Forum Home
Press F1
Thread ID: 88237	2008-03-20 07:30:00	Virus, Trojan, Spyware infection	colinf (13530)	Press F1

Post ID	Timestamp	Content	User
651901	2008-03-22 06:19:00	Whoops . . . sorry, no I did not se your post . This will fix things up for you . . Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes . Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT . O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - (no file) O4 - HKLM\ . . \Run: [Driver Extbn] C:\WINNT\system32\Driver Exden . exe O4 - HKLM\ . . \Policies\Explorer\Run: [zhqb_df] rundll32 . exe C:\WINNT\system\zhqbdf080305 . dll mymain O4 - HKLM\ . . \Policies\Explorer\Run: [zsms] rundll32 . exe C:\WINNT\system32\mcdsrv16_080304 . dll start Reboot . . . . . ============================= Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions . It's IMPORTANT to carry out the instructions in the sequence listed below . 1 . Close any open browsers . 2 . Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix . Open *notepad* and copy/paste the text in the quotebox below into it: Killall:: File:: C:\WINNT\SYSTEM32\XSSCNDNJKEZA C:\WINNT\SYSTEM32\tmp . reg C:\WINNT\zuoyu16 . ini C:\WINNT\SYSTEM32\mywehit . ini . tmp C:\WINNT\SYSTEM32\tmpcj0 . exe C:\WINNT\SYSTEM32\tmpcj2 . exe C:\WINNT\system\zhqbdf080305 . dll C:\WINNT\system32\mcdsrv16_080304 . dll Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer\run] "zhqb_df"=- "zsms"=- Save this as CFScript . txt, in the same location as ComboFix . exe which is on the Desktop . . pandora . be/bluepatchy/miekiemoes/images/CFScript . gif" target="_blank">users . pandora . be Refering to the picture above, drag CFScript . txt into ComboFix . exe When finished, it shall produce a log for you at C:\ComboFix . txt Please copy and paste the ComboFix . txt along with a fresh HijackThis log in your next reply please . *Note: Do not mouseclick combofix's window whilst it's running . That may cause it to stall*	Pancake (6359)
651902	2008-03-22 08:16:00	Hi I have done as you've asked, Pancake . The log are below . ComboFix 08-03-20 . 5 - Doug McLaren 22/03/2008 20:57:00 . 2 - NTFSx86 Microsoft Windows 2000 Professional 5 . 0 . 2195 . 4 . 1252 . 1 . 1033 . 18 . 113 [GMT 12:00] Running from: C:\Documents and Settings\Doug McLaren . DOUGHOME\Desktop\ComboFix . exe Command switches used :: C:\Documents and Settings\Doug McLaren . DOUGHOME\Desktop\CFScript . txt FILE :: C:\WINNT\system\zhqbdf080305 . dll C:\WINNT\system32\mcdsrv16_080304 . dll C:\WINNT\SYSTEM32\mywehit . ini . tmp C:\WINNT\SYSTEM32\tmp . reg C:\WINNT\SYSTEM32\tmpcj0 . exe C:\WINNT\SYSTEM32\tmpcj2 . exe C:\WINNT\SYSTEM32\XSSCNDNJKEZA C:\WINNT\zuoyu16 . ini . TimedOut: Windir . dat TimedOut: progfile . dat ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINNT\SYSTEM32\mywehit . ini . tmp C:\WINNT\SYSTEM32\tmp . reg C:\WINNT\SYSTEM32\tmpcj0 . exe C:\WINNT\SYSTEM32\tmpcj2 . exe C:\WINNT\SYSTEM32\XSSCNDNJKEZA C:\WINNT\zuoyu16 . ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ACPIDISK -------\Legacy_MS_2FAX -------\Legacy_MXDISPDR -------\Legacy_RPCS -------\Legacy_WAMER ((((((((((((((((((((((((( Files Created from 2008-02-22 to 2008-03-22 ))))))))))))))))))))))))))))))) . 2008-03-20 20:45 . 08-03-22 20:44 742,368 ---h----- C:\WINNT\ShellIconCache 2008-03-20 09:57 . 06-03-01 01:00 158,208 --a------ C:\WINNT\SYSTEM32\mscfg . exe 2008-03-16 09:47 . 08-03-16 09:47 <DIR> d-------- C:\kav 2008-03-15 21:40 . 08-03-16 11:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-03-15 16:47 . 08-03-14 08:09 86,528 --a------ C:\WINNT\SYSTEM32\VACFix . exe 2008-03-14 16:25 . 08-03-14 16:25 <DIR> d-------- C:\Documents and Settings\Doug McLaren . DOUGHOME\Application Data\Uniblue 2008-03-11 15:59 . 08-03-11 15:59 <DIR> d-------- C:\Program Files\Trend Micro 2008-03-11 14:25 . 08-03-11 14:25 <DIR> d-------- C:\Documents and Settings\Doug McLaren . DOUGHOME\Application Data\F-Secure 2008-03-11 14:14 . 08-03-16 08:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure 2008-03-11 14:13 . 08-03-16 09:40 <DIR> d-------- C:\Program Files\F-Secure Internet Security 2008-03-11 14:11 . 08-03-11 14:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fssg 2008-03-09 19:31 . 08-03-09 19:31 <DIR> d-------- C:\Program Files\Alwil Software 2008-03-09 19:31 . 03-03-19 07:20 1,060,864 --a------ C:\WINNT\SYSTEM32\MFC71 . dll 2008-03-09 15:12 . 08-03-09 15:22 <DIR> d-------- C:\Program Files\Safer Networking 2008-03-09 09:50 . 08-03-09 09:50 0 --a------ C:\WINNT\pestpatrol5 . INI 2008-03-09 09:47 . 08-03-09 09:47 <DIR> d-------- C:\Documents and Settings\DOUGMC~1~DOU\LOCALS~1 2008-03-08 15:45 . 08-03-08 15:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2008-03-08 15:44 . 08-03-08 15:44 <DIR> d-------- C:\Program Files\Common Files\PC Tools 2008-03-08 15:41 . 08-03-08 15:41 <DIR> d-------- C:\Documents and Settings\Doug McLaren . DOUGHOME\Application Data\Comodo 2008-03-08 15:41 . 08-03-08 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo 2008-03-08 15:29 . 08-03-16 10:28 <DIR> d-------- C:\Program Files\Comodo 2008-03-07 09:32 . 08-03-07 09:32 14 --a------ C:\WINNT\SYSTEM32\-6-113-16-44 2008-03-07 09:12 . 08-03-07 09:21 <DIR> d-------- C:\Program Files\Free Window Registry Repair 2008-03-06 20:44 . 08-03-06 20:44 <DIR> d-------- C:\Temp\SmitfraudFix 2008-03-06 20:44 . 07-09-05 22:22 289,144 --a------ C:\WINNT\SYSTEM32\VCCLSID . exe 2008-03-06 20:44 . 06-04-27 15:49 288,417 --a------ C:\WINNT\SYSTEM32\SrchSTS . exe 2008-03-06 20:44 . 08-01-27 13:37 81,920 --a------ C:\WINNT\SYSTEM32\IEDFix . exe 2008-03-06 20:44 . 03-06-05 19:13 53,248 --a------ C:\WINNT\SYSTEM32\Process . exe 2008-03-06 20:44 . 04-07-31 16:50 51,200 --a------ C:\WINNT\SYSTEM32\dumphive . exe 2008-03-06 20:44 . 07-10-03 22:36 25,600 --a------ C:\WINNT\SYSTEM32\WS2Fix . exe 2008-03-06 14:52 . 08-03-06 20:47 <DIR> d-------- C:\Temp\backups 2008-03-06 14:44 . 08-03-06 20:45 <DIR> d-------- C:\Temp 2008-03-06 14:44 . 07-06-01 10:11 1,308,216 --a------ C:\Temp\HiJackThis_v2 . exe 2008-03-06 13:31 . 08-03-06 15:18 842 --a------ C:\WINNT\SYSTEM32\ActiveInfo . ini 2008-03-05 18:57 . 08-03-05 18:57 15 --a------ C:\WINNT\SYSTEM32\licon . dat 2008-03-05 18:09 . 08-03-06 13:33 248 --a------ C:\WINNT\ie . ini 2008-03-05 18:04 . 08-03-11 19:40 <DIR> d-------- C:\Program Files\winp 2008-03-05 17:56 . 08-03-05 17:56 134 --a------ C:\WINNT\checkcj . ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-03-22 08:51 --------- d---a-w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-22 08:51 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-03-21 07:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-03-20 23:06 --------- d-----w C:\Documents and Settings\Doug McLaren . DOUGHOME\Application Data\U3 2008-03-16 22:18 --------- d-----w C:\Program Files\Windows Messaging 2008-03-15 23:41 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-03-15 23:41 --------- d-----w C:\Documents and Settings\Doug McLaren . DOUGHOME\Application Data\SUPERAntiSpyware . com 2008-03-05 06:06 16,896 ----a-w C:\WINNT\FireFoxUpdater . exe 2008-02-11 08:09 --------- d-----w C:\Program Files\Google 2001-05-07 19:00 32,528 ------w C:\WINNT\INF\WBFIRDMA . SYS . ((((((((((((((((((((((((((((( snapshot@Fri 2008-03-21_20 . 26 . 21 . 10 ))))))))))))))))))))))))))))))))))))))))) . - 2007-04-08 05:20:28 221,632 ----a-w C:\WINNT\SYSTEM32\FNTCACHE . DAT + 2008-03-22 08:45:55 227,208 ----a-w C:\WINNT\SYSTEM32\FNTCACHE . DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "HijackThis startup scan"="C:\Program Files\Trend Micro\HijackThis\HijackThis . exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "Synchronization Manager"="mobsync . exe" [03-06-20 07:05 111376 C:\WINNT\SYSTEM32\mobsync . exe] "Driver Extbn"="C:\WINNT\system32\Driver Exden . exe" [ ] C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ Microsoft Find Fast . lnk - C:\Program Files\Microsoft Office\Office\FINDFAST . EXE [1996-11-21 115200] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer] "NoBandCustomize"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer\run] "zhqb_df"= rundll32 . exe C:\WINNT\system\zhqbdf080305 . dll mymain "zsms"= rundll32 . exe C:\WINNT\system32\mcdsrv16_080304 . dll start [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer] "NoBandCustomize"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\10 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\22 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\23 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360Safe . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\60e41 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\adam . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ADVXDWIN] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AgentSvr . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\alertsvc . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ALOGSERV] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\amon . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AMON9X] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\an006 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\anti - trojan . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AntiArp . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\antivir] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ANTS] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AppSvc32 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\arvmon . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ATCON] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AtiSrv . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ATUPDATER] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ATWATCH] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AutoGuarder . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autoruns . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AutoTrace] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVGCC32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgrssvc . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AvgServ] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVGSERV9] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVGW] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avkpop] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AvkServ] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avkservice] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avkwctl9] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AvMonitor . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avp . com] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avp . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avpmon . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avpnt . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Avrep32 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avsynmgr . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVWINNT] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVXMONITOR9X] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVXMONITORNT] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVXQUAR] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVXW] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\BullGuard] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CCAPP . EXE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccSvcHst . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfgWiz] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfind . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\claw95ct . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\clrav . com] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CMGRDIAN] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CONNECTIONMONITOR] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CPDClnt] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CTRL] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\d39 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dbghlp32 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\defalert] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\defscangui] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DEFWATCH] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dodolook_7513 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DOORS] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfc1 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dv95 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dv95_o . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EFINET32 . EXE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EFPEADM] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\eREAD . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\espwatch . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ETRUSTCIPE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EVPN] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EXPERT] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\f - agnt95 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\f - prot . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\f - prot95 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\f - stopw . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fameh32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fch32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fih32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FileDsty . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\filemon . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\findt2005 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fnrb32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fp - win . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPROT95 . EXE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\frhhusyk . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsaa] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsgk32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsm32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsma32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsmb32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FTCleanerShell . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\gbmenu] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GBPOLL] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GENERICS] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GUARD] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\haZl0oh . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\HijackThis . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IAMSTATS] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IceSword . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\icmoon . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\icssuppnt . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iparmo . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IsHelp . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\isPwdSvc . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ISRV95] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jed . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kabaload . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KaScrScn . SCR] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KASTask . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVDX . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVSetup . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVStart . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kbfz . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\killhidepid . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KISLnchr . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KMailMon . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KMFilter . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kpf . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPFW32 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPFW32X . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPFWSvc . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KRegEx . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KRepair . COM] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KsLoader . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVCenter . kxp] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvDetect . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvfwMcl . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVMonXP . kxp] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVMonXP_1 . kxp] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvol . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvolself . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvReport . kxp] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Kvsc3 . exE] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVScan . kxp] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVStub . kxp] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvupload . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvXP . kxp] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvXP_1 . kxp] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KWatch . exe] Debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KWatch9x . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KWatchX . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kzdh@webbrowser-lyrics_2012 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\LDPROMENU] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\LDSCAN] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\loaddll . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lockdownadvanced . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lucomserver . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\LUSPT] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MagicSet . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcafee] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCAGENT] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcconsol . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCMNHDLR] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCTOOL] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCUPDATE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCVSRTE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCVSSHLD] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MGHTML] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MINILOG] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mmqczj . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mmsk . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Monitor . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MPFSERVICE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msconfig . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msyaxk . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MWATCH] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mycc080223 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\my_200801 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\my_70218 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\n32scan . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVENGNAVEX15] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navrunr . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navsched . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVSetup . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navw . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ndd32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NeoWatchLog] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netutils] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nisserv . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32krn . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\notstart . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\npscheck] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\npssvc] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nsched32 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nspclean . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ntrtscan] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NTVDM] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NTXconfig] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NVSVC32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NWService] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NWTOOL16] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\offguard . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\outpost . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PADMIN] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\padmin . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pav . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavmail . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavproxy] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pcciomon . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pccmain . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pccwin97] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pcntmon] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pcscan] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\peer . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\per . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\perd . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Performance . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pertsk . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\perupd . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pervac . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pervacd . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PFW . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pfwagent . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pfwcon . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PFWLiveUpdate . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\POP3TRAP] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\POPROXY] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PORTMONITOR] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pqremove . com] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PROCESSMONITOR] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\procexp] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PROGRAMAUDITOR] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pview95] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pview95 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QHSET . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rapapp . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Ras . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavCopy . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavStore . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavStub . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ravt08 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavTask . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\REALMON] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RegClean . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regedit . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regedt32 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regmon . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rescue . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwcfg . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RfwMain . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwolusr . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwProxy . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwsrv . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RKUnHooker . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rpcs . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RsAgent . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rsaupd . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RTVSCN95] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RULAUNCH] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rundll . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\runiep . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\safelive . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sbserv] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\scvhost . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\servciesa . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\servciesb . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\servciesc . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\servciesd . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\servet . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sfc . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\shcfg32 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\smartassistant . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SmartUp . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SPYXX] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SREng . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SREngPS . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SS3EDIT] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SSDPDiscovv . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\svch0st . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\svchosts . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\svsh0st . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SweepNet] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SWNETSUP] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\symlcsvc . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SymProxySvc] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SYMTRAY] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\syscheck . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Syscheck2 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sysloader . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SysSafe . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TAUMON] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TCM] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TDS - 3] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tds2 - 98 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tds2 - nt . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\temp3 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TFAK] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\th . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\th32 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\th32upd . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\thav . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\thd . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\thd32 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\thmail . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ToolsUp . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojanDetector . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Trojanwall . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojDie . kxp] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UIHost . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxAgent . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxAttachment . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxCfg . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxFwHlp . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxPol . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UpLive . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbcmserv] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VbCons] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VCONTROL . EXE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VET32 . EXE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vet98 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VIR - HELP] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VPC32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VPTRAY] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VSMAIN] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsmon] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsscan40 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WATCHDOG] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\webscan . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WEBTRAP] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WGFE95] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wiasoisao . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WIMMUN32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wincheck080127 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wincom . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\winnir . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WinserviceExten . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WoptiClean . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WrAdmin] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WrCtrl] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WSockDrv32 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xin . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ZAP . EXE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ZAPD . EXE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ZAPPRG . EXE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zapro . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ZAPS . EXE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ZCAP . EXE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zlclient . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zxsweep . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zyxpRes080217 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-] "Driver Extbn"=C:\WINNT\system32\Driver Exden . exe R0 fasttrak;fasttrak;C:\WINNT\system32\DRIVERS\fasttr ak . sys [01-04-26 16:00 ] R0 Fd16_700;Fd16_700;C:\WINNT\system32\DRIVERS\fd16_7 00 . sys [99-09-25 11:11 ] R0 IntelATA;Intel Ultra ATA Controller;C:\WINNT\system32\DRIVERS\IntelAta . sys [01-03-23 00:00 ] R0 mraid2k;mraid2k;C:\WINNT\system32\DRIVERS\mraid2k . sys [01-06-08 09:25 ] R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINNT\system32\DRIVERS\msikbd2k . sys	colinf (13530)
651903	2008-03-22 08:51:00	Ok . This will be the last fix . . Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes . Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT . O4 - HKLM\ . . \Policies\Explorer\Run: [zhqb_df] rundll3 2 . exe C:\WINNT\system\zhqbdf080305 . dll mymain O4 - HKLM\ . . \Policies\Explorer\Run: [zsms] rundll3 2 . exe C:\WINNT\system32\mcdsrv16_080304 . dll start Reboot . . . . ========================== Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions . It's IMPORTANT to carry out the instructions in the sequence listed below . 1 . Close any open browsers . 2 . Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix . Open *notepad* and copy/paste the text in the quotebox below into it: Killall:: Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer\run] "zhqb_df"=- "zsms"=- Save this as CFScript . txt, in the same location as ComboFix . exe which is on the Desktop . . pandora . be/bluepatchy/miekiemoes/images/CFScript . gif" target="_blank">users . pandora . be Refering to the picture above, drag CFScript . txt into ComboFix . exe When finished, it shall produce a log for you at C:\ComboFix . txt Please copy and paste the ComboFix . txt along with a fresh HijackThis log in your next reply please . *Note: Do not mouseclick combofix's window whilst it's running . That may cause it to stall*	Pancake (6359)
651904	2008-03-22 09:30:00	Hi Pancake, I note that the registry key you have given me contains a space between the second r of ..\currentversion\.. and the e. I assume this is a typo. Colin :confused:	colinf (13530)
651905	2008-03-22 10:14:00	Hi Pancake, latest logs are below . I have noticed a couple of things that may interest you . When I start Combofix, and immediately after Combofix starts after rebooting, a Widnows error message dialog appears on the screen . The dialog is titled "Registry Editor Error" And the text of the message is "Cannot import Region . dat: Not all data was successfully written to the registry . Some keys are open by the System or another process . " Also after Combofix has rebooted there is a message in the combo fix window that says "Cannot find c:\winnt\regedit . exe" . However it is there because I have just checked! Colin ComboFix 08-03-20 . 5 - Doug McLaren 22/03/2008 22:47:07 . 3 - NTFSx86 Running from: C:\Documents and Settings\Doug McLaren . DOUGHOME\Desktop\ComboFix . exe Command switches used :: C:\Documents and Settings\Doug McLaren . DOUGHOME\Desktop\cfscript . txt . TimedOut: Windir . dat TimedOut: progfile . dat ((((((((((((((((((((((((( Files Created from 2008-02-22 to 2008-03-22 ))))))))))))))))))))))))))))))) . 2008-03-20 20:45 . 08-03-22 22:40 742,368 ---h----- C:\WINNT\ShellIconCache 2008-03-20 09:57 . 06-03-01 01:00 158,208 --a------ C:\WINNT\SYSTEM32\mscfg . exe 2008-03-16 09:47 . 08-03-16 09:47 <DIR> d-------- C:\kav 2008-03-15 21:40 . 08-03-16 11:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-03-15 16:47 . 08-03-14 08:09 86,528 --a------ C:\WINNT\SYSTEM32\VACFix . exe 2008-03-14 16:25 . 08-03-14 16:25 <DIR> d-------- C:\Documents and Settings\Doug McLaren . DOUGHOME\Application Data\Uniblue 2008-03-11 15:59 . 08-03-11 15:59 <DIR> d-------- C:\Program Files\Trend Micro 2008-03-11 14:25 . 08-03-11 14:25 <DIR> d-------- C:\Documents and Settings\Doug McLaren . DOUGHOME\Application Data\F-Secure 2008-03-11 14:14 . 08-03-16 08:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure 2008-03-11 14:13 . 08-03-16 09:40 <DIR> d-------- C:\Program Files\F-Secure Internet Security 2008-03-11 14:11 . 08-03-11 14:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fssg 2008-03-09 19:31 . 08-03-09 19:31 <DIR> d-------- C:\Program Files\Alwil Software 2008-03-09 19:31 . 03-03-19 07:20 1,060,864 --a------ C:\WINNT\SYSTEM32\MFC71 . dll 2008-03-09 15:12 . 08-03-09 15:22 <DIR> d-------- C:\Program Files\Safer Networking 2008-03-09 09:50 . 08-03-09 09:50 0 --a------ C:\WINNT\pestpatrol5 . INI 2008-03-09 09:47 . 08-03-09 09:47 <DIR> d-------- C:\Documents and Settings\DOUGMC~1~DOU\LOCALS~1 2008-03-08 15:45 . 08-03-08 15:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2008-03-08 15:44 . 08-03-08 15:44 <DIR> d-------- C:\Program Files\Common Files\PC Tools 2008-03-08 15:41 . 08-03-08 15:41 <DIR> d-------- C:\Documents and Settings\Doug McLaren . DOUGHOME\Application Data\Comodo 2008-03-08 15:41 . 08-03-08 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo 2008-03-08 15:29 . 08-03-16 10:28 <DIR> d-------- C:\Program Files\Comodo 2008-03-07 09:32 . 08-03-07 09:32 14 --a------ C:\WINNT\SYSTEM32\-6-113-16-44 2008-03-07 09:12 . 08-03-07 09:21 <DIR> d-------- C:\Program Files\Free Window Registry Repair 2008-03-06 20:44 . 08-03-06 20:44 <DIR> d-------- C:\Temp\SmitfraudFix 2008-03-06 20:44 . 07-09-05 22:22 289,144 --a------ C:\WINNT\SYSTEM32\VCCLSID . exe 2008-03-06 20:44 . 06-04-27 15:49 288,417 --a------ C:\WINNT\SYSTEM32\SrchSTS . exe 2008-03-06 20:44 . 08-01-27 13:37 81,920 --a------ C:\WINNT\SYSTEM32\IEDFix . exe 2008-03-06 20:44 . 03-06-05 19:13 53,248 --a------ C:\WINNT\SYSTEM32\Process . exe 2008-03-06 20:44 . 04-07-31 16:50 51,200 --a------ C:\WINNT\SYSTEM32\dumphive . exe 2008-03-06 20:44 . 07-10-03 22:36 25,600 --a------ C:\WINNT\SYSTEM32\WS2Fix . exe 2008-03-06 14:52 . 08-03-06 20:47 <DIR> d-------- C:\Temp\backups 2008-03-06 14:44 . 08-03-06 20:45 <DIR> d-------- C:\Temp 2008-03-06 14:44 . 07-06-01 10:11 1,308,216 --a------ C:\Temp\HiJackThis_v2 . exe 2008-03-06 13:31 . 08-03-06 15:18 842 --a------ C:\WINNT\SYSTEM32\ActiveInfo . ini 2008-03-05 18:57 . 08-03-05 18:57 15 --a------ C:\WINNT\SYSTEM32\licon . dat 2008-03-05 18:09 . 08-03-06 13:33 248 --a------ C:\WINNT\ie . ini 2008-03-05 18:04 . 08-03-11 19:40 <DIR> d-------- C:\Program Files\winp 2008-03-05 17:56 . 08-03-05 17:56 134 --a------ C:\WINNT\checkcj . ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-03-22 09:01 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-03-22 08:51 --------- d---a-w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-21 07:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-03-20 23:06 --------- d-----w C:\Documents and Settings\Doug McLaren . DOUGHOME\Application Data\U3 2008-03-16 22:18 --------- d-----w C:\Program Files\Windows Messaging 2008-03-15 23:41 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-03-15 23:41 --------- d-----w C:\Documents and Settings\Doug McLaren . DOUGHOME\Application Data\SUPERAntiSpyware . com 2008-03-05 06:06 16,896 ----a-w C:\WINNT\FireFoxUpdater . exe 2008-02-11 08:09 --------- d-----w C:\Program Files\Google 2001-05-07 19:00 32,528 ------w C:\WINNT\INF\WBFIRDMA . SYS . ((((((((((((((((((((((((((((( snapshot@Fri 2008-03-21_20 . 26 . 21 . 10 ))))))))))))))))))))))))))))))))))))))))) . - 2007-04-08 05:20:28 221,632 ----a-w C:\WINNT\SYSTEM32\FNTCACHE . DAT + 2008-03-22 08:45:55 227,208 ----a-w C:\WINNT\SYSTEM32\FNTCACHE . DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "Synchronization Manager"="mobsync . exe" [03-06-20 07:05 111376 C:\WINNT\SYSTEM32\mobsync . exe] C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ Microsoft Find Fast . lnk - C:\Program Files\Microsoft Office\Office\FINDFAST . EXE [1996-11-21 115200] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer] "NoBandCustomize"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer\run] "zhqb_df"= rundll32 . exe C:\WINNT\system\zhqbdf080305 . dll mymain "zsms"= rundll32 . exe C:\WINNT\system32\mcdsrv16_080304 . dll start [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer] "NoBandCustomize"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\10 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\22 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\23 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360Safe . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\60e41 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\adam . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ADVXDWIN] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AgentSvr . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\alertsvc . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ALOGSERV] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\amon . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AMON9X] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\an006 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\anti - trojan . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AntiArp . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\antivir] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ANTS] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AppSvc32 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\arvmon . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ATCON] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AtiSrv . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ATUPDATER] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ATWATCH] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AutoGuarder . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autoruns . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AutoTrace] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVGCC32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgrssvc . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AvgServ] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVGSERV9] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVGW] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avkpop] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AvkServ] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avkservice] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avkwctl9] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AvMonitor . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avp . com] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avp . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avpmon . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avpnt . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Avrep32 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avsynmgr . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVWINNT] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVXMONITOR9X] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVXMONITORNT] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVXQUAR] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVXW] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\BullGuard] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CCAPP . EXE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccSvcHst . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfgWiz] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfind . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\claw95ct . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\clrav . com] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CMGRDIAN] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CONNECTIONMONITOR] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CPDClnt] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CTRL] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\d39 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dbghlp32 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\defalert] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\defscangui] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DEFWATCH] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dodolook_7513 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DOORS] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfc1 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dv95 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dv95_o . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EFINET32 . EXE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EFPEADM] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\eREAD . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\espwatch . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ETRUSTCIPE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EVPN] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EXPERT] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\f - agnt95 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\f - prot . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\f - prot95 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\f - stopw . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fameh32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fch32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fih32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FileDsty . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\filemon . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\findt2005 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fnrb32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fp - win . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPROT95 . EXE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\frhhusyk . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsaa] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsgk32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsm32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsma32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsmb32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FTCleanerShell . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\gbmenu] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GBPOLL] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GENERICS] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GUARD] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\haZl0oh . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\HijackThis . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IAMSTATS] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IceSword . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\icmoon . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\icssuppnt . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iparmo . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IsHelp . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\isPwdSvc . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ISRV95] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jed . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kabaload . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KaScrScn . SCR] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KASTask . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVDX . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVSetup . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVStart . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kbfz . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\killhidepid . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KISLnchr . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KMailMon . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KMFilter . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kpf . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPFW32 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPFW32X . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPFWSvc . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KRegEx . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KRepair . COM] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KsLoader . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVCenter . kxp] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvDetect . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvfwMcl . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVMonXP . kxp] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVMonXP_1 . kxp] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvol . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvolself . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvReport . kxp] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Kvsc3 . exE] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVScan . kxp] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVStub . kxp] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvupload . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvXP . kxp] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvXP_1 . kxp] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KWatch . exe] Debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KWatch9x . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KWatchX . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kzdh@webbrowser-lyrics_2012 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\LDPROMENU] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\LDSCAN] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\loaddll . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lockdownadvanced . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lucomserver . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\LUSPT] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MagicSet . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcafee] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCAGENT] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcconsol . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCMNHDLR] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCTOOL] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCUPDATE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCVSRTE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCVSSHLD] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MGHTML] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MINILOG] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mmqczj . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mmsk . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Monitor . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MPFSERVICE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msconfig . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msyaxk . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MWATCH] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mycc080223 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\my_200801 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\my_70218 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\n32scan . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVENGNAVEX15] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navrunr . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navsched . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVSetup . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navw . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ndd32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NeoWatchLog] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netutils] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nisserv . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32krn . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\notstart . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\npscheck] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\npssvc] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nsched32 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nspclean . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ntrtscan] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NTVDM] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NTXconfig] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NVSVC32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NWService] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NWTOOL16] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\offguard . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\outpost . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PADMIN] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\padmin . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pav . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavmail . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavproxy] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pcciomon . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pccmain . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pccwin97] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pcntmon] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pcscan] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\peer . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\per . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\perd . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Performance . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pertsk . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\perupd . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pervac . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pervacd . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PFW . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pfwagent . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pfwcon . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PFWLiveUpdate . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\POP3TRAP] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\POPROXY] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PORTMONITOR] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pqremove . com] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PROCESSMONITOR] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\procexp] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PROGRAMAUDITOR] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pview95] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pview95 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QHSET . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rapapp . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Ras . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavCopy . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavStore . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavStub . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ravt08 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavTask . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\REALMON] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RegClean . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regedit . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regedt32 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regmon . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rescue . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwcfg . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RfwMain . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwolusr . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwProxy . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwsrv . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RKUnHooker . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rpcs . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RsAgent . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rsaupd . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RTVSCN95] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RULAUNCH] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rundll . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\runiep . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\safelive . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sbserv] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\scvhost . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\servciesa . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\servciesb . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\servciesc . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\servciesd . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\servet . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sfc . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\shcfg32 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\smartassistant . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SmartUp . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SPYXX] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SREng . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SREngPS . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SS3EDIT] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SSDPDiscovv . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\svch0st . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\svchosts . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\svsh0st . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SweepNet] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SWNETSUP] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\symlcsvc . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SymProxySvc] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SYMTRAY] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\syscheck . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Syscheck2 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sysloader . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SysSafe . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TAUMON] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TCM] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TDS - 3] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tds2 - 98 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tds2 - nt . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\temp3 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TFAK] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\th . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\th32 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\th32upd . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\thav . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\thd . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\thd32 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\thmail . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ToolsUp . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojanDetector . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Trojanwall . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojDie . kxp] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UIHost . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxAgent . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxAttachment . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxCfg . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxFwHlp . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxPol . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UpLive . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbcmserv] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VbCons] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VCONTROL . EXE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VET32 . EXE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vet98 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VIR - HELP] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VPC32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VPTRAY] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VSMAIN] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsmon] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsscan40 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WATCHDOG] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\webscan . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WEBTRAP] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WGFE95] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wiasoisao . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WIMMUN32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wincheck080127 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wincom . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\winnir . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WinserviceExten . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WoptiClean . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WrAdmin] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WrCtrl] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WSockDrv32 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xin . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ZAP . EXE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ZAPD . EXE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ZAPPRG . EXE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zapro . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ZAPS . EXE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ZCAP . EXE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zlclient . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zxsweep . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zyxpRes080217 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-] "Driver Extbn"=C:\WINNT\system32\Driver Exden . exe R0 fasttrak;fasttrak;C:\WINNT\system32\DRIVERS\fasttr ak . sys [01-04-26 16:00 ] R0 Fd16_700;Fd16_700;C:\WINNT\system32\DRIVERS\fd16_7 00 . sys [99-09-25 11:11 ] R0 IntelATA;Intel Ultra ATA Controller;C:\WINNT\system32\DRIVERS\IntelAta . sys [01-03-23 00:00 ] R0 mraid2k;mraid2k;C:\WINNT\system32\DRIVERS\mraid2k . sys [01-06-08 09:25 ] R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINNT\system32\DRIVERS\msikbd2k . sys [00-06-06 13:51 ] R1 sxgbvswp;sxgbvswp;C:\WINNT\system32\drivers\sxgbvs wp . SYS [00-09-01 11:08 ] R2 3ComDMIService;3Com DMI Agent;C:\WINNT\System32\3Com_DMI\3CDMINIC . EXE [01-04-21 10:56 ] R2 ActionAgent;ActionAgent;C:\Program Files\Dell\OpenManage\Client\ActionAgent . exe [01-08-22 09:45 ] R2 BCAITDI;3Com BCAITDI DMI TDI;C:\WINNT\system32\DRIVERS\BCAItdi . sys [01-04-18 11:00 ] R2 DLT;DLT;C:\Program Files\Dell\OpenManage\Client\DLT . exe [01-08-22 09:45 ] R2 LogWatch;Event Log Watch;C:\WINNT\LogWatNT . exe [00-06-09 00:15 ] R2 nhksrv;Netropa NHK Server;C:\Program Files\Netropa\Multimedia Keyboar	colinf (13530)
651906	2008-03-22 21:58:00	Ok . Looks like we have a stuborn file that dont want to leave . Lets see if this moves it . Download The Avenger by Swandog46 from here ( . geekstogo . com/avenger2/download . php" target="_blank">swandog46 . geekstogo . com) . Unzip/extract it to a folder on your desktop . Double click on avenger . exe to run The Avenger . Click OK . Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it . Copy all of the text in the below textbox to the clipboard by highlighting it and then pressing Ctrl+C . Files to delete: C:\WINNT\system\zhqbdf080305 . dll C:\WINNT\system32\mcdsrv16_080304 . dll Folder to delete: C:\Program Files\winp In the avenger window, click the Paste Script from Clipboard, . imageshack . us/img220/8923/pastets4 . png" target="_blank">img220 . imageshack . us button . Click the Execute button . You will be asked Are you sure you want to execute the current script? . Click Yes . You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot . Reboot now? . Click Yes . Your PC will now be rebooted . Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation . If that is the case, it will force a BSOD on the first reboot . This is normal & expected behaviour . After your PC has completed the necessary reboots, a log should automatically open . If it does not automatically open, then the log can be found at %systemdrive%\avenger . txt (typically C:\avenger . txt) . Please post this log, along with a new HijackThis log in your next reply .	Pancake (6359)
651907	2008-03-22 23:18:00	Hi Avenger and HJT logs are below ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Platform: Windows 2000 (build 2195, Service Pack 4) Sun Mar 23 11:49:20 2008 11:49:20: Error: Invalid script . A valid script must begin with a command directive . Aborting execution! ////////////////////////////////////////// ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Platform: Windows 2000 (build 2195, Service Pack 4) Sun Mar 23 11:50:56 2008 11:50:56: Error: Invalid script . A valid script must begin with a command directive . Aborting execution! ////////////////////////////////////////// ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Platform: Windows 2000 (build 2195, Service Pack 4) Sun Mar 23 12:02:24 2008 12:02:24: Error: Invalid script . A valid script must begin with a command directive . Aborting execution! ////////////////////////////////////////// ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Platform: Windows 2000 (build 2195, Service Pack 4) Sun Mar 23 12:03:44 2008 12:03:44: Error: Invalid script . A valid script must begin with a command directive . Aborting execution! ////////////////////////////////////////// ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Platform: Windows 2000 (build 2195, Service Pack 4) Sun Mar 23 12:06:39 2008 12:06:39: Error: Invalid script . A valid script must begin with a command directive . Aborting execution! ////////////////////////////////////////// Logfile of The Avenger Version 2 . 0, (c) by Swandog46 http://swandog46 . geekstogo . com Platform: Windows 2000 ******************* Script file opened successfully . Script file read successfully . Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active . No rootkits found! Error: file "C:\WINNT\system\zhqbdf080305 . dll" not found! Deletion of file "C:\WINNT\system\zhqbdf080305 . dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINNT\system32\mcdsrv16_080304 . dll" not found! Deletion of file "C:\WINNT\system32\mcdsrv16_080304 . dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "Folder to delete:" not found! Deletion of file "Folder to delete:" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: "C:\Program Files\winp" is a folder, not a file! Deletion of file "C:\Program Files\winp" failed! Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY) --> use "Folders to delete:" instead of "Files to delete:" to delete a directory Completed script processing . ******************* Finished! Terminate . ================================ // // ===================== Logfile of Trend Micro HijackThis v2 . 0 . 2 Scan saved at 12:15:06 p . m . , on 23/03/08 Platform: Windows 2000 SP4 (WinNT 5 . 00 . 2195) MSIE: Internet Explorer v6 . 00 SP1 (6 . 00 . 2800 . 1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss . exe C:\WINNT\system32\winlogon . exe C:\WINNT\system32\services . exe C:\WINNT\system32\lsass . exe C:\WINNT\system32\svchost . exe C:\WINNT\system32\spoolsv . exe C:\Program Files\Netropa\Multimedia Keyboard\nhksrv . exe C:\WINNT\System32\3Com_DMI\3CDMINIC . EXE C:\Program Files\Dell\OpenManage\Client\ActionAgent . exe C:\WINNT\system32\svchost . exe C:\WINNT\system32\svchost . exe C:\DMI\WIN32\bin\DellDmi . exe C:\Program Files\Dell\OpenManage\Client\EventAgt . exe C:\Program Files\Dell\OpenManage\Client\DLT . exe C:\WINNT\System32\svchost . exe C:\Program Files\Dell\OpenManage\Client\Iap . exe C:\WINNT\LogWatNT . exe C:\WINNT\system32\svchost . exe C:\WINNT\system32\stisvc . exe C:\WINNT\system32\svchost . exe C:\WINNT\System32\WBEM\WinMgmt . exe C:\WINNT\Explorer . EXE C:\WINNT\system32\NOTEPAD . EXE C:\Program Files\Internet Explorer\IEXPLORE . EXE C:\Program Files\Trend Micro\HijackThis\crusty . exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1 . dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1 . dll O4 - HKLM\ . . \Run: [Synchronization Manager] mobsync . exe /logon O4 - HKLM\ . . \Policies\Explorer\Run: [zhqb_df] rundll32 . exe C:\WINNT\system\zhqbdf080305 . dll mymain O4 - HKLM\ . . \Policies\Explorer\Run: [zsms] rundll32 . exe C:\WINNT\system32\mcdsrv16_080304 . dll start O12 - Plugin for . mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin . dll O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - . org/iNotes6 . cab" target="_blank">unami-dpko . org O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - . microsoft . com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site . cab?1163119885019" target="_blank">update . microsoft . com O23 - Service: 3Com DMI Agent (3ComDMIService) - 3Com Corporation - C:\WINNT\System32\3Com_DMI\3CDMINIC . EXE O23 - Service: ActionAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\ActionAgent . exe O23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi . exe O23 - Service: DEventAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\EventAgt . exe O23 - Service: DLT - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\DLT . exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp . - C:\WINNT\System32\dmadmin . exe O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap . exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS . exe O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINNT\LogWatNT . exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv . exe -- End of file - 3655 bytes	colinf (13530)
651908	2008-03-23 00:31:00	The files have gone but for some reason your computer still has them listed . . . . How is it running now ? Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions . It's IMPORTANT to carry out the instructions in the sequence listed below . 1 . Close any open browsers . 2 . Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix . Open *notepad* and copy/paste the text in the quotebox below into it: Killall:: File:: C:\WINNT\system\zhqbdf080305 . dll C:\WINNT\system32\mcdsrv16_080304 . dll c:\winnt\regedit . exe Folder: C:\Program Files\winp Save this as CFScript . txt, in the same location as ComboFix . exe which is on the Desktop . . pandora . be/bluepatchy/miekiemoes/images/CFScript . gif" target="_blank">users . pandora . be Refering to the picture above, drag CFScript . txt into ComboFix . exe When finished, it shall produce a log for you at C:\ComboFix . txt Please copy and paste the ComboFix . txt along with a fresh HijackThis log in your next reply please . *Note: Do not mouseclick combofix's window whilst it's running . That may cause it to stall* =================================== Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes . Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT . O4 - HKLM\ . . \Policies\Explorer\Run: [zhqb_df] rundll3 2 . exe C:\WINNT\system\zhqbdf080305 . dll mymain O4 - HKLM\ . . \Policies\Explorer\Run: [zsms] rundll3 2 . exe C:\WINNT\system32\mcdsrv16_080304 . dll start Reboot and post a new HJT log	Pancake (6359)
651909	2008-03-23 00:51:00	Copy the text the in the code box to notepad . Save it as fixreg . reg to your desktop . Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry . REGEDIT5 [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer\run] "zhqb_df"=- "zsms"=- After reboot post a new HJT log .	Pancake (6359)
651910	2008-03-23 03:16:00	Hi I have run the programs as requested . Combofix is still producing the "Registry Editor Error" as noted previously . The Combofix window also noted "Regedit is not recognised as an internal or external command, operable file, or batch file" Also when I double clicked on the fixreg . reg file I received the following message: "Cannot find c:\documents and setings\doughome\desktop\fixreg . reg (or one of its components) . make sure the path and filename are correct, and that all libraries are avaiable" As to the pc, well it is going faster in some respects . E . g . If I opened Winodws Explorer and clicked on the icon to expand the C:\Winnt folder tree it would take 20-30 seconds to respond, now it is almost instant, as it should be . However, when the pc boots, it proceeds fairly quickly to the logon screen but after entering the user and password, it shows the message "Loading your Settings" for 2-3 minutes before starting to show the desktop . I assume the registry is being loaded at this point . Before I started this thread, i . e . while I was still running Virus and Malware checks . I was getting a message at boot, saying my registry was full and needed its size increasing . When I went to increase the size, I found that I was increasing the size from 64MB to 128MB . I considered this to be an unusually large size for a pc that was just a basic word processor and emailer . So I ran a registry cleaning program . It found approx 5000 invalid program entries . I asked for these to be deleted, but on rerunning the reg cleaner, they had all returned . I decided to get regedit to delete them, but when i tried to run regedit, I got a file not found error . I went to its directory, C:\Winnt, and ran it from there, same message . Copied regedit to another directory, ran it again, same message . Renamed it and ran again, success . However, when I tried to delete the keys, I was not allowed to . Attempting to modify the keys was also a no go . I believe this problem still exists and may be stopping your attempts to modify the reistry and this is why the two entries you are trying to delete with HJT will not go . I hope these comments are helpful to you . The logs you requested follow . Colin ComboFix 08-03-20 . 5 - Doug McLaren 23/03/2008 14:35:06 . 4 - NTFSx86 Microsoft Windows 2000 Professional 5 . 0 . 2195 . 4 . 1252 . 1 . 1033 . 18 . 116 [GMT 12:00] Running from: C:\Documents and Settings\Doug McLaren . DOUGHOME\Desktop\ComboFix . exe Command switches used :: C:\Documents and Settings\Doug McLaren . DOUGHOME\Desktop\cfscript . txt FILE :: c:\winnt\regedit . exe C:\WINNT\system\zhqbdf080305 . dll C:\WINNT\system32\mcdsrv16_080304 . dll . TimedOut: Windir . dat TimedOut: progfile . dat ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\winnt\regedit . exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ACPIDISK -------\Legacy_MS_2FAX -------\Legacy_MXDISPDR -------\Legacy_RPCS -------\Legacy_WAMER ((((((((((((((((((((((((( Files Created from 2008-02-23 to 2008-03-23 ))))))))))))))))))))))))))))))) . 2008-03-20 20:45 . 08-03-22 23:19 742,368 ---h----- C:\WINNT\ShellIconCache 2008-03-20 09:57 . 06-03-01 01:00 158,208 --a------ C:\WINNT\SYSTEM32\mscfg . exe 2008-03-16 09:47 . 08-03-16 09:47 <DIR> d-------- C:\kav 2008-03-15 21:40 . 08-03-16 11:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-03-15 16:47 . 08-03-14 08:09 86,528 --a------ C:\WINNT\SYSTEM32\VACFix . exe 2008-03-14 16:25 . 08-03-14 16:25 <DIR> d-------- C:\Documents and Settings\Doug McLaren . DOUGHOME\Application Data\Uniblue 2008-03-11 15:59 . 08-03-11 15:59 <DIR> d-------- C:\Program Files\Trend Micro 2008-03-11 14:25 . 08-03-11 14:25 <DIR> d-------- C:\Documents and Settings\Doug McLaren . DOUGHOME\Application Data\F-Secure 2008-03-11 14:14 . 08-03-16 08:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure 2008-03-11 14:13 . 08-03-16 09:40 <DIR> d-------- C:\Program Files\F-Secure Internet Security 2008-03-11 14:11 . 08-03-11 14:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fssg 2008-03-09 19:31 . 08-03-09 19:31 <DIR> d-------- C:\Program Files\Alwil Software 2008-03-09 19:31 . 03-03-19 07:20 1,060,864 --a------ C:\WINNT\SYSTEM32\MFC71 . dll 2008-03-09 15:12 . 08-03-09 15:22 <DIR> d-------- C:\Program Files\Safer Networking 2008-03-09 09:50 . 08-03-09 09:50 0 --a------ C:\WINNT\pestpatrol5 . INI 2008-03-09 09:47 . 08-03-09 09:47 <DIR> d-------- C:\Documents and Settings\DOUGMC~1~DOU\LOCALS~1 2008-03-08 15:45 . 08-03-08 15:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2008-03-08 15:44 . 08-03-08 15:44 <DIR> d-------- C:\Program Files\Common Files\PC Tools 2008-03-08 15:41 . 08-03-08 15:41 <DIR> d-------- C:\Documents and Settings\Doug McLaren . DOUGHOME\Application Data\Comodo 2008-03-08 15:41 . 08-03-08 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo 2008-03-08 15:29 . 08-03-16 10:28 <DIR> d-------- C:\Program Files\Comodo 2008-03-07 09:32 . 08-03-07 09:32 14 --a------ C:\WINNT\SYSTEM32\-6-113-16-44 2008-03-07 09:12 . 08-03-07 09:21 <DIR> d-------- C:\Program Files\Free Window Registry Repair 2008-03-06 20:44 . 08-03-06 20:44 <DIR> d-------- C:\Temp\SmitfraudFix 2008-03-06 20:44 . 07-09-05 22:22 289,144 --a------ C:\WINNT\SYSTEM32\VCCLSID . exe 2008-03-06 20:44 . 06-04-27 15:49 288,417 --a------ C:\WINNT\SYSTEM32\SrchSTS . exe 2008-03-06 20:44 . 08-01-27 13:37 81,920 --a------ C:\WINNT\SYSTEM32\IEDFix . exe 2008-03-06 20:44 . 03-06-05 19:13 53,248 --a------ C:\WINNT\SYSTEM32\Process . exe 2008-03-06 20:44 . 04-07-31 16:50 51,200 --a------ C:\WINNT\SYSTEM32\dumphive . exe 2008-03-06 20:44 . 07-10-03 22:36 25,600 --a------ C:\WINNT\SYSTEM32\WS2Fix . exe 2008-03-06 14:52 . 08-03-06 20:47 <DIR> d-------- C:\Temp\backups 2008-03-06 14:44 . 08-03-06 20:45 <DIR> d-------- C:\Temp 2008-03-06 14:44 . 07-06-01 10:11 1,308,216 --a------ C:\Temp\HiJackThis_v2 . exe 2008-03-06 13:31 . 08-03-06 15:18 842 --a------ C:\WINNT\SYSTEM32\ActiveInfo . ini 2008-03-05 18:57 . 08-03-05 18:57 15 --a------ C:\WINNT\SYSTEM32\licon . dat 2008-03-05 18:09 . 08-03-06 13:33 248 --a------ C:\WINNT\ie . ini 2008-03-05 18:04 . 08-03-11 19:40 <DIR> d-------- C:\Program Files\winp 2008-03-05 17:56 . 08-03-05 17:56 134 --a------ C:\WINNT\checkcj . ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-03-22 09:01 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-03-22 08:51 --------- d---a-w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-21 07:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-03-20 23:06 --------- d-----w C:\Documents and Settings\Doug McLaren . DOUGHOME\Application Data\U3 2008-03-16 22:18 --------- d-----w C:\Program Files\Windows Messaging 2008-03-15 23:41 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-03-15 23:41 --------- d-----w C:\Documents and Settings\Doug McLaren . DOUGHOME\Application Data\SUPERAntiSpyware . com 2008-03-05 06:06 16,896 ----a-w C:\WINNT\FireFoxUpdater . exe 2008-02-11 08:09 --------- d-----w C:\Program Files\Google . ((((((((((((((((((((((((((((( snapshot@Fri 2008-03-21_20 . 26 . 21 . 10 ))))))))))))))))))))))))))))))))))))))))) . - 2007-04-08 05:20:28 221,632 ----a-w C:\WINNT\SYSTEM32\FNTCACHE . DAT + 2008-03-22 08:45:55 227,208 ----a-w C:\WINNT\SYSTEM32\FNTCACHE . DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "Synchronization Manager"="mobsync . exe" [03-06-20 07:05 111376 C:\WINNT\SYSTEM32\mobsync . exe] C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ Microsoft Find Fast . lnk - C:\Program Files\Microsoft Office\Office\FINDFAST . EXE [1996-11-21 115200] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer] "NoBandCustomize"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer\run] "zhqb_df"= rundll32 . exe C:\WINNT\system\zhqbdf080305 . dll mymain "zsms"= rundll32 . exe C:\WINNT\system32\mcdsrv16_080304 . dll start [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer] "NoBandCustomize"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\10 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\22 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\23 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360Safe . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\60e41 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\adam . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ADVXDWIN] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AgentSvr . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\alertsvc . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ALOGSERV] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\amon . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AMON9X] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\an006 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\anti - trojan . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AntiArp . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\antivir] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ANTS] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AppSvc32 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\arvmon . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ATCON] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AtiSrv . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ATUPDATER] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ATWATCH] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AutoGuarder . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autoruns . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AutoTrace] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVGCC32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgrssvc . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AvgServ] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVGSERV9] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVGW] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avkpop] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AvkServ] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avkservice] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avkwctl9] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AvMonitor . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avp . com] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avp . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avpmon . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avpnt . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Avrep32 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avsynmgr . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVWINNT] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVXMONITOR9X] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVXMONITORNT] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVXQUAR] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVXW] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\BullGuard] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CCAPP . EXE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccSvcHst . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfgWiz] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfind . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\claw95ct . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\clrav . com] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CMGRDIAN] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CONNECTIONMONITOR] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CPDClnt] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CTRL] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\d39 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dbghlp32 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\defalert] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\defscangui] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DEFWATCH] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dodolook_7513 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DOORS] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfc1 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dv95 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dv95_o . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EFINET32 . EXE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EFPEADM] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\eREAD . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\espwatch . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ETRUSTCIPE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EVPN] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EXPERT] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\f - agnt95 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\f - prot . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\f - prot95 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\f - stopw . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fameh32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fch32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fih32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FileDsty . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\filemon . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\findt2005 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fnrb32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fp - win . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPROT95 . EXE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\frhhusyk . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsaa] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsgk32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsm32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsma32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsmb32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FTCleanerShell . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\gbmenu] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GBPOLL] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GENERICS] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GUARD] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\haZl0oh . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\HijackThis . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IAMSTATS] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IceSword . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\icmoon . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\icssuppnt . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iparmo . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IsHelp . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\isPwdSvc . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ISRV95] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jed . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kabaload . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KaScrScn . SCR] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KASTask . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVDX . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVSetup . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVStart . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kbfz . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\killhidepid . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KISLnchr . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KMailMon . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KMFilter . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kpf . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPFW32 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPFW32X . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPFWSvc . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KRegEx . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KRepair . COM] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KsLoader . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVCenter . kxp] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvDetect . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvfwMcl . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVMonXP . kxp] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVMonXP_1 . kxp] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvol . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvolself . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvReport . kxp] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Kvsc3 . exE] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVScan . kxp] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVStub . kxp] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvupload . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvXP . kxp] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvXP_1 . kxp] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KWatch . exe] Debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KWatch9x . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KWatchX . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kzdh@webbrowser-lyrics_2012 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\LDPROMENU] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\LDSCAN] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\loaddll . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lockdownadvanced . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lucomserver . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\LUSPT] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MagicSet . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcafee] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCAGENT] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcconsol . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCMNHDLR] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCTOOL] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCUPDATE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCVSRTE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCVSSHLD] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MGHTML] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MINILOG] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mmqczj . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mmsk . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Monitor . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MPFSERVICE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msconfig . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msyaxk . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MWATCH] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mycc080223 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\my_200801 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\my_70218 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\n32scan . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVENGNAVEX15] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navrunr . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navsched . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVSetup . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navw . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ndd32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NeoWatchLog] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netutils] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nisserv . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32krn . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\notstart . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\npscheck] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\npssvc] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nsched32 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nspclean . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ntrtscan] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NTVDM] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NTXconfig] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NVSVC32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NWService] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NWTOOL16] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\offguard . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\outpost . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PADMIN] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\padmin . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pav . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavmail . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavproxy] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pcciomon . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pccmain . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pccwin97] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pcntmon] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pcscan] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\peer . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\per . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\perd . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Performance . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pertsk . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\perupd . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pervac . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pervacd . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PFW . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pfwagent . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pfwcon . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PFWLiveUpdate . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\POP3TRAP] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\POPROXY] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PORTMONITOR] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pqremove . com] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PROCESSMONITOR] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\procexp] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PROGRAMAUDITOR] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pview95] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pview95 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QHSET . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rapapp . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Ras . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavCopy . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavStore . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavStub . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ravt08 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavTask . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\REALMON] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RegClean . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regedit . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regedt32 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regmon . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rescue . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwcfg . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RfwMain . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwolusr . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwProxy . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwsrv . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RKUnHooker . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rpcs . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RsAgent . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rsaupd . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RTVSCN95] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RULAUNCH] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rundll . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\runiep . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\safelive . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sbserv] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\scvhost . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\servciesa . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\servciesb . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\servciesc . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\servciesd . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\servet . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sfc . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\shcfg32 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\smartassistant . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SmartUp . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SPYXX] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SREng . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SREngPS . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SS3EDIT] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SSDPDiscovv . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\svch0st . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\svchosts . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\svsh0st . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SweepNet] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SWNETSUP] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\symlcsvc . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SymProxySvc] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SYMTRAY] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\syscheck . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Syscheck2 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sysloader . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SysSafe . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TAUMON] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TCM] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TDS - 3] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tds2 - 98 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tds2 - nt . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\temp3 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TFAK] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\th . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\th32 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\th32upd . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\thav . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\thd . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\thd32 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\thmail . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ToolsUp . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojanDetector . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Trojanwall . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojDie . kxp] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UIHost . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxAgent . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxAttachment . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxCfg . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxFwHlp . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxPol . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UpLive . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbcmserv] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VbCons] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VCONTROL . EXE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VET32 . EXE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vet98 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VIR - HELP] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VPC32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VPTRAY] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VSMAIN] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsmon] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsscan40 . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WATCHDOG] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\webscan . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WEBTRAP] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WGFE95] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wiasoisao . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WIMMUN32] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wincheck080127 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wincom . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\winnir . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WinserviceExten . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WoptiClean . exe] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WrAdmin] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WrCtrl] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WSockDrv32 . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xin . exe] debugger=C:\windows\system32\svchost . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ZAP . EXE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ZAPD . EXE] Debugger=C:\WINNT\system32\Driver Exden . exe [HKEY_LOCAL_MACHI	colinf (13530)
1 2 3 4 5 6