfaadca71db300b030c7f4\SP3QFE\wininet.dll
[-] 2010-06-24 . 60237E50D575FBA9BEC9BC043F157149 . 919040 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll
[-] 2010-06-24 . 60237E50D575FBA9BEC9BC043F157149 . 919040 . . [8.00.6001.23037] . . c:\windows\SoftwareDistribution\Download\009eaf510409174fd2f25593db4fddcd\SP3QFE\wininet.dll
[-] 2010-06-24 . D3DEB6B2B424AC93DE3801EAEB21A9A5 . 916480 . . [8.00.6001.18939] . . c:\windows\SoftwareDistribution\Download\009eaf510409174fd2f25593db4fddcd\SP3GDR\wininet.dll
[-] 2010-06-24 . 2E5F7848F3FEECC1F3915A64C0AD0FA8 . 841216 . . [7.00.6000.21283] . . c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\wininet.dll
[-] 2010-05-06 . 2D9C7B010409372C34F725DA5CCED083 . 916480 . . [8.00.6001.18923] . . c:\windows\ie8updates\KB2360131-IE8\wininet.dll
[-] 2010-05-06 . 2D9C7B010409372C34F725DA5CCED083 . 916480 . . [8.00.6001.18923] . . c:\windows\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3GDR\wininet.dll
[-] 2010-05-06 . C1490F68B44AF8B781F52F12F564625D . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[-] 2010-05-06 . C1490F68B44AF8B781F52F12F564625D . 919040 . . [8.00.6001.23014] . . c:\windows\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3QFE\wininet.dll
[-] 2010-03-11 . B6AB2EB1DA4BB29079B84AC842520670 . 832512 . . [7.00.6000.17023] . . c:\windows\ie8\wininet.dll
[-] 2010-03-11 . 7F6A9D2F3CAA7780AAFD478BF3411462 . 841216 . . [7.00.6000.21228] . . c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\wininet.dll
[-] 2010-01-05 . 21E7890F1EC89BEF0AF7C08D730AE317 . 832512 . . [7.00.6000.16981] . . c:\windows\ie7updates\KB980182-IE7\wininet.dll
[-] 2010-01-05 . E7B99465DE2EDCF29784B7600BF6FAE8 . 841216 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\wininet.dll
[-] 2009-10-29 . 7C599DEC022BEF6E3C9F4DB4FC164E8B . 832512 . . [7.00.6000.16945] . . c:\windows\ie7updates\KB978207-IE7\wininet.dll
[-] 2009-10-29 . CA5CB4F174592090FBECFEAD9B51BB90 . 841216 . . [7.00.6000.21148] . . c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\wininet.dll
[-] 2009-04-29 . 8E2D471157B0DF329D8D0EA5D83B0DDB . 827392 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB976325-IE7\wininet.dll
[-] 2009-04-29 . 62CCA075F44015147B8971DAFFBCFF76 . 828928 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll
[-] 2008-10-16 . 6741EAF7B7F110E803A6E38F6E5FA6B0 . 826368 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB969897-IE7\wininet.dll
[-] 2008-10-16 . 0D5B75171FF51775B630A431B6C667E8 . 827904 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 . 77C192FE56A70D7FA0247BA0A6201C32 . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 . EF8EBA98145BFA44E80D17A3B3453300 . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 2008-06-23 . 8C13D4A7479FA0A026EDA8ABCE82C0ED . 826368 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2008-06-23 . C66402A06B83B036C195242C0C8CF83C . 827904 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 2008-04-23 . F6589BE784647CFDBC22EA51CCB1A57A . 826368 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\wininet.dll
[-] 2008-04-23 . 41546B396A526918DA7995A02EA04E51 . 827392 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2008-03-01 . AD21461AEF8244EDEC2EF18E55E1DCF3 . 826368 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2008-03-01 . 6316C2F0C61271C8ABDFF7429174879E . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2007-12-07 . 806D274C9A6C3AAEA5EAE8E4AF841E04 . 824832 . . [7.00.6000.16608] . . c:\windows\SoftwareDistribution\Download\9489e810bc136788bfeb9b68b0d7dfee\sp2gdr\wininet.dll
[-] 2007-12-07 . B5B411BB229AE6EAD7652A32ED47BFB9 . 825344 . . [7.00.6000.20733] . . c:\windows\SoftwareDistribution\Download\9489e810bc136788bfeb9b68b0d7dfee\sp2qfe\wininet.dll
[-] 2007-10-11 . 80D660A49E0D118144423099B2A9F5DA . 666112 . . [6.00.2900.3231] . . c:\windows\SoftwareDistribution\Download\fa58243222bcfe35e5467668df396003\sp2qfe\wininet.dll
[-] 2007-10-10 . 30C1E0F34AD2972C72A01DB5C74AB065 . 824832 . . [7.00.6000.16574] . . c:\windows\ie7updates\KB947864-IE7\wininet.dll
[-] 2007-10-10 . 30C1E0F34AD2972C72A01DB5C74AB065 . 824832 . . [7.00.6000.16574] . . c:\windows\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2GDR\wininet.dll
[-] 2007-10-10 . 0E5D918F87EFA7D2424D66B499C7EB04 . 825344 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[-] 2007-10-10 . 0E5D918F87EFA7D2424D66B499C7EB04 . 825344 . . [7.00.6000.20696] . . c:\windows\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2QFE\wininet.dll
[-] 2007-08-13 . A4A0FC92358F39538A6494C42EF99FE9 . 818688 . . [7.00.5730.13] . . c:\windows\ie7updates\KB942615-IE7\wininet.dll
[-] 2007-06-27 . D6ED5E042C5207553E7F5E842918137F . 824320 . . [7.00.6000.20627] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[-] 2006-10-23 . 231EF4179ACABE486376B5CA893F1076 . 664576 . . [6.00.2900.3020] . . c:\windows\ie7\wininet.dll
.
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
.
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2004-08-04 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
.
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
.
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2004-08-04 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
[-] 2004-08-04 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\I386\REGEDIT.EXE
.
[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\system32\ole32.dll
[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\system32\dllcache\ole32.dll
[-] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2005-07-26 . A2F755E237FA2CDD748A80BFBE6657F3 . 1285632 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\ole32.dll
[-] 2005-04-28 . 7440D29F257B7E44329343F944F2142C . 1286144 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\ole32.dll
[-] 2005-04-28 . 5950E4F28FDA9D147576BF6798937397 . 1285120 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB894391$\ole32.dll
[-] 2005-01-14 . 2E752611C9A9AE1B6BFD0DA03CF7F17E . 1284608 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\ole32.dll
.
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[-] 2004-08-04 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll
.
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[-] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
.
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
.
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
.
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
.
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2004-08-04 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
.
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
.
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
.
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
.
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2004-08-04 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2004-08-04 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
.
[-] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2004-08-04 03:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys
.
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
.
[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2004-08-04 12:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
.
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2005-01-28 18:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2005-01-28 18:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-04 12:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
.
[-] 2010-12-10 . F67CD97282E0ABFAF91A9A1359B16F2D . 2069376 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
[-] 2010-12-09 . 9ED77E2307F6EC6F174C063C15AA3B8C . 2027008 . . [5.1.2600.6055] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2010-04-28 . 756362706DE8BC92F11E197C98A73844 . 2066944 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
[-] 2010-04-27 . 49E936E1398D1A536E84CD5D068F0F09 . 2024448 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[-] 2009-12-08 . 089F1E207B067A4DDEB2EEC37BBB1AA7 . 2023936 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe
[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3GDR\ntkrnlpa.exe
[-] 2009-12-08 . B8AF9E80BAB026D5ABD84B14E34EB172 . 2020864 . . [5.1.2600.3654] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2009-08-05 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 32B1A971183EC22DD91EEDA61C499E7C . 2023936 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntkrnlpa.exe
[-] 2009-08-04 . 4301C4619526334E13C00210E0CC372B . 2020864 . . [5.1.2600.3610] . . c:\windows\$NtUninstallKB977165_0$\ntkrnlpa.exe
[-] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[-] 2009-02-06 . 65D4220799E6FC2CB079070A6393CC0E . 2023936 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2009-02-06 . 243223E3FB74B68DFFBB41989F33DFB3 . 2020864 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB971486_0$\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . 501FDE895F35DF1DAE49FD54BBF9D396 . 2020864 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572_0$\ntkrnlpa.exe
[-] 2008-04-13 . 7F653A89F6E89E3AE0D49830EECE35D4 . 2023936 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2007-02-28 . 2DFB215E291E3D9B1CF9A6739B3BF16C . 2017280 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe
[-] 2005-10-11 . 0C691ECAD81707D3A7797512AC932C62 . 2015232 . . [5.1.2600.2774] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2005-03-01 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
.
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-04 12:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
.
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
[-] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll
.
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
.
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
.
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2004-08-04 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
.
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2004-08-04 12:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
.
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-04 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
.
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2004-08-04 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
.
[-] 2010-12-09 . A531BBD3DE13121C1380ED7DC99082DB . 2192768 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[-] 2010-12-09 . 60E16152D847D7A7B7D3DA4C4B8E2120 . 2148864 . . [5.1.2600.6055] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2010-04-27 . 466A3E1239F4A9428797730E81A7A865 . 2146304 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe
[-] 2010-04-27 . A2ABBEC40CDB57454645D06B7EBD22F5 . 2190080 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3GDR\ntoskrnl.exe
[-] 2009-12-08 . 9696C553F994340CD6AA5C5A724C3A19 . 2145280 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB981852$\ntoskrnl.exe
[-] 2009-12-08 . A753994B8DE37FA767149DE6704E4886 . 2142720 . . [5.1.2600.3654] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntoskrnl.exe
[-] 2009-08-04 . 78FCC97CD878D4CF5B5D2158A5A7CF92 . 2145280 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[-] 2009-08-04 . C0900759CBDA8FBACC2470EF0E8EB31B . 2142720 . . [5.1.2600.3610] . . c:\windows\$NtUninstallKB977165_0$\ntoskrnl.exe
[-] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[-] 2009-02-06 . 0CBA44D0938D57F334C0862424148B70 . 2145280 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[-] 2009-02-06 . 19A791C5DFE59AA9BB1461C4957004F6 . 2142720 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB971486_0$\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . 60794EA12961B7341AD54C731B50AE15 . 2142720 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572_0$\ntoskrnl.exe
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-04-13 . 40F8880122A030A7E9E1FEDEA833B33D . 2145280 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2007-02-28 . E6679C3023B17D8B78946BC5DF53FA20 . 2137600 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe
[-] 2005-10-12 . C5290E302241594B668A378D89FD903E . 2136064 . . [5.1.2600.2774] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2004-08-04 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
.
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2006-12-19 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
[-] 2006-12-19 . B6763F8534AC547CF1AF98AFDFF2EDC8 . 333824 . . [5.1.2600.3051] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
[-] 2004-08-04 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB927802$\wiaservc.dll
.
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2004-08-04 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll
.
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2006-06-26 . B5D08C96B2DADAF5171FB69E341B272B . 7680 . . [5.1.2600.2938] . . c:\windows\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
[-] 2006-06-26 . 5F098BD2AE6B03044B085DECFFDF91EC . 8192 . . [5.1.2600.2938] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
.
[-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wshtcpip.dll
[-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\wshtcpip.dll
[-] 2004-08-04 . A7F95A53EE055115DF03588997A47D4D . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wshtcpip.dll
.
c:\windows\System32\svchost.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-02 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"Map GRPS"="net use G: \\A100949\GRPS" [X]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2006-07-05 258048]
"000StTHK"="000StTHK.exe" [2001-06-23 24576]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-04-10 159744]
"TOSDCR"="TOSDCR.EXE" [2005-12-13 57344]
"NDSTray.exe"="NDSTray.exe" [BU]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-14 311296]
"TFNF5"="TFNF5.exe" [2006-04-10 622592]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-23 196608]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-04-10 404248]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-12 16125440]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-13 8433664]
"nwiz"="nwiz.exe" [2007-06-13 1626112]
"NVRotateSysTray"="c:\windows\system32\nvsysrot.dll" [2007-06-13 49152]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"TFncKy"="TFncKy.exe" [BU]
"TMERzCtl.EXE"="c:\program files\TOSHIBA\TME3\TMERzCtl.EXE" [2006-04-26 90112]
"TMESRV.EXE"="c:\program files\TOSHIBA\TME3\TMESRV31.EXE" [2005-12-14 126976]
"DpUtil"="c:\program files\TOSHIBA\DualPointUtility\TEDTray.exe" [2005-06-29 155648]
"TPSODDCtl"="TPSODDCtl.exe" [2007-02-02 110592]
"TPSMain"="TPSMain.exe" [2006-07-26 315392]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-05-05 30208]
"IFXSPMGT"="c:\windows\system32\IFXSPMGT.exe" [2006-12-12 661024]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-09-22 136512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"MSCRM"="c:\program files\Microsoft Dynamics CRM\Client\ConfigWizard\CrmForOutlookInstaller.exe" [2010-09-19 58216]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-25 198160]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-02-05 124224]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1318816]
"McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 419904]
"WMTFormatConversion"="c:\program files\Common Files\WMT\WMTFormatConversion.exe" [2012-05-20 52192]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2004-11-01 17:50 8704 ----a-w- c:\windows\system32\PCANotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-05-05 22:48 40448 ----a-w- c:\windows\system32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Afaria Client Generic Scheduler.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Afaria Client Generic Scheduler.lnk
backup=c:\windows\pss\Afaria Client Generic Scheduler.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-17 04:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
2006-07-21 16:00 98304 ----a-r- c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-01-10 20:27 385024 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-02-02 19:48 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-03-25 19:52 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-01-07 20:38 158448 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Sony\\Reader\\Data\\bin\\eBook Library.exe"=
"c:\\Program Files\\Microsoft Dynamics CRM\\Client\\res\\web\\bin\\Microsoft.Crm.Application.Hoster.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"=
"c:\\Desjardins\\Accueil\\accueil.exe"=
"c:\\Desjardins\\RENTE\\MAX.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"\\??\\c:\\WINDOWS\\system32\\winlogon.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 LMIRescue_77e8d014-e780-4195-af98-cc8585ca6a01;LogMeIn Rescue (77e8d014-e780-4195-af98-cc8585ca6a01);c:\windows\LMIC.tmp\LMI_Rescue_srv.exe [x]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [x]
R3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\DRIVERS\mfendisk.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [x]
S1 TMEI3E;TMEI3E;c:\windows\system32\Drivers\TMEI3E.SYS [x]
S2 CrmSqlStartupSvc;CrmSqlStartupSvc;c:\program files\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe [x]
S2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [x]
S2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [x]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 MSSQL$CRM;SQL Server (CRM);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [x]
S2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [x]
S2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\DRIVERS\tdudf.sys [x]
S2 Tmesrv;Tmesrv3;c:\program files\TOSHIBA\TME3\Tmesrv31.exe [x]
S2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\DRIVERS\trudf.sys [x]
S2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [x]
S3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 mfendiskmp;mfendiskmp;c:\windows\system32\DRIVERS\mfendisk.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
PCDRSRVC
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-15 01:57]
.
2012-06-02 c:\windows\Tasks\Afaria.job
- c:\nodesys\MAJ\SFL_ChS_CentresFinanciers.xec [2008-05-30 18:46]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 23:51]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 23:51]
.
2011-04-02 c:\windows\Tasks\Security Platform Backup Schedule.job
- c:\program files\Infineon\Security Platform Software\SpBackupWz.exe [2006-11-13 05:56]
.
2012-08-06 c:\windows\Tasks\User_Feed_Synchronization-{B04F67C6-07AC-4498-B692-D587CE7560AA}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files\TurboTax 2011\ic2011pp.dll
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Afaria Client Event Monitor - c:\program files\afaria\Bin\XCMonitor.exe
HKU-Default-Run-DiamondView - c:\program files\Manulife Financial\Diamond View\Diamondview.exe
HKU-Default-Run-DSF-DFS Updates Installation - c:\nodesys\Maj\ExemajLauncher.exe
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil11g_ActiveX.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-Afaria Client File Differencing - c:\program files\afaria\Bin\XCDiffCache.exe
MSConfigStartUp-Afaria Client Generic Scheduler - c:\program files\afaria\Bin\XCGSTask.exe
MSConfigStartUp-Afaria Client Listener - c:\program files\afaria\Bin\XcListener.exe
MSConfigStartUp-DiamondView - c:\program files\Manulife Financial\Diamond View\Diamondview.exe
MSConfigStartUp-RoxWatchTray - c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
.
.
**************************************************************************
.
disk not found C:\
.
please note that you need administrator rights to perform deep scan
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f9,4e,9b,b2,a7,4d,45,4f,89,d6,75,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f9,4e,9b,b2,a7,4d,45,4f,89,d6,75,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1452)
c:\windows\system32\vrlogon.dll
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll
c:\program files\Protector Suite QL\mysafe.dll
c:\program files\Protector Suite QL\crypto.dll
.
- - - - - - - > 'lsass.exe'(1508)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
.
- - - - - - - > 'explorer.exe'(2464)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\program files\TOSHIBA\TME3\TMEEJMD.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Protector Suite QL\mysafe.dll
c:\program files\Protector Suite QL\infra.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Intel\AMT\atchksrv.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IfxPsdSv.exe
c:\windows\system32\TODDSrv.exe
c:\windows\system32\ZuneBusEnum.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
c:\windows\system32\TFNF5.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
c:\program files\TOSHIBA\TME3\TMEEJME.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\TPSMain.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\Protector Suite QL\psqltray.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Panda USB Vaccine\USBVaccine.exe
c:\program files\Real\RealPlayer\RealPlay.exe
c:\program files\Real\RealPlayer\RealPlay.exe
.
**************************************************************************
.
Completion time: 2012-08-09 11:51:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-09 17:51
.
Pre-Run: 8,608,874,496 bytes free
Post-Run: 8,589,279,232 bytes free
.
- - End Of File - - 194ABD82D110D362DFCF92E1626217D8

Edited by Triskelion, 09 August 2012 - 12:11 PM.

  • 0

#7
CompCav
Posted 09 August 2012 - 12:16 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Download a fresh copy of ComboFix
Copy it onto the infected computer and run it again.
  • 0

#8
Triskelion
Posted 09 August 2012 - 03:52 PM

Triskelion

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 663 posts
Now I can't move combofix from the flash drive to the desktop.
All I can do is make a shortcut to it.
  • 0

#9
CompCav
Posted 09 August 2012 - 03:59 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Try it in safe mode with networking and if it cannot then do this:

OK lets go in outside of windows. We will need to create a CD and additionally use a USB drive

Please print these instruction out so that you know what you are doing

  • Download OTLPENet.exe to your desktop
  • Download Farbar Recovery Scan Tool and save it to a flash drive.
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  • Your system should now display a Reatogo desktop
    Note : as you are running from CD it is not exactly speedy
  • Insert the USB with FRST
  • Locate the flash drive with FRST and double click
  • The tool will start to run.
    Posted Image
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

  • 0

#10
Triskelion
Posted 13 August 2012 - 10:26 AM

Triskelion

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 663 posts
Am I doing this step on the infected computer or my safe one?
I am assuming the safe one...
  • 0

Advertisements

#11
CompCav
Posted 13 August 2012 - 10:42 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Steps 1 through 4 are on the safe one.

Steps 5 to the end are on the infected computer.
  • 0

#12
Triskelion
Posted 14 August 2012 - 01:07 PM

Triskelion

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 663 posts
Here is the FRST.txt log:

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 10-08-2012
Ran by SYSTEM at 14-08-2012 15:03:19
Running from D:\
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet002

========================== Registry (Whitelisted) =============

HKLM\...\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe [258048 2006-07-05] (TOSHIBA Corporation)
HKLM\...\Run: [000StTHK] 000StTHK.exe [x]
HKLM\...\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon [x]
HKLM\...\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [159744 2007-04-09] (TOSHIBA Corporation)
HKLM\...\Run: [TOSDCR] TOSDCR.EXE [x]
HKLM\...\Run: [NDSTray.exe] NDSTray.exe [x]
HKLM\...\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe [311296 2007-04-13] (TOSHIBA Corporation)
HKLM\...\Run: [TFNF5] TFNF5.exe [x]
HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [196608 2004-03-23] (Alps Electric Co., Ltd.)
HKLM\...\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe" [404248 2007-04-10] (Intel Corporation)
HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [8433664 2007-06-13] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect [x]
HKLM\...\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable [49152 2007-06-13] (NVIDIA Corporation)
HKLM\...\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [819200 2007-02-21] (Intel Corporation)
HKLM\...\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless [970752 2007-02-21] (Intel Corporation)
HKLM\...\Run: [TFncKy] TFncKy.exe [x]
HKLM\...\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service [90112 2006-04-26] (TOSHIBA)
HKLM\...\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon [126976 2005-12-14] (TOSHIBA)
HKLM\...\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe [155648 2005-06-28] (TOSHIBA)
HKLM\...\Run: [TPSODDCtl] TPSODDCtl.exe [x]
HKLM\...\Run: [TPSMain] TPSMain.exe [x]
HKLM\...\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe [191552 2007-01-09] (Agere Systems)
HKLM\...\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup [30208 2006-05-05] (UPEK Inc.)
HKLM\...\Run: [IFXSPMGT] C:\WINDOWS\system32\IFXSPMGT.exe /NotifyLogon [661024 2006-12-12] (Infineon Technologies AG)
HKLM\...\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey [136512 2009-09-22] (McAfee, Inc.)
HKLM\...\Run: [Map GRPS] net use G: \\A100949\GRPS /persistent:yes [x]
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [385024 2008-01-10] (Apple Inc.)
HKLM\...\Run: [MSCRM] "c:\Program Files\Microsoft Dynamics CRM\Client\ConfigWizard\CrmForOutlookInstaller.exe" /activateaddin [58216 2010-09-19] ()
HKLM\...\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [198160 2009-03-25] (RealNetworks, Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE [124224 2011-02-04] (McAfee, Inc.)
HKLM\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1318816 2011-11-22] (McAfee, Inc.)
HKLM\...\Run: [McPvTray_exe] "C:\Program Files\McAfee\MAT\McPvTray.exe" [419904 2011-04-08] (McAfee, Inc.)
HKLM\...\Run: [WMTFormatConversion] "C:\Program Files\Common Files\WMT\WMTFormatConversion.exe" /u [52192 2012-05-20] (tttt Corporation)
HKU\admindra\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
HKU\admindra\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-02-02] (Google Inc.)
HKU\Administrator\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
HKU\Administrator\...\CurrentVersion\Windows: [Load]
HKU\admintechno\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
HKU\Default User\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
HKU\Default User\...\CurrentVersion\Windows: [Load]
HKU\LocalService\...\Run: [DiamondView] "C:\Program Files\Manulife Financial\Diamond View\Diamondview.exe" /background [x]
HKU\rhan125205\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-02-02] (Google Inc.)
HKU\rhan125205\...\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t [435096 2008-11-04] (Microsoft Corporation)
HKU\TEMP\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
HKU\TEMP\...\CurrentVersion\Windows: [Load]
Winlogon\Notify\PCANotify: PCANotify.dll (Symantec Corporation)
Winlogon\Notify\psfus: psqlpwd.dll (UPEK Inc.)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
Lsa: [Notification Packages] scecli
psqlpwd
Startup: C:\Documents and Settings\rhan125205\Start Menu\Programs\Startup\PandaUSBVaccine.lnk
ShortcutTarget: PandaUSBVaccine.lnk -> C:\Program Files\Panda USB Vaccine\USBVaccine.exe (Panda Security)

================================ Services (Whitelisted) ==================

2 atchksrv; C:\Program Files\Intel\AMT\atchksrv.exe [183064 2007-04-10] (Intel Corporation)
3 awhost32; C:\Program Files\Symantec\pcAnywhere\awhost32.exe [106496 2004-11-01] (Symantec Corporation)
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
2 IFXSpMgtSrv; C:\WINDOWS\system32\IFXSPMGT.exe [661024 2006-12-12] (Infineon Technologies AG)
2 IFXTCS; C:\WINDOWS\system32\IFXTCS.exe [828960 2006-12-12] (Infineon Technologies AG)
2 McAfeeEngineService; "C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe" [22816 2011-02-04] (McAfee, Inc.)
2 McAfeeFramework; "C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart [103744 2009-09-22] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [361976 2011-10-18] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [166288 2011-12-06] (McAfee, Inc.)
2 McTaskManager; "C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe" [66880 2011-02-04] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [160608 2011-12-06] (McAfee, Inc.)
2 mfevtp; "C:\WINDOWS\system32\mfevtps.exe" [150856 2011-12-06] (McAfee, Inc.)
2 NWCWorkstation; C:\Windows\System32\nwwks.dll [65536 2008-04-13] (Microsoft Corporation)
2 PersonalSecureDriveService; C:\WINDOWS\system32\IfxPsdSv.exe [136736 2006-11-13] (Infineon Technologies AG)
2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [983040 2007-02-21] (Intel Corporation )
3 Sony SCSI Helper Service; "C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe" [73728 2007-10-18] (Sony Corporation)
2 Tmesrv; "C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service [126976 2005-12-14] (TOSHIBA)
2 UNS; C:\Program Files\Intel\AMT\UNS.exe [1489688 2007-04-10] (Intel Corporation)
2 CrmSqlStartupSvc; "c:\Program Files\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe" [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
2 LMIRescue_77e8d014-e780-4195-af98-cc8585ca6a01; "C:\WINDOWS\LMIC.tmp\LMI_Rescue_srv.exe" -service -sid 77e8d014-e780-4195-af98-cc8585ca6a01 [x]
3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [x]
2 McMPFSvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 MSK80Service; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 MSSQL$CRM; "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sCRM [x]
4 MSSQLServerADHelper; "c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe" [x]
2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [x]
4 SQLBrowser; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x]
2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x]
2 ZuneBusEnum; c:\WINDOWS\system32\ZuneBusEnum.exe [x]
3 ZuneNetworkSvc; "c:\Program Files\Zune\ZuneNss.exe" [x]
3 ZuneWlanCfgSvc; c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [x]

========================== Drivers (Whitelisted) =============

2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21425 2008-01-24] (Meetinghouse Data Communications)
1 AFD; C:\Windows\System32\drivers\afd.sys [138496 2008-10-16] ()
1 awecho; C:\Windows\System32\drivers\awechomd.sys [8368 2004-03-05] (Symantec Corporation)
1 awlegacy; C:\Windows\System32\Drivers\awlegacy.sys [11165 2003-11-17] (Symantec Corporation)
1 AW_HOST; C:\Windows\System32\drivers\aw_host5.sys [16984 2003-10-23] (Symantec Corporation)
3 cfwids; C:\Windows\System32\drivers\cfwids.sys [57600 2011-10-15] (McAfee, Inc.)
2 FdRedir; \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [13568 2006-05-05] (UPEK Inc.)
2 FileDisk2; \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys [33024 2006-05-05] (UPEK Inc.)
0 Gernuwa; C:\Windows\System32\Drivers\Gernuwa.sys [13898 2003-04-21] (Symantec Corporation)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)
3 IFXTPM; C:\Windows\System32\DRIVERS\IFXTPM.SYS [36608 2006-09-19] (Infineon Technologies AG)
0 McPvDrv; C:\Windows\System32\drivers\McPvDrv.sys [64048 2011-04-11] (McAfee, Inc.)
3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121256 2011-10-15] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [180816 2011-10-15] (McAfee, Inc.)
3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [59456 2011-10-15] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [338176 2011-10-15] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [464176 2011-10-15] (McAfee, Inc.)
3 mfendisk; C:\Windows\System32\DRIVERS\mfendisk.sys [83856 2011-10-15] (McAfee, Inc.)
3 mfendiskmp; C:\Windows\System32\DRIVERS\mfendisk.sys [83856 2011-10-15] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [87656 2011-10-15] (McAfee, Inc.)
0 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [65960 2011-02-04] (McAfee, Inc.)
2 MLPTDR_Q; \??\C:\WINDOWS\system32\MLPTDR_Q.sys [18848 2003-07-23] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)
2 Netdevio; C:\Windows\System32\DRIVERS\netdevio.sys [12032 2003-01-29] (TOSHIBA Corporation.)
3 NETw4x32; C:\Windows\System32\DRIVERS\NETw4x32.sys [2203520 2007-02-24] (Intel Corporation)
3 NWRDR; C:\Windows\System32\DRIVERS\nwrdr.sys [163584 2008-04-13] (Microsoft Corporation)
1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [39080 2006-12-12] (Infineon Technologies AG)
3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [12416 2007-02-21] (Intel Corporation)
2 smihlp; \??\C:\Program Files\Protector Suite QL\smihlp.sys [3456 2006-05-05] (UPEK Inc.)
3 SONYPVU1; C:\Windows\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
3 SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS [104144 2008-05-30] (Symantec Corporation)
3 TBiosDrv; \??\C:\WINDOWS\system32\Drivers\Tbiosdrv.sys [6528 2002-01-24] ()
2 tdudf; C:\Windows\System32\DRIVERS\tdudf.sys [105856 2007-03-26] (TOSHIBA Corporation)
1 TMEI3E; C:\Windows\System32\Drivers\TMEI3E.SYS [5888 2004-06-16] (Toshiba Corporation)
2 trudf; C:\Windows\System32\DRIVERS\trudf.sys [134016 2007-02-19] (TOSHIBA Corporation)
3 TrueSight; \??\c:\windows\system32\drivers\TrueSight.sys [14080 2012-08-09] ()
2 zumbus; C:\Windows\System32\DRIVERS\zumbus.sys [40832 2010-01-07] (Microsoft Corporation)
4 Abiosdsk; [x]
4 abp480n5; [x]
4 adpu160m; [x]
4 Aha154x; [x]
4 aic78u2; [x]
4 aic78xx; [x]
4 AliIde; [x]
4 amsint; [x]
4 asc; [x]
4 asc3350p; [x]
4 asc3550; [x]
4 Atdisk; [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
4 cd20xrnt; [x]
1 Changer; [x]
4 CmdIde; [x]
4 Cpqarray; [x]
4 dac2w2k; [x]
4 dac960nt; [x]
4 dpti2o; [x]
4 hpn; [x]
1 i2omgmt; [x]
4 i2omp; [x]
4 ini910u; [x]
4 IntelIde; [x]
1 lbrtfdc; [x]
1 mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [x]
4 mraid35x; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 perc2; [x]
4 perc2hib; [x]
4 ql1080; [x]
4 Ql10wnt; [x]
4 ql12160; [x]
4 ql1240; [x]
4 ql1280; [x]
3 RimUsb; C:\Windows\System32\Drivers\RimUsb.sys [x]
4 Simbad; [x]
4 Sparrow; [x]
4 symc810; [x]
4 symc8xx; [x]
4 sym_hi; [x]
4 sym_u3; [x]
4 TosIde; [x]
3 Tosrfcom; [x]
4 ultra; [x]
4 ViaIde; [x]
3 WDICA; [x]

========================== NetSvcs (Whitelisted) ===========

NETSVC: PCDRSRVC -> No Registry Path.

============ One Month Created Files and Folders ==============

2012-08-14 15:02 - 2012-08-14 15:02 - 00000000 ____D C:\FRST
2012-08-09 22:08 - 2012-08-09 22:08 - 00000000 ___AD C:\Documents and Settings\rhan125205\My Documents\docs over2012
2012-08-09 21:32 - 2012-08-09 21:32 - 00054156 ___AH C:\Windows\QTFont.qfn
2012-08-09 21:32 - 2012-08-09 21:32 - 00001409 ____A C:\Windows\QTFont.for
2012-08-09 17:46 - 2012-08-09 17:46 - 00000000 ___SD C:\ComboFix
2012-08-09 13:51 - 2012-08-09 13:51 - 00085020 ____A C:\ComboFix.txt
2012-08-09 13:08 - 2012-08-09 13:39 - 00008192 ___AH C:\Windows\System32\config\SECURITY.tmp.LOG
2012-08-09 13:08 - 2012-08-09 13:08 - 00000000 ___AH C:\Windows\System32\config\system.tmp.LOG
2012-08-09 13:08 - 2012-08-09 13:08 - 00000000 ___AH C:\Windows\System32\config\software.tmp.LOG
2012-08-09 13:08 - 2012-08-09 13:08 - 00000000 ___AH C:\Windows\System32\config\SAM.tmp.LOG
2012-08-09 13:08 - 2012-08-09 13:08 - 00000000 ___AH C:\Windows\System32\config\default.tmp.LOG
2012-08-09 13:08 - 2008-10-16 10:43 - 00138496 ____A C:\Windows\System32\Drivers\afd.svs
2012-08-09 13:01 - 2012-08-09 17:45 - 00000000 ____D C:\Qoobox
2012-08-09 13:01 - 2012-08-09 13:47 - 00000000 ____D C:\Windows\erdnt
2012-08-09 13:01 - 2011-06-26 02:45 - 00256000 ____A C:\Windows\PEV.exe
2012-08-09 13:01 - 2010-11-07 13:20 - 00208896 ____A C:\Windows\MBR.exe
2012-08-09 13:01 - 2009-04-20 00:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-08-09 13:01 - 2000-08-30 20:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-08-09 13:01 - 2000-08-30 20:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-08-09 13:01 - 2000-08-30 20:00 - 00212480 ____A (SteelWerX) C:\Windows\SWXCACLS.exe
2012-08-09 13:01 - 2000-08-30 20:00 - 00098816 ____A C:\Windows\sed.exe
2012-08-09 13:01 - 2000-08-30 20:00 - 00080412 ____A C:\Windows\grep.exe
2012-08-09 13:01 - 2000-08-30 20:00 - 00068096 ____A C:\Windows\zip.exe
2012-08-09 00:59 - 2012-08-09 00:59 - 00000000 ____D C:\_OTL
2012-08-09 00:55 - 2012-08-09 00:55 - 00001397 ____A C:\Documents and Settings\rhan125205\Desktop\RKreport[3].txt
2012-08-09 00:45 - 2012-08-09 00:45 - 00077238 ____A C:\Documents and Settings\rhan125205\Desktop\RKreport[2].txt
2012-08-09 00:43 - 2012-08-09 00:43 - 00074777 ____A C:\Documents and Settings\rhan125205\Desktop\RKreport[1].txt
2012-08-09 00:42 - 2012-08-09 00:44 - 00000000 ____D C:\Documents and Settings\rhan125205\Desktop\RK_Quarantine
2012-08-09 00:42 - 2012-08-09 00:42 - 00014080 ____A C:\Windows\System32\Drivers\TrueSight.sys
2012-08-09 00:42 - 2012-08-09 00:30 - 01552896 ____A C:\Documents and Settings\rhan125205\Desktop\RogueKiller.exe
2012-08-09 00:41 - 2012-08-09 00:41 - 00000000 ____D C:\Documents and Settings\rhan125205\Desktop\G2G Tools
2012-08-09 00:41 - 2012-08-09 00:41 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Panda Security
2012-08-09 00:40 - 2012-08-09 17:53 - 00000000 ____D C:\Program Files\Panda USB Vaccine
2012-08-09 00:40 - 2012-08-09 00:40 - 00000000 ____D C:\Documents and Settings\rhan125205\Desktop\USBVaccine
2012-08-06 19:28 - 2012-08-06 19:28 - 00065984 ____A C:\Documents and Settings\rhan125205\Desktop\Extras.Txt
2012-08-06 19:27 - 2012-08-06 19:27 - 00240804 ____A C:\Documents and Settings\rhan125205\Desktop\OTL.Txt
2012-08-06 18:57 - 2012-08-06 18:22 - 00596480 ____A (OldTimer Tools) C:\Documents and Settings\rhan125205\Desktop\OTL.exe

============ 3 Months Modified Files ========================

2012-08-14 14:10 - 2007-04-22 16:20 - 00000178 __ASH C:\Documents and Settings\NetworkService\ntuser.ini
2012-08-14 14:10 - 2007-04-22 16:20 - 00000178 __ASH C:\Documents and Settings\LocalService\ntuser.ini
2012-08-14 14:10 - 2007-04-22 16:20 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-08-14 14:10 - 2007-04-22 16:20 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-08-14 14:10 - 2007-04-22 16:15 - 01836476 ____A C:\Windows\WindowsUpdate.log
2012-08-14 14:10 - 2007-04-22 15:44 - 00001158 ____A C:\Windows\System32\wpa.dbl
2012-08-09 22:12 - 2007-04-23 14:16 - 00065536 ____A C:\Windows\System32\config\ODiag.evt
2012-08-09 22:10 - 2008-11-27 16:15 - 00079872 ____A C:\Documents and Settings\rhan125205\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-09 21:32 - 2012-08-09 21:32 - 00054156 ___AH C:\Windows\QTFont.qfn
2012-08-09 21:32 - 2012-08-09 21:32 - 00001409 ____A C:\Windows\QTFont.for
2012-08-09 20:47 - 2008-05-30 11:38 - 00000062 __ASH C:\Documents and Settings\rhan125205\Local Settings\desktop.ini
2012-08-09 17:40 - 2008-05-30 11:38 - 00000278 ___SH C:\Documents and Settings\rhan125205\ntuser.ini
2012-08-09 13:51 - 2012-08-09 13:51 - 00085020 ____A C:\ComboFix.txt
2012-08-09 13:43 - 2007-04-22 15:44 - 00000227 ____A C:\Windows\system.ini
2012-08-09 13:40 - 2007-04-22 09:11 - 50622464 ____A C:\Windows\System32\config\software.bak
2012-08-09 13:40 - 2007-04-22 09:11 - 10747904 ____A C:\Windows\System32\config\system.bak
2012-08-09 13:40 - 2007-04-22 09:11 - 02457600 ____A C:\Windows\System32\config\default.bak
2012-08-09 13:40 - 2007-04-22 09:11 - 00069632 ____A C:\Windows\System32\config\SECURITY.bak
2012-08-09 13:40 - 2007-04-22 09:11 - 00036864 ____A C:\Windows\System32\config\SAM.bak
2012-08-09 13:39 - 2012-08-09 13:08 - 00008192 ___AH C:\Windows\System32\config\SECURITY.tmp.LOG
2012-08-09 13:08 - 2012-08-09 13:08 - 00000000 ___AH C:\Windows\System32\config\system.tmp.LOG
2012-08-09 13:08 - 2012-08-09 13:08 - 00000000 ___AH C:\Windows\System32\config\software.tmp.LOG
2012-08-09 13:08 - 2012-08-09 13:08 - 00000000 ___AH C:\Windows\System32\config\SAM.tmp.LOG
2012-08-09 13:08 - 2012-08-09 13:08 - 00000000 ___AH C:\Windows\System32\config\default.tmp.LOG
2012-08-09 00:55 - 2012-08-09 00:55 - 00001397 ____A C:\Documents and Settings\rhan125205\Desktop\RKreport[3].txt
2012-08-09 00:45 - 2012-08-09 00:45 - 00077238 ____A C:\Documents and Settings\rhan125205\Desktop\RKreport[2].txt
2012-08-09 00:43 - 2012-08-09 00:43 - 00074777 ____A C:\Documents and Settings\rhan125205\Desktop\RKreport[1].txt
2012-08-09 00:42 - 2012-08-09 00:42 - 00014080 ____A C:\Windows\System32\Drivers\TrueSight.sys
2012-08-09 00:30 - 2012-08-09 00:42 - 01552896 ____A C:\Documents and Settings\rhan125205\Desktop\RogueKiller.exe
2012-08-07 12:19 - 2007-04-22 16:20 - 00032636 ____A C:\Windows\SchedLgU.Txt
2012-08-07 12:19 - 2007-04-22 16:20 - 00000006 ____A C:\Windows\Tasks\SA.DAT
2012-08-07 12:19 - 2007-04-22 09:13 - 00000216 ____A C:\Windows\wiadebug.log
2012-08-07 12:19 - 2007-04-22 09:13 - 00000048 ____A C:\Windows\wiaservc.log
2012-08-06 19:28 - 2012-08-06 19:28 - 00065984 ____A C:\Documents and Settings\rhan125205\Desktop\Extras.Txt
2012-08-06 19:27 - 2012-08-06 19:27 - 00240804 ____A C:\Documents and Settings\rhan125205\Desktop\OTL.Txt
2012-08-06 19:12 - 2007-04-22 09:12 - 00703932 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-06 19:03 - 2011-10-14 20:20 - 00000432 ____A C:\Windows\Tasks\User_Feed_Synchronization-{B04F67C6-07AC-4498-B692-D587CE7560AA}.job
2012-08-06 19:00 - 2010-02-05 19:52 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-06 18:40 - 2007-04-22 09:11 - 00233702 ____A C:\Windows\setupact.log
2012-08-06 18:25 - 2010-02-05 19:52 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-06 18:22 - 2012-08-06 18:57 - 00596480 ____A (OldTimer Tools) C:\Documents and Settings\rhan125205\Desktop\OTL.exe
2012-07-07 16:09 - 2012-06-14 21:57 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-24 14:29 - 2009-05-08 16:57 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
2012-06-14 21:57 - 2012-06-14 21:36 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-06-14 21:57 - 2012-03-09 20:29 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-06-03 17:53 - 2007-04-22 16:14 - 00113132 ____A C:\Windows\wmsetup.log
2012-06-02 05:00 - 2008-05-30 11:50 - 00000284 ____A C:\Windows\Tasks\Afaria.job
2012-06-01 19:25 - 2012-05-27 22:41 - 00000859 ____A C:\Documents and Settings\rhan125205\Desktop\Uninstall Security Shield.lnk
2012-06-01 19:25 - 2012-05-27 22:41 - 00000843 ____A C:\Documents and Settings\rhan125205\Desktop\Security Shield.lnk
2012-06-01 19:25 - 2012-05-27 22:41 - 00000049 ____A C:\Documents and Settings\rhan125205\Desktop\Security Shield Support.url
2012-05-27 14:52 - 2012-05-27 14:52 - 00014825 ____A C:\Windows\System32\hs_err_pid3284.log
2012-05-24 16:09 - 2012-05-24 16:09 - 00065536 ____A C:\Windows\Minidump\Mini052412-01.dmp
2012-05-24 16:09 - 2008-01-24 16:28 - 273211392 ____A C:\Windows\MEMORY.DMP
2012-05-19 14:48 - 2012-05-19 14:48 - 00065536 ____A C:\Windows\Minidump\Mini051912-01.dmp

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2012-07-02 18:25 - 036864 _restore{C71AFFA2-F21A-498F-ACF4-982C26B42D5C}\RP999

RP: -> 2012-05-26 15:13 - 036864 _restore{C71AFFA2-F21A-498F-ACF4-982C26B42D5C}\RP998

RP: -> 2012-05-25 15:11 - 036864 _restore{C71AFFA2-F21A-498F-ACF4-982C26B42D5C}\RP997

RP: -> 2012-05-24 14:26 - 036864 _restore{C71AFFA2-F21A-498F-ACF4-982C26B42D5C}\RP996

RP: -> 2012-05-19 15:04 - 036864 _restore{C71AFFA2-F21A-498F-ACF4-982C26B42D5C}\RP995

RP: -> 2012-04-30 19:06 - 036864 _restore{C71AFFA2-F21A-498F-ACF4-982C26B42D5C}\RP994

RP: -> 2012-04-29 13:54 - 036864 _restore{C71AFFA2-F21A-498F-ACF4-982C26B42D5C}\RP993

RP: -> 2012-04-29 13:29 - 036864 _restore{C71AFFA2-F21A-498F-ACF4-982C26B42D5C}\RP992

RP: -> 2012-04-28 18:58 - 036864 _restore{C71AFFA2-F21A-498F-ACF4-982C26B42D5C}\RP991

RP: -> 2012-04-27 17:58 - 036864 _restore{C71AFFA2-F21A-498F-ACF4-982C26B42D5C}\RP990

RP: -> 2012-04-26 16:58 - 036864 _restore{C71AFFA2-F21A-498F-ACF4-982C26B42D5C}\RP989

RP: -> 2012-04-25 15:58 - 036864 _restore{C71AFFA2-F21A-498F-ACF4-982C26B42D5C}\RP988

RP: -> 2012-04-24 14:58 - 036864 _restore{C71AFFA2-F21A-498F-ACF4-982C26B42D5C}\RP987

RP: -> 2012-04-23 13:58 - 036864 _restore{C71AFFA2-F21A-498F-ACF4-982C26B42D5C}\RP986

RP: -> 2012-04-22 13:29 - 036864 _restore{C71AFFA2-F21A-498F-ACF4-982C26B42D5C}\RP985

RP: -> 2012-04-20 23:03 - 036864 _restore{C71AFFA2-F21A-498F-ACF4-982C26B42D5C}\RP984

RP: -> 2012-04-15 16:59 - 036864 _restore{C71AFFA2-F21A-498F-ACF4-982C26B42D5C}\RP983

RP: -> 2012-04-13 22:12 - 036864 _restore{C71AFFA2-F21A-498F-ACF4-982C26B42D5C}\RP982

RP: -> 2012-04-12 20:39 - 036864 _restore{C71AFFA2-F21A-498F-ACF4-982C26B42D5C}\RP981

RP: -> 2012-04-08 17:40 - 036864 _restore{C71AFFA2-F21A-498F-ACF4-982C26B42D5C}\RP980

RP: -> 2012-04-07 16:43 - 036864 _restore{C71AFFA2-F21A-498F-ACF4-982C26B42D5C}\RP979

RP: -> 2012-04-06 15:35 - 036864 _restore{C71AFFA2-F21A-498F-ACF4-982C26B42D5C}\RP978

RP: -> 2012-04-05 04:06 - 036864 _restore{C71AFFA2-F21A-498F-ACF4-982C26B42D5C}\RP977


========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 2014.78 MB
Available physical RAM: 1724.66 MB
Total Pagefile: 1845.68 MB
Available Pagefile: 1773.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 2001.54 MB

======================= Partitions =========================

1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: (SW3A071607A9GA) (Fixed) (Total:107.66 GB) (Free:8.02 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive d: (USB DISK) (Fixed) (Total:0.23 GB) (Free:0.22 GB) FAT
4 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 239 MB 257 KB
Disk 1 Online 112 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 239 MB 257 KB
==================================================================================

Disk: 0
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D USB DISK FAT Partition 239 MB Healthy
==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 108 GB 32 KB
Partition 2 Unknown 4228 MB 108 GB
==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C SW3A071607A NTFS Partition 108 GB Healthy
==================================================================================

Disk: 1
Partition 2
Type : 1C
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 HDDRECOVERY FAT32 Partition 4228 MB Healthy
==================================================================================
======================= End Of Log ==========================
  • 0

#13
CompCav
Posted 14 August 2012 - 01:23 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Step 1.

  • Download a fresh copy of RogueKiller and save it on your USB flash drive alongside FRST.exe.
  • Boot up from the CD again, once it finshes booting run RogueKiller from the USB drive.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
  • Note: If RogueKiller will not run please try it several times, if it still does not run rename it winlogon.com and try it several times.
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on ShortcutsFix

    Posted Image
  • The report has been created on the desktop.

Please post:

All RKreport.txt text files located on your flash drive or on the hard drive.


Step 2.

We need to search for a file while you are still running from the CD:

  • Start FRST and get to this screen:
    Posted Image
  • Type the following into the search box:

svchost.exe

  • Press the Search button.
  • Once it completes, a message will pop up indicating that the search is completed.
  • It will make a log (Search.txt) on the flash drive. Please copy and paste it to your reply.


Step 3.

Please post :

All the RKReport.txt logs from this run
Search.txt
  • 0

#14
Triskelion
Posted 14 August 2012 - 02:56 PM

Triskelion

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 663 posts
RKreport1:

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 ) 32 bits version
Started in : Normal mode
User: SYSTEM [Admin rights]
Mode: Scan -- Date: 08/14/2012 16:45:16

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤
[HJPOL] HKCU\[...]\Policies\Explorer\Explorer : NoSMHelp (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 05e5d2d3291328e91643276c3dc9f6b3
[BSP] 30b44fa83a3a25131c00ee7508ea5e9a : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 513 | Size: 238 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] e52868cf7622caab71a66cc22ebe8ded
[BSP] 83375b27a0b6cce36851a58109a9db5c : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 110242 Mo
1 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 225777510 | Size: 4228 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt


RKreport2:

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 ) 32 bits version
Started in : Normal mode
User: SYSTEM [Admin rights]
Mode: Shortcuts HJfix -- Date: 08/14/2012 17:30:48

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 0 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 57 / Fail 0
Backup: [NOT FOUND]

Drives:
[B:] \Device\RAMDriv -- 0x3 --> Restored
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[X:] \Device\CdRom0 -- 0x5 --> Skipped

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

Search.txt:

Farbar Recovery Scan Tool Version: 10-08-2012
Ran by SYSTEM at 2012-08-14 17:44:55
Running from D:\

================== Search: "svchost.exe" ===================

C:\_OTL\MovedFiles\08082012_225951\C_WINDOWS\system32\svchost.exe
[2007-04-22 15:44] - [2008-04-13 20:12] - 0014336 ____A (Microsoft Corporation) 27c6d03bcdb8cfeb96b716f3d8be3e18

C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2010-09-28 11:50] - [2008-04-13 20:12] - 0014336 ____N (Microsoft Corporation) 27c6d03bcdb8cfeb96b716f3d8be3e18

C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2010-09-28 11:57] - [2004-08-04 08:00] - 0014336 ____C (Microsoft Corporation) 8f078ae4ed187aaabc0a305146de6716

=== End Of Search ===
  • 0

#15
CompCav
Posted 14 August 2012 - 03:16 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Download the enclosed file.
Attached File  fixlist.txt   463bytes   126 downloads
Save it in the USB drive.

Insert the USB drive into the ailing computer. Run FRST as you did before, except that this time around click on the Fix button.

The tool will make a log on the flashdrive (Fixlog.txt) please post it it your reply.

Attempt to boot in Normal Mode. If successful, run Combofix as follows:

Download and Install Combofix

Download a fresh copy of ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Copy ComboFix.exe to your Desktop from the USB flash drive.

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programs being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now


If you cannot run ComboFix in normal mode boot into Safe mode with networking and run it.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP