Smart Internet Protection Virus removal; please help.

View previous topic View next topic Go down

Smart Internet Protection Virus removal; please help.

Post by sanzoneedsahug on Sun 30 Jan 2011, 1:57 pm

I've run anti-spyware and marobytes but still this virus won't leave. Could you please help me? Please and thank you.

OTL logfile created on: 1/29/2011 6:42:36 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Owner\My Documents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

495.00 Mb Total Physical Memory | 98.00 Mb Available Physical Memory | 20.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 39.10 Gb Free Space | 69.97% Space Free | Partition Type: NTFS

Computer Name: SATELLITE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/29 18:41:49 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\OTL.com
PRC - [2011/01/29 01:32:01 | 005,151,232 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\291d76\SI291_302.exe
PRC - [2011/01/13 07:41:38 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/11/11 13:55:56 | 000,057,072 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneBusEnum.exe
PRC - [2010/02/11 10:53:42 | 002,756,488 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/02/11 10:53:39 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/11/23 15:53:58 | 004,781,352 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchUser.exe
PRC - [2009/11/23 15:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchService.exe
PRC - [2009/11/23 15:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe
PRC - [2009/11/23 15:53:56 | 001,823,528 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
PRC - [2009/10/24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/07/24 18:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2008/09/16 11:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2011/01/29 18:41:49 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\OTL.com
MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/11/11 13:57:04 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/11/11 13:57:02 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/11/11 13:55:56 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/11/11 13:55:56 | 000,057,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Zune\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/04/02 15:51:31 | 000,044,576 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/04/02 14:00:19 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/02/11 10:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/02/11 10:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/02/11 10:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/11/23 15:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009/11/23 15:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2009/10/24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/07/24 18:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2008/09/16 11:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2010/05/10 10:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 10:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/11 10:42:34 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/02/11 10:42:13 | 000,162,512 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/02/11 10:39:01 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/02/11 10:38:34 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/02/11 10:38:23 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/02/11 10:38:07 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/05/20 10:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2008/04/13 10:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007/04/11 10:23:32 | 000,035,328 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2007/02/16 10:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2004/08/04 04:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 04:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/09/14 21:16:16 | 000,324,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2003/04/23 10:10:12 | 000,033,335 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wa301a.sys -- ({E2B953A6-195A-44F9-9BA3-3D5F4E32BB55})
DRV - [2002/12/20 13:07:00 | 001,164,576 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25380


[2010/08/04 22:42:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/08/04 22:42:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2011/01/29 18:33:40 | 000,001,777 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 69.10.57.34 [You must be registered and logged in to see this link.]
O1 - Hosts: 69.10.57.34 google.com
O1 - Hosts: 69.10.57.34 google.com.au
O1 - Hosts: 69.10.57.34 [You must be registered and logged in to see this link.]
O1 - Hosts: 69.10.57.34 google.dk
O1 - Hosts: 69.10.57.34 [You must be registered and logged in to see this link.]
O1 - Hosts: 69.10.57.34 google.fr
O1 - Hosts: 69.10.57.34 [You must be registered and logged in to see this link.]
O1 - Hosts: 69.10.57.34 google.ie
O1 - Hosts: 69.10.57.34 [You must be registered and logged in to see this link.]
O1 - Hosts: 69.10.57.34 google.it
O1 - Hosts: 69.10.57.34 [You must be registered and logged in to see this link.]
O1 - Hosts: 69.10.57.34 google.co.jp
O1 - Hosts: 69.10.57.34 [You must be registered and logged in to see this link.]
O1 - Hosts: 69.10.57.34 google.nl
O1 - Hosts: 69.10.57.34 [You must be registered and logged in to see this link.]
O1 - Hosts: 69.10.57.34 google.no
O1 - Hosts: 69.10.57.34 [You must be registered and logged in to see this link.]
O1 - Hosts: 69.10.57.34 google.co.nz
O1 - Hosts: 69.10.57.34 [You must be registered and logged in to see this link.]
O1 - Hosts: 69.10.57.34 google.pl
O1 - Hosts: 69.10.57.34 [You must be registered and logged in to see this link.]
O1 - Hosts: 69.10.57.34 google.se
O1 - Hosts: 69.10.57.34 [You must be registered and logged in to see this link.]
O1 - Hosts: 13 more lines...
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKCU..\Run: [Smart Internet Protection 2011] File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 0 = msseces.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 1 = MSASCui.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 2 = ekrn.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 3 = egui.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 4 = avgnt.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 5 = avcenter.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 6 = avscan.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 7 = avgfrw.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 8 = avgui.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 9 = avgtray.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 10 = avgscanx.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 11 = avgcfgex.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 12 = avgemc.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 13 = avgchsvx.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 14 = avgcmgr.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 15 = avgwdsvc.exe
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll) - C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngr.dll (MusicLab, LLC)
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll) - C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\_avp32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\_avpcc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\_avpm.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\~1.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\~2.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\a.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\aAvgApi.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AAWTray.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\About.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ackwin32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\adaware.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Ad-Aware.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\advxdwin.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AdwarePrj.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\agent.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\agentsvr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\agentw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\alertsvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\alevir.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\alogserv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AlphaAV: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AlphaAV.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AluSchedulerSvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\amon9x.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AntispywarXP2009.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\anti-trojan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Anti-Virus Professional.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\antivirus.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AntiVirus_Pro.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AntivirusPlus: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AntivirusPlus.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AntivirusPro_2010.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AntivirusXP: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AntivirusXP.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\antivirusxppro2009.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ants.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\apimonitor.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\aplica32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\apvxdwin.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\arr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Arrakis3.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashAvast.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashBug.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashChest.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashCnsnt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashDisp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashLogV.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashMaiSv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashPopWz.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashQuick.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashServ.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashSimp2.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashSimpl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashSkPcc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashSkPck.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashUpd.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashWebSv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\aswChLic.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\aswRegSvr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\aswRunDll.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\aswUpdSv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\atcon.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\atguard.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\atro55en.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\atupdater.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\atwatch.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\au.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\aupdate.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\autodown.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\auto-protect.nav80try.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\autotrace.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\autoupdate.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\av360.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avadmin.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AVCare.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avcenter.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avciman.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avconfig.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avconsol.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ave32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AVENGINE.EXE: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgcc32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgchk.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgcmgr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgcsrvx.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgctrl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgdumpx.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgemc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgiproxy.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgnsx.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgnt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgrsx.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgscanx.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgserv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgserv9.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgsrmax.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgtray.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgui.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgupd.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgwdsvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avkpop.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avkserv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avkservice.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avkwctl9.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avltmain.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avmailc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avmcdlg.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avnotify.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avnt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avp32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avpcc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avpdos32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avpm.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avptc32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avpupd.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avsched32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avsynmgr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avupgsvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AVWEBGRD.EXE: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avwin.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avwin95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avwinnt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avwsc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avwupd.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avwupd32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avwupsrv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avxmonitor9x.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avxmonitornt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avxquar.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\b.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\backweb.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bargains.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bd_professional.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bdagent.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bdfvcl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bdfvwiz.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\BDInProcPatch.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bdmcon.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\BDMsnScan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bdreinit.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bdsubwiz.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\BDSurvey.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bdtkexec.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bdwizreg.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\beagle.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\belt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bidef.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bidserver.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bipcp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bipcpevalsetup.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bisp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\blackd.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\blackice.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\blink.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\blss.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bootconf.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bootwarn.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\borg2.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bpc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\brasil.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\brastk.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\brw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bs120.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bspatch.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bundle.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bvt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\c.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cavscan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ccapp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ccevtmgr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ccpxysvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ccSvcHst.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cdp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfd.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfgwiz.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfiadmin.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfiaudit.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfinet.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfinet32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfpconfg.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfplogvw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfpupdat.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Cl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\claw95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\claw95cf.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\clean.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cleaner.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cleaner3.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cleanIELow.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cleanpc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\click.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cmd32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cmdagent.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cmesys.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cmgrdian.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cmon016.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\connectionmonitor.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\control: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cpd.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cpf9x206.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cpfnt206.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\crashrep.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\csc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cssconfg.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cssupdat.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cssurf.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ctrl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cwnb181.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cwntdwmo.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\d.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\datemanager.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dcomx.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\defalert.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\defscangui.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\defwatch.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\deloeminfs.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\deputy.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\divx.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dllcache.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dllreg.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\doors.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dop.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dpf.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dpfsetup.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dpps2.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\driverctrl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\drwatson.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\drweb32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\drwebupw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dssagent.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dvp95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dvp95_0.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ecengine.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\efpeadm.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\egui.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ekrn.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\emsw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ent.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\esafe.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\escanhnt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\escanv95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\espwatch.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ethereal.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\etrustcipe.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\evpn.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\exantivirus-cnet.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\exe.avxw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\expert.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\explore.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fact.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\f-agnt95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fameh32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fast.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fch32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fih32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\findviru.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\firewall.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fixcfg.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fixfp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fnrb32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fprot.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\f-prot.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\f-prot95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fp-win.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fp-win_trial.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\frmwrk32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\frw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsaa.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsav.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsav32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsav530stbyb.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsav530wtbyb.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsav95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsgk32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsm32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsma32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsmb32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\f-stopw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\gator.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\gav.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\gbmenu.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\gbn976rl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\gbpoll.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\generics.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\gmt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\guard.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\guarddog.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\guardgui.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hacktracersetup.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hbinst.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hbsrv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\History.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\homeav2010.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hotactio.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hotpatch.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\htlog.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\htpatch.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hwpe.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hxdl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hxiul.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\iamapp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\iamserv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\iamstats.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ibmasn.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ibmavsp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\icload95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\icloadnt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\icmon.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\icsupp95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\icsuppnt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Identity.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\idle.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\iedll.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\iedriver.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\IEShow.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\iface.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ifw2000.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\inetlnfo.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\infus.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\infwin.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\init.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\init32.exe : Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\install.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\install[1].exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\install[2].exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\install[3].exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\install[4].exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\install[5].exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\intdel.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\intren.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\iomon98.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\istsvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\jammer.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\jdbgmrg.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\jedi.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\JsRcGen.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\kavlite40eng.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\kavpers40eng.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\kavpf.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\kazza.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\keenvalue.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\kerio-pf-213-en-win.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\kerio-wrl-421-en-win.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\kerio-wrp-421-en-win.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\killprocesssetup161.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ldnetmon.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ldpro.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ldpromenu.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ldscan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\licmgr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\livesrv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\lnetinfo.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\loader.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\localnet.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\lockdown.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\lockdown2000.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\lookout.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\lordpe.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\lsetup.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\luall.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\luau.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\lucomserver.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\luinit.exe: Debugger - svchost.exe (Microsoft Corporation)

sanzoneedsahug

Rookie Surfer
Rookie Surfer

Posts : 96
Joined : 2009-08-10
Operating System : XP

View user profile

Back to top Go down

Re: Smart Internet Protection Virus removal; please help.

Post by sanzoneedsahug on Sun 30 Jan 2011, 1:58 pm

O27 - HKLM IFEO\luspt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\MalwareRemoval.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mapisvc32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcagent.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcmnhdlr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcmscsvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcnasvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcproxy.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\McSACore.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcshell.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcshield.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcsysmon.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mctool.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcupdate.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcvsrte.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcvsshld.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\md.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mfin32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mfw2en.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mfweng3.02d30.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mgavrtcl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mgavrte.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mghtml.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mgui.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\minilog.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mmod.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\monitor.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\moolive.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mostat.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mpfagent.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mpfservice.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\MPFSrv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mpftray.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mrflux.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mrt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msa.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msapp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\MSASCui.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msbb.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msblast.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mscache.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msccn32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mscman.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msconfig: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msdm.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msdos.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msfwsvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msiexec16.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mslaugh.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msmgt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\MsMpEng.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msmsgri32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msseces.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mssmmc32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mssys.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msvxd.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mu0311ad.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mwatch.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\n32scanw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nav.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navap.navapsvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navapsvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navapw32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navdx.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navlu32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navnt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navstub.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navw32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navwnt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nc2000.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ncinst4.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ndd32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\neomonitor.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\neowatchlog.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\netarmor.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\netd32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\netinfo.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\netmon.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\netscanpro.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\netspyhunter-1.2.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\netutils.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nisserv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nisum.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nmain.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nod32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\normist.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\norton_internet_secu_3.0_407.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\notstart.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\npf40_tw_98_nt_me_2k.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\npfmessenger.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nprotect.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\npscheck.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\npssvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nsched32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nssys32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nstask32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nsupdate.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ntrtscan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ntvdm.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ntxconfig.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nui.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nupgrade.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nvarch16.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nvc95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nvsvc32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nwinst4.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nwservice.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nwtool16.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\OAcat.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\OAhlp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\OAReg.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\oasrv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\oaui.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\oaview.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\OcHealthMon.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ODSW.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ollydbg.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\OLT.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\onsrvr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\optimize.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ostronet.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\otfix.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\outpost.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\outpostinstall.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\outpostproinstall.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ozn695m5.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\padmin.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\panixk.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\patch.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pav.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pavcl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PavFnSvr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pavproxy.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pavprsrv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pavsched.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pavsrv51.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pavw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PC_Antispyware2010.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pccwin98.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pcfwallicon.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pcip10117_0.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pcscan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pctsAuxs.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pctsGui.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pctsSvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pctsTray.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pdfndr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pdsetup.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PerAvir.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\periscope.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\persfw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\personalguard: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\personalguard.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\perswf.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pf2.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pfwadmin.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pgmonitr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pingscan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\platin.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pop3trap.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\poproxy.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\popscan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\portdetective.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\portmonitor.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\powerscan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ppinupdt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pptbc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ppvstop.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\prizesurfer.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\prmt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\prmvr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\procdump.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\processmonitor.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\procexplorerv1.0.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\programauditor.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\proport.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\protector.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\protectx.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PSANCU.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PSANHost.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PSANToManager.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PsCtrls.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PsImSvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PskSvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pspf.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PSUNMain.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\purge.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\qconsole.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\qh.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\qserver.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Quick Heal.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\QuickHealCleaner.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rapapp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rav7.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rav7win.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rav8win32eng.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ray.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rb32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rcsync.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\realmon.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\reged.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\regedt32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rescue.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rescue32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rrguard.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rscdwld.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rshell.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rtvscan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rtvscn95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rulaunch.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rwg: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rwg.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\SafetyKeeper.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\safeweb.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sahagent.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Save.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\SaveArmor.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\SaveDefense.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\SaveKeep.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\savenow.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sbserv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\scam32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\scan32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\scan95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\scanpm.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\scrscan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\seccenter.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Secure Veteran.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\secureveteran.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Security Center.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\SecurityFighter.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\securitysoldier.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\serv95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\setloadorder.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\setup_flowprotector_us.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\setupvameeval.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sgssfw32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sh.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\shellspyinstall.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\shield.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\shn.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\showbehind.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\signcheck.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\smart.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\smartprotector.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\smc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\smrtdefp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sms.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\smss32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\snetcfg.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\soap.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sofi.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\SoftSafeness.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sperm.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\spf.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sphinx.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\spoler.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\spoolcv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\spoolsv32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\spywarexpguard.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\spyxx.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\srexe.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\srng.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ss3edit.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ssg_4104.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ssgrate.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\st2.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\start.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\stcloader.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\supftrl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\support.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\supporter5.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\svc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\svchostc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\svchosts.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\svshost.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sweep95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sweepnet.sweepsrv.sys.swnetsup.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\symlcsvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\symproxysvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\symtray.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\system.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\system32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\sysupd.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tapinstall.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\taskmgr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\taumon.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tbscan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tca.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tcm.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tds2-98.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tds2-nt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tds-3.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\teekids.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tfak.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tfak5.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tgbob.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\titanin.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\titaninxp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\TPSrv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\trickler.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\trjscan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\trjsetup.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\trojantrap3.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\TrustWarrior.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tsadbot.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tsc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tvmd.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\tvtmd.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\uiscan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\undoboot.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\updat.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\upgrad.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\upgrepl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\utpost.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vbcmserv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vbcons.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vbust.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vbwin9x.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vbwinntw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vcsetup.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vet32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vet95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vettray.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vfsetup.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vir-help.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\virusmdpersonalfirewall.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\VisthAux.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\VisthLic.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\VisthUpd.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vnlan300.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vnpc3000.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vpc32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vpc42.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vpfw30s.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vptray.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vscan40.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vscenu6.02d30.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vsched.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vsecomr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vshwin32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vsisetup.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vsmain.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vsmon.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vsserv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vsstat.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vswin9xe.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vswinntse.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\vswinperse.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\w32dsm89.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\W3asbas.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\w9x.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\watchdog.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\webdav.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\WebProxy.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\webscanx.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\webtrap.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wfindv32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\whoswatchingme.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wimmun32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\win32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\win32us.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winactive.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winav.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\win-bugsfix.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\windll32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\window.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\windows Police Pro.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\windows.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wininetd.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wininitx.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winlogin.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winmain.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winppr32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winrecon.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winservn.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winss.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winssk32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winssnotify.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\WinSSUI.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winstart.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winstart001.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wintsk32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winupdate.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wkufind.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wnad.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wnt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wradmin.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wrctrl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wsbgate.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wscfxas.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wscfxav.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wscfxfw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wsctool.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wupdater.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wupdt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wyvernworksfirewall.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\xp_antispyware.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\xpdeluxe.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\xpf202en.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\zapro.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\zapsetup3001.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\zatutor.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\zonalm2601.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\zonealarm.exe: Debugger - svchost.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2000/01/29 01:59:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2225e964-6ae1-11df-8dd9-00080df91ef4}\Shell\AutoRun\command - "" = G:\PMBP_Win.exe
O33 - MountPoints2\{dcf84c59-d633-11d3-8da5-ab402bec0786}\Shell\AutoRun\command - "" = E:\tgt.exe
O33 - MountPoints2\{dcf84c59-d633-11d3-8da5-ab402bec0786}\Shell\open\Command - "" = E:\tgt.exe
O33 - MountPoints2\{dcf84c5a-d633-11d3-8da5-ab402bec0786}\Shell - "" = AutoRun
O33 - MountPoints2\{dcf84c5a-d633-11d3-8da5-ab402bec0786}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dcf84c5a-d633-11d3-8da5-ab402bec0786}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe ()
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AGRSMMSG - hkey= - key= - C:\WINDOWS\agrsmmsg.exe (Agere Systems)
MsConfig - StartUpReg: Aim - hkey= - key= - C:\Program Files\AIM\aim.exe (AOL Inc.)
MsConfig - StartUpReg: ares - hkey= - key= - C:\Program Files\Ares\Ares.exe (Ares Development Group)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: DATAMNGR - hkey= - key= - C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC)
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
MsConfig - StartUpReg: IMJPMIG8.1 - hkey= - key= - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
MsConfig - StartUpReg: LtMoh - hkey= - key= - C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: PHIME2002A - hkey= - key= - File not found
MsConfig - StartUpReg: PHIME2002ASync - hkey= - key= - File not found
MsConfig - StartUpReg: PMBVolumeWatcher - hkey= - key= - C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: Zune Launcher - hkey= - key= - c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 1

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (75167429533106176)

sanzoneedsahug

Rookie Surfer
Rookie Surfer

Posts : 96
Joined : 2009-08-10
Operating System : XP

View user profile

Back to top Go down

Re: Smart Internet Protection Virus removal; please help.

Post by sanzoneedsahug on Sun 30 Jan 2011, 1:58 pm

========== Files/Folders - Created Within 30 Days ==========

[2011/01/29 18:41:34 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\OTL.com
[2011/01/29 18:30:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/01/29 18:25:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/01/29 18:25:30 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/01/29 18:24:54 | 003,006,368 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Owner\My Documents\ccsetup303.exe
[2011/01/29 17:23:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2011/01/29 17:23:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/01/29 17:23:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\SUPERAntiSpyware
[2011/01/29 17:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/01/29 17:22:37 | 010,325,408 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Owner\My Documents\SUPERAntiSpyware.exe
[2011/01/29 02:44:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Threat Expert
[2011/01/29 02:31:34 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2011/01/29 02:31:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/01/29 02:31:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/01/29 01:32:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\Application Data\Smart Internet Protection 2011
[2011/01/29 01:29:21 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\SIGOIHMP
[2011/01/29 01:28:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\291d76
[2011/01/20 23:16:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/01/20 23:16:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2011/01/20 23:16:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/29 18:41:49 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\OTL.com
[2011/01/29 18:33:52 | 000,001,817 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Internet Protection 2011.lnk
[2011/01/29 18:33:51 | 000,001,797 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Smart Internet Protection 2011.lnk
[2011/01/29 18:33:40 | 000,001,777 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/01/29 18:33:37 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/29 18:33:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/29 18:27:07 | 000,064,834 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20110129_182702.reg
[2011/01/29 18:25:33 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/01/29 18:25:00 | 003,006,368 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Owner\My Documents\ccsetup303.exe
[2011/01/29 18:08:35 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/29 17:23:05 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/29 17:22:41 | 010,325,408 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Owner\My Documents\SUPERAntiSpyware.exe
[2011/01/29 17:20:08 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{93310872-A2E0-4B31-BDAC-E84A12266250}.job
[2011/01/29 03:42:01 | 000,636,674 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/01/29 03:34:15 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/29 02:18:49 | 000,002,150 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/29 18:27:04 | 000,064,834 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20110129_182702.reg
[2011/01/29 18:25:33 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/01/29 18:18:21 | 000,001,797 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Smart Internet Protection 2011.lnk
[2011/01/29 17:23:05 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/29 03:41:58 | 000,636,674 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/01/29 03:35:21 | 000,001,817 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Internet Protection 2011.lnk
[2011/01/29 03:04:54 | 000,001,805 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Smart Internet Protection 2011.lnk
[2011/01/29 02:05:19 | 000,002,150 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2010/08/10 21:02:01 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
[2010/06/28 21:51:45 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/08/04 04:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/04 04:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/04 04:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/04 04:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/04 04:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2000/01/29 02:28:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2000/01/29 02:26:13 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2000/01/29 02:26:12 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2000/01/29 02:26:12 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2000/01/29 02:26:12 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2000/01/28 17:44:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2000/01/29 01:58:33 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 04:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 02:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2010/03/05 13:09:20 | 000,001,546 | -H-- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/05/03 23:06:27 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2000/01/29 02:07:32 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2000/01/29 02:07:31 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2011/01/29 18:25:00 | 003,006,368 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Owner\My Documents\ccsetup303.exe
[2010/03/03 15:04:41 | 156,607,328 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\OOo_3.2.0_Win32Intel_install_wJRE_en-US.exe
[2011/01/29 17:22:41 | 010,325,408 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Owner\My Documents\SUPERAntiSpyware.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >
[2003/09/14 21:16:16 | 000,324,608 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\Driver Cache\ar5211.sys
[2003/09/14 21:16:56 | 000,324,576 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\Driver Cache\ar52119x.sys
[2002/10/31 12:10:40 | 000,034,440 | ---- | M] () -- C:\WINDOWS\Driver Cache\e100b325.cat
[2002/06/13 11:32:00 | 000,005,110 | ---- | M] () -- C:\WINDOWS\Driver Cache\e100b325.din
[2002/10/23 14:02:24 | 000,624,868 | ---- | M] () -- C:\WINDOWS\Driver Cache\e100b325.inf
[2002/09/25 06:09:12 | 000,140,800 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Driver Cache\e100b325.sys
[2002/10/07 18:15:36 | 000,016,384 | ---- | M] () -- C:\WINDOWS\Driver Cache\e100bmsg.dll
[2000/01/29 02:22:10 | 000,004,600 | ---- | M] () -- C:\WINDOWS\Driver Cache\INFCACHE.1
[2001/07/20 06:40:28 | 000,023,040 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Driver Cache\intelnic.dll
[2002/12/03 16:30:08 | 000,378,543 | ---- | M] () -- C:\WINDOWS\Driver Cache\lan.exe
[2003/09/25 16:45:02 | 000,007,894 | ---- | M] () -- C:\WINDOWS\Driver Cache\net5211.cat
[2003/09/17 16:32:48 | 000,017,191 | ---- | M] () -- C:\WINDOWS\Driver Cache\net5211.inf
[2000/01/29 02:22:10 | 000,016,860 | ---- | M] () -- C:\WINDOWS\Driver Cache\net5211.PNF
[2002/10/02 12:49:00 | 000,053,248 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Driver Cache\PROUnstl.exe
[2002/11/15 19:27:44 | 000,000,017 | ---- | M] () -- C:\WINDOWS\Driver Cache\version.txt
[2000/05/03 12:17:52 | 000,272,491 | ---- | M] (Wilson WindowWare, Inc.) -- C:\WINDOWS\Driver Cache\WBDBV32I.DLL

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2000/01/29 02:07:32 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Owner\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2010/11/05 16:26:57 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2000/01/28 17:39:45 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2000/01/28 17:39:45 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2000/01/28 17:39:45 | 000,880,640 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/04 04:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2004/08/04 04:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/08/04 04:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/04 04:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/04 04:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2004/08/04 04:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/04 04:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/04 04:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/04 04:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/04 04:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/04 04:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/04 04:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/04 04:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/04 04:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/04 04:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 10:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/10/26 05:25:00 | 001,853,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 16:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 16:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 16:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 16:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 16:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 16:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 16:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 16:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 16:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 16:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 16:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 16:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 16:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 16:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 16:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 04:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

< %SYSTEMDRIVE%\*.* >
[2010/04/02 14:21:16 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
[2000/01/29 01:59:11 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/12/02 16:06:13 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2000/01/29 01:59:11 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2000/01/29 01:59:11 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/04/10 02:20:42 | 000,000,844 | -H-- | M] () -- C:\IPH.PH
[2011/01/29 17:49:39 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2000/01/29 01:59:11 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/05/03 22:53:41 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/01/29 18:33:20 | 1073,741,824 | -HS- | M] () -- C:\pagefile.sys

< %PROGRAMFILES%\*. >
[2010/04/02 13:56:53 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/04/10 02:20:23 | 000,000,000 | ---D | M] -- C:\Program Files\AIM
[2010/03/03 23:36:10 | 000,000,000 | ---D | M] -- C:\Program Files\AIM Search
[2010/03/03 23:36:50 | 000,000,000 | ---D | M] -- C:\Program Files\AIM Toolbar
[2010/03/03 09:36:18 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2011/01/29 03:22:28 | 000,000,000 | ---D | M] -- C:\Program Files\Amazon
[2000/01/29 02:23:32 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2010/12/02 11:42:32 | 000,000,000 | ---D | M] -- C:\Program Files\Ares
[2011/01/29 18:21:01 | 000,000,000 | ---D | M] -- C:\Program Files\Ask.com
[2011/01/29 03:19:32 | 000,000,000 | ---D | M] -- C:\Program Files\BearShare Applications
[2011/01/29 18:25:34 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2011/01/29 18:33:20 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2000/01/29 01:55:47 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/04/02 17:09:24 | 000,000,000 | ---D | M] -- C:\Program Files\Corel
[2010/03/14 20:40:56 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/03/03 19:38:11 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2000/01/29 02:25:31 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/12/15 13:20:52 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/06/05 07:58:14 | 000,000,000 | ---D | M] -- C:\Program Files\iWin
[2010/03/03 15:11:24 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/03/03 15:12:29 | 000,000,000 | ---D | M] -- C:\Program Files\JRE
[2011/01/29 18:20:19 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2000/01/29 02:26:12 | 000,000,000 | ---D | M] -- C:\Program Files\ltmoh
[2011/01/29 17:49:35 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/03 23:10:28 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/04/09 00:17:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2000/01/29 01:59:25 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/08/18 22:24:19 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/04/02 16:24:03 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/03/05 16:15:19 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2000/01/29 01:54:50 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2010/04/04 02:00:42 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/04/02 16:18:35 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2010/04/02 14:21:03 | 000,000,000 | ---D | M] -- C:\Program Files\MyDSC2
[2010/05/03 22:58:20 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/04/02 15:51:32 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2000/01/29 01:57:23 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/03/03 15:12:27 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2010/12/15 08:26:21 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/04/02 16:23:51 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/05/28 21:07:36 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2011/01/29 18:33:20 | 000,000,000 | ---D | M] -- C:\Program Files\Spyware Doctor
[2011/01/29 17:23:46 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2010/04/02 15:18:16 | 000,000,000 | ---D | M] -- C:\Program Files\Tablet
[2010/04/02 12:39:59 | 000,000,000 | ---D | M] -- C:\Program Files\TabletPlugins
[2000/01/29 02:07:20 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/04/09 00:16:58 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2010/04/09 00:16:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/10/30 19:54:33 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/11/27 17:42:03 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/05/03 22:58:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2000/01/29 01:57:29 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/04/02 15:18:45 | 000,000,000 | ---D | M] -- C:\Program Files\WTouch
[2000/01/29 01:59:25 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2010/12/02 14:04:19 | 000,000,000 | ---D | M] -- C:\Program Files\Zune

< %appdata%\*.* >
[2000/01/28 17:41:36 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini


< MD5 for: AGP440.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/05/03 22:41:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/05/03 22:41:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/05/03 22:41:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/05/03 22:41:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 04:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2010/05/03 22:41:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2010/05/03 22:41:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 04:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 10:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 10:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 10:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 10:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2010/05/03 22:41:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2010/05/03 22:41:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/03 23:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 10:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 10:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-01-19 07:00:28

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

sanzoneedsahug

Rookie Surfer
Rookie Surfer

Posts : 96
Joined : 2009-08-10
Operating System : XP

View user profile

Back to top Go down

Re: Smart Internet Protection Virus removal; please help.

Post by Belahzur on Mon 31 Jan 2011, 11:39 am

Hello.

  • Download combofix from here
    Link 1

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Smart Internet Protection Virus removal; please help.

Post by sanzoneedsahug on Sat 12 Feb 2011, 4:29 pm

Thank you for the promt reply.

I'm sorry this is so late, I managed to catch a cold on the down time. Anyways, here is the log.

ComboFix 11-02-11.01 - Owner 02/11/2011 21:12:19.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.495.239 [GMT -8:00]
Running from: c:\documents and settings\Owner\My Documents\Combo-Fix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Smart Internet Protection 2011 *Enabled/Updated* {DE317748-52B2-4BB1-B4D1-B48E74E0996E}
FW: Smart Internet Protection 2011 *Enabled* {E1E856FE-889E-45D5-8454-8E9F86082803}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Internet Protection 2011.lnk
c:\documents and settings\Owner\Application Data\Smart Internet Protection 2011
c:\documents and settings\Owner\Application Data\Smart Internet Protection 2011\Instructions.ini
c:\documents and settings\Owner\Desktop\Smart Internet Protection 2011.lnk
c:\documents and settings\Owner\Recent\ANTIGEN.dll
c:\documents and settings\Owner\Recent\ANTIGEN.drv
c:\documents and settings\Owner\Recent\ANTIGEN.exe
c:\documents and settings\Owner\Recent\ANTIGEN.sys
c:\documents and settings\Owner\Recent\ANTIGEN.tmp
c:\documents and settings\Owner\Recent\cb.dll
c:\documents and settings\Owner\Recent\cb.drv
c:\documents and settings\Owner\Recent\cb.sys
c:\documents and settings\Owner\Recent\cb.tmp
c:\documents and settings\Owner\Recent\cid.dll
c:\documents and settings\Owner\Recent\cid.exe
c:\documents and settings\Owner\Recent\cid.sys
c:\documents and settings\Owner\Recent\cid.tmp
c:\documents and settings\Owner\Recent\CLSV.dll
c:\documents and settings\Owner\Recent\CLSV.drv
c:\documents and settings\Owner\Recent\CLSV.exe
c:\documents and settings\Owner\Recent\CLSV.sys
c:\documents and settings\Owner\Recent\CLSV.tmp
c:\documents and settings\Owner\Recent\DBOLE.dll
c:\documents and settings\Owner\Recent\DBOLE.drv
c:\documents and settings\Owner\Recent\DBOLE.sys
c:\documents and settings\Owner\Recent\DBOLE.tmp
c:\documents and settings\Owner\Recent\ddv.dll
c:\documents and settings\Owner\Recent\ddv.drv
c:\documents and settings\Owner\Recent\ddv.exe
c:\documents and settings\Owner\Recent\ddv.sys
c:\documents and settings\Owner\Recent\ddv.tmp
c:\documents and settings\Owner\Recent\delfile.drv
c:\documents and settings\Owner\Recent\delfile.sys
c:\documents and settings\Owner\Recent\dudl.dll
c:\documents and settings\Owner\Recent\dudl.tmp
c:\documents and settings\Owner\Recent\eb.dll
c:\documents and settings\Owner\Recent\eb.drv
c:\documents and settings\Owner\Recent\eb.exe
c:\documents and settings\Owner\Recent\eb.sys
c:\documents and settings\Owner\Recent\eb.tmp
c:\documents and settings\Owner\Recent\energy.dll
c:\documents and settings\Owner\Recent\energy.drv
c:\documents and settings\Owner\Recent\energy.exe
c:\documents and settings\Owner\Recent\energy.sys
c:\documents and settings\Owner\Recent\energy.tmp
c:\documents and settings\Owner\Recent\exec.dll
c:\documents and settings\Owner\Recent\exec.drv
c:\documents and settings\Owner\Recent\exec.exe
c:\documents and settings\Owner\Recent\exec.sys
c:\documents and settings\Owner\Recent\exec.tmp
c:\documents and settings\Owner\Recent\fan.dll
c:\documents and settings\Owner\Recent\fan.drv
c:\documents and settings\Owner\Recent\fan.tmp
c:\documents and settings\Owner\Recent\fix.dll
c:\documents and settings\Owner\Recent\fix.drv
c:\documents and settings\Owner\Recent\fix.sys
c:\documents and settings\Owner\Recent\FS.dll
c:\documents and settings\Owner\Recent\FS.drv
c:\documents and settings\Owner\Recent\FS.exe
c:\documents and settings\Owner\Recent\FS.tmp
c:\documents and settings\Owner\Recent\FW.drv
c:\documents and settings\Owner\Recent\FW.exe
c:\documents and settings\Owner\Recent\FW.sys
c:\documents and settings\Owner\Recent\FW.tmp
c:\documents and settings\Owner\Recent\gid.dll
c:\documents and settings\Owner\Recent\gid.drv
c:\documents and settings\Owner\Recent\gid.tmp
c:\documents and settings\Owner\Recent\grid.dll
c:\documents and settings\Owner\Recent\grid.drv
c:\documents and settings\Owner\Recent\grid.tmp
c:\documents and settings\Owner\Recent\hymt.exe
c:\documents and settings\Owner\Recent\hymt.sys
c:\documents and settings\Owner\Recent\hymt.tmp
c:\documents and settings\Owner\Recent\kernel32.dll
c:\documents and settings\Owner\Recent\kernel32.drv
c:\documents and settings\Owner\Recent\kernel32.exe
c:\documents and settings\Owner\Recent\kernel32.sys
c:\documents and settings\Owner\Recent\kernel32.tmp
c:\documents and settings\Owner\Recent\pal.exe
c:\documents and settings\Owner\Recent\pal.sys
c:\documents and settings\Owner\Recent\pal.tmp
c:\documents and settings\Owner\Recent\PE.dll
c:\documents and settings\Owner\Recent\PE.drv
c:\documents and settings\Owner\Recent\PE.exe
c:\documents and settings\Owner\Recent\PE.sys
c:\documents and settings\Owner\Recent\PE.tmp
c:\documents and settings\Owner\Recent\ppal.dll
c:\documents and settings\Owner\Recent\ppal.drv
c:\documents and settings\Owner\Recent\ppal.exe
c:\documents and settings\Owner\Recent\ppal.sys
c:\documents and settings\Owner\Recent\ppal.tmp
c:\documents and settings\Owner\Recent\runddl.dll
c:\documents and settings\Owner\Recent\runddl.drv
c:\documents and settings\Owner\Recent\runddl.tmp
c:\documents and settings\Owner\Recent\runddlkey.exe
c:\documents and settings\Owner\Recent\runddlkey.sys
c:\documents and settings\Owner\Recent\runddlkey.tmp
c:\documents and settings\Owner\Recent\SICKBOY.exe
c:\documents and settings\Owner\Recent\SICKBOY.sys
c:\documents and settings\Owner\Recent\SICKBOY.tmp
c:\documents and settings\Owner\Recent\sld.drv
c:\documents and settings\Owner\Recent\sld.exe
c:\documents and settings\Owner\Recent\sld.sys
c:\documents and settings\Owner\Recent\sld.tmp
c:\documents and settings\Owner\Recent\SM.drv
c:\documents and settings\Owner\Recent\SM.exe
c:\documents and settings\Owner\Recent\SM.sys
c:\documents and settings\Owner\Recent\SM.tmp
c:\documents and settings\Owner\Recent\snl2w.drv
c:\documents and settings\Owner\Recent\snl2w.exe
c:\documents and settings\Owner\Recent\snl2w.sys
c:\documents and settings\Owner\Recent\snl2w.tmp
c:\documents and settings\Owner\Recent\std.dll
c:\documents and settings\Owner\Recent\std.drv
c:\documents and settings\Owner\Recent\std.sys
c:\documents and settings\Owner\Recent\tempdoc.drv
c:\documents and settings\Owner\Recent\tempdoc.exe
c:\documents and settings\Owner\Recent\tempdoc.sys
c:\documents and settings\Owner\Recent\tempdoc.tmp
c:\documents and settings\Owner\Recent\tjd.dll
c:\documents and settings\Owner\Recent\tjd.drv
c:\documents and settings\Owner\Recent\tjd.exe
c:\documents and settings\Owner\Recent\tjd.sys
c:\documents and settings\Owner\Recent\tjd.tmp
c:\documents and settings\Owner\Start Menu\Programs\Smart Internet Protection 2011.lnk
c:\documents and settings\Owner\Start Menu\Smart Internet Protection 2011.lnk

.
((((((((((((((((((((((((( Files Created from 2011-01-12 to 2011-02-12 )))))))))))))))))))))))))))))))
.

2011-01-30 03:06 . 2011-01-30 03:06 -------- d-----w- c:\program files\ESET
2011-01-30 02:25 . 2011-01-30 02:25 -------- d-----w- c:\program files\CCleaner
2011-01-30 01:23 . 2011-01-30 01:23 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2011-01-30 01:23 . 2011-01-30 01:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-01-30 01:22 . 2011-01-30 01:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-29 10:44 . 2011-01-29 10:44 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Threat Expert
2011-01-29 10:31 . 2011-01-30 02:33 -------- d-----w- c:\program files\Spyware Doctor
2011-01-29 10:31 . 2011-01-30 02:22 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-01-29 10:31 . 2011-01-30 02:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-01-29 09:29 . 2011-01-29 09:29 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SIGOIHMP
2011-01-29 09:28 . 2011-01-29 09:32 -------- d-sh--w- c:\documents and settings\All Users\Application Data\291d76
2011-01-21 07:16 . 2011-01-21 07:16 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-01-21 07:16 . 2011-01-29 11:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2000-01-29 09:56 81920 ----a-w- c:\windows\system32\isign32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
2009-12-20 09:51 87480 ----a-w- c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2010-10-19 12:53 585136 ----a-w- c:\progra~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll" [2009-12-20 87480]

[HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-14 39408]
"Smart Internet Protection 2011"="c:\documents and settings\All Users\Application Data\291d76\SI291_302.exe" [2011-01-29 5151232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"0"= msseces.exe
"1"= MSASCui.exe
"2"= ekrn.exe
"3"= egui.exe
"4"= avgnt.exe
"5"= avcenter.exe
"6"= avscan.exe
"7"= avgfrw.exe
"8"= avgui.exe
"9"= avgtray.exe
"10"= avgscanx.exe
"11"= avgcfgex.exe
"12"= avgemc.exe
"13"= avgchsvx.exe
"14"= avgcmgr.exe
"15"= avgwdsvc.exe

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aAvgApi.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AAWTray.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\About.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ackwin32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Ad-Aware.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\adaware.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\advxdwin.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AdwarePrj.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\agent.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\agentsvr.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\agentw.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\alertsvc.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\alevir.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\alogserv.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AlphaAV]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AlphaAV.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AluSchedulerSvc.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\amon9x.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\anti-trojan.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Anti-Virus Professional.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AntispywarXP2009.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\antivirus.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AntivirusPlus]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AntivirusPlus.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AntivirusPro_2010.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AntivirusXP]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AntivirusXP.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\antivirusxppro2009.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AntiVirus_Pro.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ants.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\apimonitor.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aplica32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\apvxdwin.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\arr.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Arrakis3.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashAvast.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashBug.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashChest.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashCnsnt.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashDisp.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashLogV.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashMaiSv.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashPopWz.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashQuick.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashServ.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashSimp2.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashSimpl.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashSkPcc.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashSkPck.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashUpd.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashWebSv.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswChLic.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswRegSvr.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswRunDll.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswUpdSv.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\atcon.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\atguard.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\atro55en.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\atupdater.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\atwatch.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\au.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aupdate.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\auto-protect.nav80try.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autodown.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autotrace.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autoupdate.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\av360.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avadmin.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVCare.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avcenter.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avciman.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avconfig.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avconsol.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ave32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVENGINE.EXE]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgcc32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgchk.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgcmgr.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgcsrvx.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgctrl.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgdumpx.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgemc.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgiproxy.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgnsx.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgnt.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgrsx.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgscanx.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgserv.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgserv9.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgsrmax.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgtray.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgui.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgupd.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgw.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgwdsvc.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avkpop.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avkserv.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avkservice.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avkwctl9.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avltmain.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avmailc.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avmcdlg.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avnotify.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avnt.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avp32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avpcc.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avpdos32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avpm.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avptc32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avpupd.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avsched32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avsynmgr.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avupgsvc.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVWEBGRD.EXE]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avwin.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avwin95.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avwinnt.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avwsc.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avwupd.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avwupd32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avwupsrv.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avxmonitor9x.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avxmonitornt.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avxquar.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\b.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\backweb.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bargains.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdagent.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdfvcl.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdfvwiz.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\BDInProcPatch.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdmcon.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\BDMsnScan.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdreinit.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdsubwiz.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\BDSurvey.exe]
"Debugger"=svchost.exe


sanzoneedsahug

Rookie Surfer
Rookie Surfer

Posts : 96
Joined : 2009-08-10
Operating System : XP

View user profile

Back to top Go down

Re: Smart Internet Protection Virus removal; please help.

Post by sanzoneedsahug on Sat 12 Feb 2011, 4:30 pm

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdtkexec.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdwizreg.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bd_professional.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\beagle.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\belt.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bidef.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bidserver.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bipcp.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bipcpevalsetup.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bisp.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\blackd.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\blackice.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\blink.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\blss.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bootconf.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bootwarn.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\borg2.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bpc.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\brasil.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\brastk.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\brw.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bs120.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bspatch.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bundle.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bvt.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\c.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cavscan.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccapp.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccevtmgr.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccpxysvc.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccSvcHst.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cdp.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfd.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfgwiz.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfiadmin.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfiaudit.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfinet.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfinet32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfp.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfpconfg.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfplogvw.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfpupdat.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Cl.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\claw95.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\claw95cf.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\clean.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cleaner.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cleaner3.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cleanIELow.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cleanpc.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\click.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cmd32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cmdagent.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cmesys.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cmgrdian.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cmon016.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\connectionmonitor.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\control]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cpd.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cpf9x206.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cpfnt206.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\crashrep.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\csc.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cssconfg.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cssupdat.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cssurf.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ctrl.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cv.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cwnb181.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cwntdwmo.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\d.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\datemanager.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dcomx.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\defalert.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\defscangui.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\defwatch.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\deloeminfs.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\deputy.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\divx.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dllcache.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dllreg.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\doors.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dop.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dpf.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dpfsetup.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dpps2.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\driverctrl.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwatson.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drweb32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwebupw.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dssagent.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dvp95.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dvp95_0.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ecengine.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\efpeadm.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\egui.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ekrn.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\emsw.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ent.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\esafe.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\escanhnt.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\escanv95.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\espwatch.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ethereal.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\etrustcipe.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\evpn.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\exantivirus-cnet.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\exe.avxw.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\expert.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explore.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\f-agnt95.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\f-prot.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\f-prot95.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\f-stopw.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fact.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fameh32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fast.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fch32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fih32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\findviru.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\firewall.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fixcfg.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fixfp.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fnrb32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fp-win.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fp-win_trial.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fprot.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\frmwrk32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\frw.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsaa.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav530stbyb.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav530wtbyb.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav95.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsgk32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsm32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsma32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsmb32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\gator.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\gav.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\gbmenu.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\gbn976rl.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\gbpoll.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\generics.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\gmt.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guard.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guarddog.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardgui.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hacktracersetup.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hbinst.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hbsrv.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\History.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\homeav2010.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hotactio.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hotpatch.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\htlog.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\htpatch.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hwpe.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hxdl.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hxiul.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iamapp.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iamserv.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iamstats.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ibmasn.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ibmavsp.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\icload95.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\icloadnt.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\icmon.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\icsupp95.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\icsuppnt.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Identity.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\idle.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iedll.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iedriver.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IEShow.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iface.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ifw2000.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\inetlnfo.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\infus.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\infwin.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\init.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\init32.exe ]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\install.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\install[1].exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\install[2].exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\install[3].exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\install[4].exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\install[5].exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\intdel.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\intren.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iomon98.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\istsvc.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jammer.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jdbgmrg.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jedi.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\JsRcGen.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavlite40eng.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavpers40eng.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavpf.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kazza.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\keenvalue.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kerio-pf-213-en-win.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kerio-wrl-421-en-win.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kerio-wrp-421-en-win.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\killprocesssetup161.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ldnetmon.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ldpro.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ldpromenu.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ldscan.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\licmgr.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\livesrv.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lnetinfo.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\loader.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\localnet.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lockdown.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lockdown2000.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lookout.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lordpe.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lsetup.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\luall.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\luau.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lucomserver.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\luinit.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\luspt.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MalwareRemoval.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mapisvc32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcagent.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcmnhdlr.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcmscsvc.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcnasvc.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcproxy.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\McSACore.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcshell.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcshield.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcsysmon.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mctool.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcupdate.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcvsrte.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcvsshld.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\md.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mfin32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mfw2en.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mfweng3.02d30.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mgavrtcl.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mgavrte.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mghtml.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mgui.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\minilog.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mmod.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\monitor.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\moolive.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mostat.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mpfagent.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mpfservice.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MPFSrv.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mpftray.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mrflux.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mrt.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msa.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msapp.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MSASCui.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msbb.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msblast.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscache.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msccn32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscman.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msconfig]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msdm.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msdos.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msfwsvc.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msiexec16.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mslaugh.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msmgt.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MsMpEng.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msmsgri32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msseces.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mssmmc32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mssys.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msvxd.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mu0311ad.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mwatch.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\n32scanw.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nav.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navap.navapsvc.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navapsvc.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navapw32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navdx.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navlu32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navnt.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navstub.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navw32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navwnt.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nc2000.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ncinst4.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ndd32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\neomonitor.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\neowatchlog.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netarmor.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netd32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netinfo.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netmon.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netscanpro.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netspyhunter-1.2.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netutils.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nisserv.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nisum.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nmain.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\normist.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\norton_internet_secu_3.0_407.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\notstart.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\npf40_tw_98_nt_me_2k.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\npfmessenger.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nprotect.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\npscheck.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\npssvc.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nsched32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nssys32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nstask32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nsupdate.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nt.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ntrtscan.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ntvdm.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ntxconfig.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nui.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nupgrade.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nvarch16.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nvc95.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nvsvc32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nwinst4.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nwservice.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nwtool16.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\OAcat.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\OAhlp.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\OAReg.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\oasrv.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\oaui.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\oaview.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\OcHealthMon.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ODSW.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ollydbg.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\OLT.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\onsrvr.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\optimize.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ostronet.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\otfix.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\outpost.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\outpostinstall.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\outpostproinstall.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ozn695m5.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\padmin.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\panixk.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\patch.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pav.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavcl.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PavFnSvr.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavproxy.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavprsrv.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavsched.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavsrv51.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavw.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pc.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pccwin98.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pcfwallicon.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pcip10117_0.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pcscan.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pctsAuxs.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pctsGui.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pctsSvc.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pctsTray.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PC_Antispyware2010.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pdfndr.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pdsetup.exe]
"Debugger"=svchost.exe


sanzoneedsahug

Rookie Surfer
Rookie Surfer

Posts : 96
Joined : 2009-08-10
Operating System : XP

View user profile

Back to top Go down

Re: Smart Internet Protection Virus removal; please help.

Post by sanzoneedsahug on Sat 12 Feb 2011, 4:30 pm

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pdsetup.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PerAvir.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\periscope.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\persfw.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\personalguard]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\personalguard.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\perswf.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pf2.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pfwadmin.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pgmonitr.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pingscan.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\platin.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pop3trap.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\poproxy.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\popscan.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\portdetective.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\portmonitor.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\powerscan.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ppinupdt.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pptbc.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ppvstop.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\prizesurfer.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\prmt.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\prmvr.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\procdump.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\processmonitor.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\procexplorerv1.0.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\programauditor.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\proport.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\protector.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\protectx.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PSANCU.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PSANHost.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PSANToManager.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PsCtrls.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PsImSvc.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PskSvc.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pspf.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PSUNMain.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\purge.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qconsole.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qh.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qserver.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Quick Heal.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QuickHealCleaner.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rapapp.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rav7.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rav7win.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rav8win32eng.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ray.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rb32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rcsync.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\realmon.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\reged.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regedt32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rescue.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rescue32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rrguard.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rscdwld.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rshell.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rtvscan.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rtvscn95.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rulaunch.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rwg]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rwg.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SafetyKeeper.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\safeweb.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sahagent.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Save.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SaveArmor.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SaveDefense.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SaveKeep.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\savenow.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sbserv.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sc.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\scam32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\scan32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\scan95.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\scanpm.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\scrscan.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\seccenter.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Secure Veteran.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\secureveteran.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Security Center.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SecurityFighter.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\securitysoldier.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\serv95.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\setloadorder.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\setupvameeval.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\setup_flowprotector_us.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sgssfw32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sh.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\shellspyinstall.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\shield.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\shn.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\showbehind.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\signcheck.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\smart.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\smartprotector.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\smc.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\smrtdefp.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sms.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\smss32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\snetcfg.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\soap.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sofi.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SoftSafeness.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sperm.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\spf.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sphinx.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\spoler.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\spoolcv.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\spoolsv32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\spywarexpguard.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\spyxx.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\srexe.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\srng.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ss3edit.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ssgrate.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ssg_4104.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\st2.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\start.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\stcloader.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\supftrl.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\support.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\supporter5.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\svc.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\svchostc.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\svchosts.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\svshost.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sweep95.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sweepnet.sweepsrv.sys.swnetsup.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\symlcsvc.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\symproxysvc.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\symtray.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\system.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\system32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sysupd.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tapinstall.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taumon.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tbscan.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tc.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tca.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tcm.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tds-3.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tds2-98.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tds2-nt.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\teekids.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tfak.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tfak5.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tgbob.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\titanin.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\titaninxp.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TPSrv.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\trickler.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\trjscan.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\trjsetup.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\trojantrap3.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrustWarrior.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tsadbot.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tsc.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tvmd.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tvtmd.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\uiscan.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\undoboot.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\updat.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\upgrad.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\upgrepl.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\utpost.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbcmserv.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbcons.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbust.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbwin9x.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbwinntw.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vcsetup.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vet32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vet95.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vettray.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vfsetup.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vir-help.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\virusmdpersonalfirewall.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VisthAux.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VisthLic.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VisthUpd.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vnlan300.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vnpc3000.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vpc32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vpc42.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vpfw30s.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vptray.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vscan40.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vscenu6.02d30.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsched.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsecomr.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vshwin32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsisetup.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsmain.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsmon.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsserv.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsstat.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vswin9xe.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vswinntse.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vswinperse.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\w32dsm89.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\W3asbas.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\w9x.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\watchdog.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\webdav.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WebProxy.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\webscanx.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\webtrap.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wfindv32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\whoswatchingme.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wimmun32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\win-bugsfix.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\win32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\win32us.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\winactive.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\winav.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\windll32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\window.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\windows Police Pro.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\windows.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wininetd.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wininitx.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\winlogin.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\winmain.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\winppr32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\winrecon.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\winservn.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\winss.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\winssk32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\winssnotify.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WinSSUI.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\winstart.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\winstart001.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wintsk32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\winupdate.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wkufind.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wnad.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wnt.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wradmin.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wrctrl.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wsbgate.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wscfxas.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wscfxav.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wscfxfw.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wsctool.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wupdater.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wupdt.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wyvernworksfirewall.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xpdeluxe.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xpf202en.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xp_antispyware.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zapro.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zapsetup3001.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zatutor.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zonalm2601.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zonealarm.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\_avp32.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\_avpcc.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\_avpm.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\~1.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\~2.exe]
"Debugger"=svchost.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-04-17 18:40 0 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 09:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2003-04-18 19:20 88363 ----a-w- c:\windows\agrsmmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2010-03-08 21:04 3972440 ----a-w- c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2009-12-06 16:24 954880 ----a-w- c:\program files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2003-04-07 08:07 114688 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2003-04-07 08:19 155648 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 12:00 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
2003-01-03 00:16 172032 ------w- c:\program files\ltmoh\ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 23:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-04 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-04 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMBVolumeWatcher]
2009-10-24 10:18 597792 ----a-w- c:\program files\Sony\PMB\PMBVolumeWatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 23:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-03-14 08:09 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-11-11 21:55 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\291d76\\SI291_302.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/3/2010 9:36 AM 162512]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 10:41 AM 67656]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 11:03 AM 169312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/3/2010 9:36 AM 19024]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [10/24/2009 2:18 AM 360224]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [4/2/2010 12:38 PM 4497704]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [4/2/2010 12:40 PM 113448]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/14/2010 8:41 PM 135664]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [11/11/2010 1:57 PM 268528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2011-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-15 04:40]

2011-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-15 04:40]

2011-02-12 c:\windows\Tasks\User_Feed_Synchronization-{93310872-A2E0-4B31-BDAC-E84A12266250}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 12:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=127.0.0.1:25446
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-_{53A908D4-99C6-469B-BC13-F4189F260742} - c:\program files\Corel\Corel Painter Essentials 4\MSILauncher {53A908D4-99C6-469B-BC13-F4189F260742}



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-02-11 21:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, [You must be registered and logged in to see this link.]
Windows 5.1.2600

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2820)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WTouch\WTouchUser.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Zune\ZuneBusEnum.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
.
**************************************************************************
.
Completion time: 2011-02-11 21:26:45 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-12 05:26

Pre-Run: 41,602,830,336 bytes free
Post-Run: 42,250,997,760 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 44AF0BA75E789F31990201A53266F2D1

sanzoneedsahug

Rookie Surfer
Rookie Surfer

Posts : 96
Joined : 2009-08-10
Operating System : XP

View user profile

Back to top Go down

Re: Smart Internet Protection Virus removal; please help.

Post by Belahzur on Sun 13 Feb 2011, 11:19 am

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    KILLALL::

    SecCenter::
    {DE317748-52B2-4BB1-B4D1-B48E74E0996E}
    {E1E856FE-889E-45D5-8454-8E9F86082803}

    Folder::
    c:\documents and settings\All Users\Application Data\291d76

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Smart Internet Protection 2011"=-
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "DisallowRun"=-
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Documents and Settings\\All Users\\Application Data\\291d76\\SI291_302.exe"=-

    FileLook::
    c:\windows\system32\isign32.dll

    DDS::
    uInternet Settings,ProxyOverride =
    uInternet Settings,ProxyServer = http=127.0.0.1:25446

    Reboot::
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Smart Internet Protection Virus removal; please help.

Post by sanzoneedsahug on Fri 11 Mar 2011, 3:00 pm

Thanks for the promt reply!! Here's the log!

ComboFix 11-03-10.02 - Owner 03/10/2011 19:43:47.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.495.191 [GMT -8:00]
Running from: c:\documents and settings\Owner\My Documents\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\My Documents\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\291d76
c:\documents and settings\All Users\Application Data\291d76\291d76d2af2f9699f11937aae806c4f5.ocx
c:\documents and settings\All Users\Application Data\291d76\SI291_302.exe
c:\documents and settings\All Users\Application Data\291d76\SIP.ico
c:\documents and settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Internet Protection 2011.lnk
c:\documents and settings\Owner\Application Data\Smart Internet Protection 2011
c:\documents and settings\Owner\Desktop\Smart Internet Protection 2011.lnk
c:\documents and settings\Owner\Recent\ANTIGEN.dll
c:\documents and settings\Owner\Recent\ANTIGEN.drv
c:\documents and settings\Owner\Recent\ANTIGEN.exe
c:\documents and settings\Owner\Recent\ANTIGEN.sys
c:\documents and settings\Owner\Recent\ANTIGEN.tmp
c:\documents and settings\Owner\Recent\cb.dll
c:\documents and settings\Owner\Recent\cb.drv
c:\documents and settings\Owner\Recent\cb.sys
c:\documents and settings\Owner\Recent\cb.tmp
c:\documents and settings\Owner\Recent\cid.dll
c:\documents and settings\Owner\Recent\cid.exe
c:\documents and settings\Owner\Recent\cid.sys
c:\documents and settings\Owner\Recent\cid.tmp
c:\documents and settings\Owner\Recent\CLSV.dll
c:\documents and settings\Owner\Recent\CLSV.drv
c:\documents and settings\Owner\Recent\CLSV.exe
c:\documents and settings\Owner\Recent\CLSV.sys
c:\documents and settings\Owner\Recent\CLSV.tmp
c:\documents and settings\Owner\Recent\DBOLE.dll
c:\documents and settings\Owner\Recent\DBOLE.drv
c:\documents and settings\Owner\Recent\DBOLE.exe
c:\documents and settings\Owner\Recent\DBOLE.sys
c:\documents and settings\Owner\Recent\DBOLE.tmp
c:\documents and settings\Owner\Recent\ddv.dll
c:\documents and settings\Owner\Recent\ddv.exe
c:\documents and settings\Owner\Recent\ddv.sys
c:\documents and settings\Owner\Recent\ddv.tmp
c:\documents and settings\Owner\Recent\delfile.drv
c:\documents and settings\Owner\Recent\delfile.exe
c:\documents and settings\Owner\Recent\delfile.sys
c:\documents and settings\Owner\Recent\dudl.dll
c:\documents and settings\Owner\Recent\dudl.drv
c:\documents and settings\Owner\Recent\eb.dll
c:\documents and settings\Owner\Recent\eb.drv
c:\documents and settings\Owner\Recent\eb.exe
c:\documents and settings\Owner\Recent\eb.sys
c:\documents and settings\Owner\Recent\eb.tmp
c:\documents and settings\Owner\Recent\energy.dll
c:\documents and settings\Owner\Recent\energy.drv
c:\documents and settings\Owner\Recent\energy.exe
c:\documents and settings\Owner\Recent\energy.sys
c:\documents and settings\Owner\Recent\energy.tmp
c:\documents and settings\Owner\Recent\exec.dll
c:\documents and settings\Owner\Recent\exec.drv
c:\documents and settings\Owner\Recent\exec.exe
c:\documents and settings\Owner\Recent\exec.sys
c:\documents and settings\Owner\Recent\exec.tmp
c:\documents and settings\Owner\Recent\fan.dll
c:\documents and settings\Owner\Recent\fan.drv
c:\documents and settings\Owner\Recent\fan.sys
c:\documents and settings\Owner\Recent\fan.tmp
c:\documents and settings\Owner\Recent\fix.drv
c:\documents and settings\Owner\Recent\fix.exe
c:\documents and settings\Owner\Recent\fix.sys
c:\documents and settings\Owner\Recent\FS.dll
c:\documents and settings\Owner\Recent\FS.drv
c:\documents and settings\Owner\Recent\FS.tmp
c:\documents and settings\Owner\Recent\FW.drv
c:\documents and settings\Owner\Recent\FW.sys
c:\documents and settings\Owner\Recent\gid.dll
c:\documents and settings\Owner\Recent\grid.dll
c:\documents and settings\Owner\Recent\grid.drv
c:\documents and settings\Owner\Recent\grid.exe
c:\documents and settings\Owner\Recent\grid.tmp
c:\documents and settings\Owner\Recent\hymt.drv
c:\documents and settings\Owner\Recent\hymt.exe
c:\documents and settings\Owner\Recent\hymt.sys
c:\documents and settings\Owner\Recent\hymt.tmp
c:\documents and settings\Owner\Recent\kernel32.dll
c:\documents and settings\Owner\Recent\kernel32.drv
c:\documents and settings\Owner\Recent\kernel32.exe
c:\documents and settings\Owner\Recent\kernel32.sys
c:\documents and settings\Owner\Recent\kernel32.tmp
c:\documents and settings\Owner\Recent\pal.exe
c:\documents and settings\Owner\Recent\pal.sys
c:\documents and settings\Owner\Recent\pal.tmp
c:\documents and settings\Owner\Recent\PE.dll
c:\documents and settings\Owner\Recent\PE.drv
c:\documents and settings\Owner\Recent\PE.exe
c:\documents and settings\Owner\Recent\PE.sys
c:\documents and settings\Owner\Recent\PE.tmp
c:\documents and settings\Owner\Recent\ppal.dll
c:\documents and settings\Owner\Recent\ppal.drv
c:\documents and settings\Owner\Recent\ppal.exe
c:\documents and settings\Owner\Recent\ppal.sys
c:\documents and settings\Owner\Recent\runddl.dll
c:\documents and settings\Owner\Recent\runddl.drv
c:\documents and settings\Owner\Recent\runddl.tmp
c:\documents and settings\Owner\Recent\runddlkey.dll
c:\documents and settings\Owner\Recent\runddlkey.drv
c:\documents and settings\Owner\Recent\runddlkey.exe
c:\documents and settings\Owner\Recent\runddlkey.sys
c:\documents and settings\Owner\Recent\runddlkey.tmp
c:\documents and settings\Owner\Recent\SICKBOY.exe
c:\documents and settings\Owner\Recent\SICKBOY.sys
c:\documents and settings\Owner\Recent\SICKBOY.tmp
c:\documents and settings\Owner\Recent\sld.dll
c:\documents and settings\Owner\Recent\sld.exe
c:\documents and settings\Owner\Recent\sld.sys
c:\documents and settings\Owner\Recent\sld.tmp
c:\documents and settings\Owner\Recent\SM.exe
c:\documents and settings\Owner\Recent\SM.tmp
c:\documents and settings\Owner\Recent\snl2w.drv
c:\documents and settings\Owner\Recent\snl2w.exe
c:\documents and settings\Owner\Recent\snl2w.sys
c:\documents and settings\Owner\Recent\std.dll
c:\documents and settings\Owner\Recent\std.sys
c:\documents and settings\Owner\Recent\tempdoc.dll
c:\documents and settings\Owner\Recent\tempdoc.exe
c:\documents and settings\Owner\Recent\tempdoc.sys
c:\documents and settings\Owner\Recent\tempdoc.tmp
c:\documents and settings\Owner\Recent\tjd.dll
c:\documents and settings\Owner\Recent\tjd.drv
c:\documents and settings\Owner\Recent\tjd.exe
c:\documents and settings\Owner\Recent\tjd.sys
c:\documents and settings\Owner\Recent\tjd.tmp
c:\documents and settings\Owner\Start Menu\Programs\Smart Internet Protection 2011.lnk
c:\documents and settings\Owner\Start Menu\Smart Internet Protection 2011.lnk
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-02-11 to 2011-03-11 )))))))))))))))))))))))))))))))
.
.
2011-03-11 03:33 . 2011-03-11 03:36 -------- d-----w- c:\windows\LastGood.Tmp
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 23:59 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\isign32.dll ---
Company: Microsoft Corporation
File Description: Internet Signup
File Version: 6.00.2900.6052 (xpsp_sp3_gdr.101118-1624)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: ISIGN32.DLL
File size: 81920
Created time: 2000-01-29 09:56
Modified time: 2010-11-18 18:12
MD5: 307F639EB11C2E98DFE3A21090811869
SHA1: C63AC84F1FCD8B04D74670AE44709AB25D6CA5FF
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
2009-12-20 09:51 87480 ----a-w- c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2010-10-19 12:53 585136 ----a-w- c:\progra~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll" [2009-12-20 87480]
.
[HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-14 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-04-17 18:40 0 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 09:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2003-04-18 19:20 88363 ----a-w- c:\windows\agrsmmsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2010-03-08 21:04 3972440 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2009-12-06 16:24 954880 ----a-w- c:\program files\Ares\Ares.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2003-04-07 08:07 114688 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2003-04-07 08:19 155648 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 12:00 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
2003-01-03 00:16 172032 ------w- c:\program files\ltmoh\ltmoh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 23:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-04 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-04 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMBVolumeWatcher]
2009-10-24 10:18 597792 ----a-w- c:\program files\Sony\PMB\PMBVolumeWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 23:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-03-14 08:09 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-11-11 21:55 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/3/2010 9:36 AM 162512]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 10:41 AM 67656]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 11:03 AM 169312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/3/2010 9:36 AM 19024]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [10/24/2009 2:18 AM 360224]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [4/2/2010 12:38 PM 4497704]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [4/2/2010 12:40 PM 113448]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/14/2010 8:41 PM 135664]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [11/11/2010 1:57 PM 268528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-15 04:40]
.
2011-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-15 04:40]
.
2011-03-11 c:\windows\Tasks\User_Feed_Synchronization-{93310872-A2E0-4B31-BDAC-E84A12266250}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 12:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-03-10 19:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(700)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(1496)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WTouch\WTouchUser.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Zune\ZuneBusEnum.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
.
**************************************************************************
.
Completion time: 2011-03-10 19:58:13 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-11 03:57
ComboFix2.txt 2011-02-12 05:26
.
Pre-Run: 42,072,399,872 bytes free
Post-Run: 42,082,668,544 bytes free
.
- - End Of File - - 8E3166DF1B0E3616AB4AF72E837C4F7B

sanzoneedsahug

Rookie Surfer
Rookie Surfer

Posts : 96
Joined : 2009-08-10
Operating System : XP

View user profile

Back to top Go down

Re: Smart Internet Protection Virus removal; please help.

Post by Belahzur on Sat 12 Mar 2011, 11:12 am

Okay looking better, still a few things to be done though.

Please download the current version of HijackThis from HERE

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Smart Internet Protection Virus removal; please help.

Post by Sponsored content Today at 9:39 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum