W32/Inject-APC

Category: Viruses and Spyware Protection available since:25 Sep 2013 19:56:07 (GMT)
Type: Win32 worm Last Updated:25 Sep 2013 19:56:07 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of W32/Inject-APC include:

Example 1

File Information

Size
1.5M
SHA-1
01eb263ea0ad9f870393da50345d602003e3b780
MD5
033849eac1293faf5b31a35a61a591f4
CRC-32
b121c672
File type
Windows executable
First seen
2013-09-20

Runtime Analysis

Dropped Files
  • F:/9DAEED8257A292D1F983/Desktop.ini
  • C:\Documents and Settings\All Users\Start Menu\Windows DVD Maker.exe
    Size
    71K
    SHA-1
    b659d0e666b8ba75d18c8894049b9d99f4015421
    MD5
    d2b488742cc94d5d3e619a83e8d4af07
    CRC-32
    6eee786e
    File type
    Windows executable
    First seen
    2013-08-29
  • F:/9DAEED8257A292D1F983/S-1-3-01-4631041401-1277863829-464015834-1505/F4E6CA734D8C9D9EAE.exe
    Size
    71K
    SHA-1
    b659d0e666b8ba75d18c8894049b9d99f4015421
    MD5
    d2b488742cc94d5d3e619a83e8d4af07
    CRC-32
    6eee786e
    File type
    Windows executable
    First seen
    2013-08-29
  • F:/9DAEED8257A292D1F983/S-1-3-01-4631041401-1277863829-464015834-1505/Desktop.ini
  • C:\Documents and Settings\All Users\Start Menu\Programs\Windows Media Center.exe
    Size
    71K
    SHA-1
    b659d0e666b8ba75d18c8894049b9d99f4015421
    MD5
    d2b488742cc94d5d3e619a83e8d4af07
    CRC-32
    6eee786e
    File type
    Windows executable
    First seen
    2013-08-29
  • C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Update.exe
    Size
    71K
    SHA-1
    b659d0e666b8ba75d18c8894049b9d99f4015421
    MD5
    d2b488742cc94d5d3e619a83e8d4af07
    CRC-32
    6eee786e
    File type
    Windows executable
    First seen
    2013-08-29
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\Windows Anytime Upgrade.exe
    Size
    71K
    SHA-1
    b659d0e666b8ba75d18c8894049b9d99f4015421
    MD5
    d2b488742cc94d5d3e619a83e8d4af07
    CRC-32
    6eee786e
    File type
    Windows executable
    First seen
    2013-08-29
  • F:/9DAEED8257A292D1F983/8FA69C5D58F4EEE3F1.exe
    Size
    71K
    SHA-1
    b659d0e666b8ba75d18c8894049b9d99f4015421
    MD5
    d2b488742cc94d5d3e619a83e8d4af07
    CRC-32
    6eee786e
    File type
    Windows executable
    First seen
    2013-08-29
  • c:\Documents and Settings\test user\Start Menu\Fax y Esc□ner de Windows.exe
    Size
    71K
    SHA-1
    b659d0e666b8ba75d18c8894049b9d99f4015421
    MD5
    d2b488742cc94d5d3e619a83e8d4af07
    CRC-32
    6eee786e
    File type
    Windows executable
    First seen
    2013-08-29
  • C:\WINDOWS\system32\drivers\etc\hosts
    Size
    518K
    SHA-1
    236f988b99e440c16756230ecb653f8c87fc70b8
    MD5
    facecd9b24203245323a881382450cc0
    CRC-32
    9a0347bb
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-09-25
  • c:\Documents and Settings\test user\Start Menu\Programs\Internet Explorer.exe
    Size
    71K
    SHA-1
    b659d0e666b8ba75d18c8894049b9d99f4015421
    MD5
    d2b488742cc94d5d3e619a83e8d4af07
    CRC-32
    6eee786e
    File type
    Windows executable
    First seen
    2013-08-29
  • c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe
    Size
    71K
    SHA-1
    b659d0e666b8ba75d18c8894049b9d99f4015421
    MD5
    d2b488742cc94d5d3e619a83e8d4af07
    CRC-32
    6eee786e
    File type
    Windows executable
    First seen
    2013-08-29
Modified Files
  • %SYSTEM%\drivers\etc\hosts
    • Changed the file contents
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwsc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcontrol.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Diskmon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winmgm32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccshtdwn.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecmd.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitornt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cv.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    PromptOnSecureDesktop
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsbgate.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwin9x.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Security Center
    InternetSettingsDisableNotify
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spf.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpcmap.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweepnet.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\unzip.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcpevalsetup.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKCU\Software\Microsoft\Windows Script Host\Settings
    Enabled
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpftray.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bd_professional.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dumphive.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fix-it.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cclaw.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\watchdog.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UI0Detect.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SandboxieCrypto.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iomon98.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kav8.0.0.357es.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fwinstall.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKCU\Software\Policies\Microsoft\Windows\System
    DisableCMD
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcmserv.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntrtscan.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rapapp.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pop3trap.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\popscan.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trojantrap3.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HJTInstall.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootwarn.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsuppnt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcleaner.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\swreg.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrflux.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SbieCtrl.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htlog.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neomonitor.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pview.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aupdate.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qconsole.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kis8.0.0.506latam.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmiav.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firewall.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrtcl.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\proport.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spysweeper.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nmain.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tmlisten.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avscan.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95ct.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgw.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monsys32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsm32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winppr32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamstats.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navsched.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530stbyb.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus
    DisableMonitoring
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deputy.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nupgrade.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atro55en.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vccmserv.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\swsc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nav80try.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\evpn.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\expert.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npf40_tw_98_nt_me_2k.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgui.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\purge.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wyvernworksfirewall.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscan.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\periscope.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fast.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HiJackThis.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gibe.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirus.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvsvc32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sched.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackd.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\ftp\UserChoice
    Progid
    IE.FTP
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\generics.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweep.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atupdater.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UserAccountControlSettings.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tca.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpf.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navauto-protect.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\poproxy.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ahnsd.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notstart.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VACFix.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashWebSv.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\w32dsm89.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avshadow.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navlu32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutorzauinst.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nui.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwinst4.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsgk32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoupdate.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsecomr.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navrunr.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisum.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-agnt95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netscanpro.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sd.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpm.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldscan.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcfwallicon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\portmonitor.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winhlpp32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netstat.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsched32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcuimgr.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwatson.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsupp95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavsvc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shstat.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpfw30s.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Opera_964_int_Setup.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Procmon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnpc3000.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile
    EnableFirewall
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fih32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\acs.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icload95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbust.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcagent.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEDFix.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntdetect.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pptbc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SandboxieDcomLaunch.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpmon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-98.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fwenc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsetup.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwtool16.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsaa.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-pf-213-en-win.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpm.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-nt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostproinstall.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfgwiz.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcip10117_0.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsched.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcc32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKCU\Software\Microsoft\Internet Explorer\Main
    Default_Page_URL
    http://www.buscaid.com/
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcc2002s902.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsched.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prckiller.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dv95_o.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mwatch.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fact.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xscan.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rshell.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\panixk.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctrl.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak5.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv9.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscn95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winroute.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
    c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe
    RUNASADMIN
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exantivirus-cnet.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\localnet.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcscan.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfw32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ogrc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\undoboot.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nd98spst.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ostronet.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamapp.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netinfo.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmon016.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wgfe95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ants.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navex15.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\moolive.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\virusmdpersonalfirewall.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanh95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\update.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HostsChk.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\schedapp.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luspt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\minilog.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpupd.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sysdoc32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\connectionmonitor.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netspyhunter-1.2.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsma32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avrescue.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wingate.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmoon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\route.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavw.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guarddog.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardhlp.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Filemon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zauinst.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\edi.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostinstall.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bs120.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sdclt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navdx.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msblast.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nai_vs_stat.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tasklist.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npscheck.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsupp.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\syshelp.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SandboxieRpcSs.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcc2k_76_1436.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\espwatch.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navstub.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\st2.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Safari.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavcl.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwinntw.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winrecon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvarch16.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sphinx.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanpm.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmor.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pingscan.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navnt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\azonealarm.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccclient.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flowprotector.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\persfw.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccpxysvc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pspf.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webtrap.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netcfg.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\padmin.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tgbob.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectx.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ComboFix.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpnt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfind.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\n32scanw.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc42.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_findviru.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweep95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfservice.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vmsrvc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsisetup.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpdclnt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxw.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpers40eng.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\processmonitor.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\penis32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
    HomePage
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfwadmin.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\normist.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiadmin.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\efpeadm.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldnetmon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\serv95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shn.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vptray.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup_flowprotector_us.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisserv.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcsetup.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndntspst.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navap.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mxtask.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\n32scan.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fssm32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7win.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwctl9.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a2servic.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjsetup.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall
    DisableMonitoring
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csinject.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ent.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
    NoFile
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atguard.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\killprocesssetup161.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsscan40.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wradmin.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgctrl.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiaudit.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpromenu.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbam.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wuauclt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\norton_internet_secu_3.0_407.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsynmgr.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winservices.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neowatchlog.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonalarm.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKCU\Software\Microsoft\Internet Explorer\Download
    RunInvalidSignatures
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jammer.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titaninxp.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\callmsi.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
    c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe
    RUNASADMIN
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinperse.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Restart.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjscan.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atwatch.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cdp.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lookout.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ss3edit.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssmmc32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Security Center\Svc
    AntiSpywareOverride
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sbserv.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvlaunch.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sofi.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinntse.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcscanpdsetup.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmitfraudFix.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpinst.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ChromeSetup.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\swnetsup.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanv95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwnb181.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rulaunch.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aplica32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcm.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Regmon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autotrace.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutor.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkpop.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iris.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvapsvc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanhnt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fa-setup.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\perswf.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WS2Fix.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npssvc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vettray.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidef.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpfnt206.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkserv.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autodown.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wrctrl.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bisp.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msinfo32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds-3.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwntdwmo.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wimmun32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccsetmgr.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95_0.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspatch.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apimonitor.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monitor.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmasn.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pathping.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\supftrl.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tracerpt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice
    Progid
    IE.HTTPS
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbpoll.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\swxcacls.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defscangui.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe
    c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe:*:Enabled:@xpsp2res.dll,-53342401
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswin9xe.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isrv95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice
    Progid
    IE.AssocFile.HTM
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nprotect.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netmon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luall.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winsfcm.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gpedit.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ave32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfagent.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FirewallControlPanel.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav8win32eng.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qserver.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vshwin32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Security Center\Monitoring
    DisableMonitoring
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrp-421-en-win.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmias.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcdsetup.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsave32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mu0311ad.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntxconfig.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dv95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppvstop.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avptc32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defwatch.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\routemon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zlh.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msn.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antigen.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symtray.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sh.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shellspyinstall.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SandboxieBITS.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcpsvs32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmavsp.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pf2.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\efinet32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\portdetective.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwservice.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tauscan.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsmb32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Netscape.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwebloader.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
    EnableFirewall
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GenericRenosFix.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frw.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanpc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pev.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sgssfw32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbscan.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpexec.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\findviru.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccwin97.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jed.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titanin.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avupgsvc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SandboxieWUAU.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscenu6.02d30.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccpfw.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmain.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwinnt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavlite40eng.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fslaunch.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\css1631.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrte.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcons.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csinsm32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\doors.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luinit.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\offguard.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530wtbyb.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wfindv32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfmessenger.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown2000.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcupdate.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nupdate.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackice.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spider.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf9x206.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVServer.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnlan300.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tftpd.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\etrustcipe.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner3.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iface.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\portmon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nc2000.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95cf.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcadmin.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\earthagent.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavproxy.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\licmgr.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcp.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndd32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mctool.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rrguard.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fch32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Process.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HelpPane.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcciomon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tracert.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvc95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lucomserver.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BullGuard.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkservice.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\programauditor.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidserver.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfw2en.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exit.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrl-421-en-win.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpdos32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drvins32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-stopw.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpro.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamgui.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccwin98.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet98.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scvhosl.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monsysnt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfeann.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UCCLSID.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defalert.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vfsetup.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\whoswatchingme.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    NoFolderOptions
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamservice.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sharedaccess.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vvstat.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symproxysvc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FirewallSettings.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexplorerv1.0.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdll.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alerter.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SbieSvc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\esafe.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwcl9.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleToolbarInstaller_download_signed.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\supporter5.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explored.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nav32_loader.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icloadnt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ewido.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxquar.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfweng3.02d30.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppinupdt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ping.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonalm2601.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navwnt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hacktracersetup.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\naveng.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\realmon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netarmor.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeweb.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsched32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmnhdlr.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccevtmgr.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccntmon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbmenu.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweepsrv.sys.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccmain.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\borg2.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netutils.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpcc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spyxx.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\srwatch.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tmntsrv.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SrchSTS.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clamauto.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mghtml.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmgrdian.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icssuppnt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EHttpSrv.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scrscan.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win_trial.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navengnavex15.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guard.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luau.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings
    Enabled
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamserv.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wink.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti-trojan.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hidec.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    NoAutoRebootWithLoggedOnUsers
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccguide.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
    Progid
    IE.HTTP
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon9x.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpd.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WerFault.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hwpe.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ifw2000.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsrte.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taumon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpf.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecls.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setupvameeval.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpf202en.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monwow.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\w9x.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pview95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscan.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ncinst4.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clean.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitor9x.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscan40.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
Registry Keys Modified
  • HKCR\HTTP\shell\open\command
    (Default)
    "C:\Program Files\Internet Explorer\iexplore.exe"
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
    LowRiskFileTypes
    .exe
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    DoNotAllowExceptions
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Security Center
    FirewallDisableNotify
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Internet Explorer\Main
    Start Page
    http://www.okaysearch.com/
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    ShowSuperHidden
    0x00000000
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
    DoNotAllowExceptions
    0x00000000
  • HKCU\Software\Microsoft\Internet Explorer\Main
    Search Page
    http://www.buscaid.com/
  • HKCR\ftp\shell\open\command
    (Default)
    "C:\Program Files\Internet Explorer\iexplore.exe"
  • HKCR\https\shell\open\command
    (Default)
    "C:\Program Files\Internet Explorer\iexplore.exe"
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
    DisableTaskMgr
    0x00000001
  • HKCU\Control Panel\Sound
    Beep
    no
  • HKLM\SYSTEM\CurrentControlSet\Services\wscsvc
    Start
    0x00000004
  • HKCU\Software\Microsoft\Internet Explorer\Download
    CheckExeSignatures
    no
Processes Created
  • c:\Documents and Settings\test user\aa8572077abf7717\898e75.exe
  • c:\Documents and Settings\test user\aa8572077abf7717\d68f3e632d.exe
  • c:\windows\system32\svchost.exe
HTTP Requests
  • http://cloud.ns1.dnsdynnet.com/
  • http://whos.amung.us/swidget/78ejo1rdbrrt
  • http://widgets.amung.us/small/00/11.png
DNS Requests
  • cloud.ns1.dnsdynnet.com
  • whos.amung.us
  • widgets.amung.us

Example 2

File Information

Size
1.4M
SHA-1
0d3dab5c7a5ecea9b1e536c9292ca7e058e9751c
MD5
b1628dbef4f8d3323a2875eb204f5a40
CRC-32
5830107b
File type
Windows executable
First seen
2013-09-20

Runtime Analysis

Dropped Files
  • F:/9DAEED8257A292D1F983/Desktop.ini
  • C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Update.exe
    Size
    71K
    SHA-1
    b659d0e666b8ba75d18c8894049b9d99f4015421
    MD5
    d2b488742cc94d5d3e619a83e8d4af07
    CRC-32
    6eee786e
    File type
    Windows executable
    First seen
    2013-08-29
  • C:\Documents and Settings\All Users\Start Menu\Windows DVD Maker.exe
    Size
    71K
    SHA-1
    b659d0e666b8ba75d18c8894049b9d99f4015421
    MD5
    d2b488742cc94d5d3e619a83e8d4af07
    CRC-32
    6eee786e
    File type
    Windows executable
    First seen
    2013-08-29
  • c:\Documents and Settings\test user\Start Menu\Fax y Esc□ner de Windows.exe
    Size
    71K
    SHA-1
    b659d0e666b8ba75d18c8894049b9d99f4015421
    MD5
    d2b488742cc94d5d3e619a83e8d4af07
    CRC-32
    6eee786e
    File type
    Windows executable
    First seen
    2013-08-29
  • F:/9DAEED8257A292D1F983/S-1-3-01-4631041401-1277863829-464015834-1505/Desktop.ini
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\Windows Anytime Upgrade.exe
    Size
    71K
    SHA-1
    b659d0e666b8ba75d18c8894049b9d99f4015421
    MD5
    d2b488742cc94d5d3e619a83e8d4af07
    CRC-32
    6eee786e
    File type
    Windows executable
    First seen
    2013-08-29
  • c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe
    Size
    71K
    SHA-1
    b659d0e666b8ba75d18c8894049b9d99f4015421
    MD5
    d2b488742cc94d5d3e619a83e8d4af07
    CRC-32
    6eee786e
    File type
    Windows executable
    First seen
    2013-08-29
  • c:\Documents and Settings\test user\Start Menu\Programs\Internet Explorer.exe
    Size
    71K
    SHA-1
    b659d0e666b8ba75d18c8894049b9d99f4015421
    MD5
    d2b488742cc94d5d3e619a83e8d4af07
    CRC-32
    6eee786e
    File type
    Windows executable
    First seen
    2013-08-29
  • F:/9DAEED8257A292D1F983/8FA69C5D58F4EEE3F1.exe
    Size
    71K
    SHA-1
    b659d0e666b8ba75d18c8894049b9d99f4015421
    MD5
    d2b488742cc94d5d3e619a83e8d4af07
    CRC-32
    6eee786e
    File type
    Windows executable
    First seen
    2013-08-29
  • C:\Documents and Settings\All Users\Start Menu\Programs\Windows Media Center.exe
    Size
    71K
    SHA-1
    b659d0e666b8ba75d18c8894049b9d99f4015421
    MD5
    d2b488742cc94d5d3e619a83e8d4af07
    CRC-32
    6eee786e
    File type
    Windows executable
    First seen
    2013-08-29
  • F:/9DAEED8257A292D1F983/S-1-3-01-4631041401-1277863829-464015834-1505/F4E6CA734D8C9D9EAE.exe
    Size
    71K
    SHA-1
    b659d0e666b8ba75d18c8894049b9d99f4015421
    MD5
    d2b488742cc94d5d3e619a83e8d4af07
    CRC-32
    6eee786e
    File type
    Windows executable
    First seen
    2013-08-29
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsched.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEDFix.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcc32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwtool16.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-pf-213-en-win.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navex15.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prckiller.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak5.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wgfe95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcscan.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\localnet.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navdx.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\moolive.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\minilog.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmoon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\route.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pspf.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nai_vs_stat.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcc2k_76_1436.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvarch16.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vptray.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccpxysvc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_findviru.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\efpeadm.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsisetup.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpdclnt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbam.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\serv95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mxtask.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjsetup.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csinject.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wuauclt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titaninxp.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcscanpdsetup.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lookout.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cdp.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wrctrl.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpinst.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvapsvc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fa-setup.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ave32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bisp.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmasn.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netmon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice
    Progid
    IE.HTTPS
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbpoll.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\efinet32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfagent.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmias.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmavsp.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defwatch.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\routemon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wyvernworksfirewall.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvsvc32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\w32dsm89.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atupdater.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UserAccountControlSettings.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Procmon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutorzauinst.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navrunr.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpfw30s.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\portmonitor.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winhlpp32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dumphive.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnpc3000.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Diskmon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKCU\Software\Microsoft\Windows Script Host\Settings
    Enabled
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwin9x.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Security Center
    InternetSettingsDisableNotify
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firewall.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fix-it.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcmserv.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qconsole.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootwarn.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsuppnt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwservice.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95ct.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nav80try.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamstats.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navsched.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\css1631.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tauscan.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavlite40eng.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titanin.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\portmon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrte.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner3.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackice.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf9x206.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drvins32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95cf.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfw2en.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lucomserver.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvc95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\supporter5.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpdos32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monsysnt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SbieSvc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vvstat.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\srwatch.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonalm2601.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spyxx.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsched32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmnhdlr.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsrte.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SrchSTS.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guard.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hwpe.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti-trojan.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hidec.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecls.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clean.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npf40_tw_98_nt_me_2k.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\purge.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgui.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SandboxieDcomLaunch.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntdetect.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pptbc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fwenc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpmon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-98.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsched.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpm.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsaa.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-nt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfgwiz.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcip10117_0.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostproinstall.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKCU\Software\Microsoft\Internet Explorer\Main
    Default_Page_URL
    http://www.okaysearch.com/
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsetup.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcc2002s902.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fact.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mwatch.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xscan.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rshell.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\panixk.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv9.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctrl.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winroute.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dv95_o.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscn95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netinfo.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfw32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ogrc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamapp.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\undoboot.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ostronet.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nd98spst.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ants.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exantivirus-cnet.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmon016.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HostsChk.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\connectionmonitor.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\update.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\schedapp.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luspt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpupd.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netspyhunter-1.2.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\virusmdpersonalfirewall.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsma32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanh95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sysdoc32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bs120.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guarddog.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavw.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Filemon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostinstall.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zauinst.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\edi.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardhlp.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sdclt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wingate.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npscheck.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\espwatch.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tasklist.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsupp.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\syshelp.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navstub.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SandboxieRpcSs.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Safari.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavcl.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msblast.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\st2.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccclient.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmor.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sphinx.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanpm.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flowprotector.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navnt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\azonealarm.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pingscan.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\persfw.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwinntw.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tgbob.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\n32scanw.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\padmin.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectx.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc42.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ComboFix.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfind.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netcfg.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vmsrvc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webtrap.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpnt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiadmin.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\processmonitor.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpers40eng.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxw.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfwadmin.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
    HomePage
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\normist.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\penis32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shn.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfservice.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldnetmon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisserv.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fssm32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcsetup.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndntspst.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navap.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\n32scan.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwctl9.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup_flowprotector_us.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7win.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgctrl.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ent.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall
    DisableMonitoring
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
    NoFile
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wradmin.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsscan40.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\killprocesssetup161.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atguard.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiaudit.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a2servic.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpromenu.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neowatchlog.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
    c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe
    RUNASADMIN
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsynmgr.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonalarm.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKCU\Software\Microsoft\Internet Explorer\Download
    RunInvalidSignatures
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\callmsi.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jammer.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinperse.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winservices.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjscan.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\norton_internet_secu_3.0_407.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Restart.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sofi.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ss3edit.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssmmc32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvlaunch.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Security Center\Svc
    AntiSpywareOverride
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sbserv.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmitfraudFix.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinntse.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwnb181.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autotrace.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanv95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rulaunch.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aplica32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Regmon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcm.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutor.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ChromeSetup.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkpop.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\swnetsup.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WS2Fix.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\perswf.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vettray.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkserv.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidef.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpfnt206.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npssvc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autodown.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanhnt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwntdwmo.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monitor.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds-3.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccsetmgr.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wimmun32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95_0.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apimonitor.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspatch.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pathping.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msinfo32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\supftrl.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice
    Progid
    IE.AssocFile.HTM
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\swxcacls.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe
    c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe:*:Enabled:@xpsp2res.dll,-53342401
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defscangui.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isrv95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nprotect.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswin9xe.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luall.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winsfcm.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Security Center\Monitoring
    DisableMonitoring
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsave32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FirewallControlPanel.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vshwin32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav8win32eng.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qserver.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcdsetup.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrp-421-en-win.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntxconfig.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppvstop.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gpedit.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mu0311ad.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SandboxieBITS.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zlh.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msn.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antigen.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shellspyinstall.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sh.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcpsvs32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symtray.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pf2.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avptc32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\portdetective.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sched.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fast.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HiJackThis.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gibe.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirus.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackd.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\periscope.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\generics.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscan.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\ftp\UserChoice
    Progid
    IE.FTP
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashWebSv.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpf.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tca.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navauto-protect.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VACFix.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ahnsd.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notstart.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\poproxy.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navlu32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweep.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avshadow.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwinst4.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-agnt95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsgk32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoupdate.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsecomr.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisum.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sd.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nui.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpm.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netscanpro.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsched32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netstat.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcuimgr.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shstat.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsupp95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavsvc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwatson.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Opera_964_int_Setup.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcfwallicon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icload95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccshtdwn.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\acs.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbust.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcagent.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwsc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winmgm32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcontrol.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitornt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fih32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cv.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile
    EnableFirewall
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecmd.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spf.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpcmap.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcpevalsetup.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\unzip.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweepnet.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bd_professional.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsbgate.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpftray.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SandboxieCrypto.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntrtscan.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UI0Detect.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iomon98.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kav8.0.0.357es.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fwinstall.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKCU\Software\Policies\Microsoft\Windows\System
    DisableCMD
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pop3trap.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\watchdog.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\popscan.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cclaw.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rapapp.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aupdate.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\swreg.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcleaner.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrflux.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pview.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htlog.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neomonitor.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SbieCtrl.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmiav.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HJTInstall.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kis8.0.0.506latam.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nmain.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monsys32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spysweeper.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tmlisten.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avscan.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgw.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\proport.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrtcl.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsm32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\swsc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus
    DisableMonitoring
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530stbyb.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deputy.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atro55en.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vccmserv.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nupgrade.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\expert.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winppr32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\evpn.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
    EnableFirewall
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbscan.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwebloader.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GenericRenosFix.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frw.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanpc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sgssfw32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pev.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Netscape.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\findviru.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsmb32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpexec.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwinnt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avupgsvc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SandboxieWUAU.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmain.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscenu6.02d30.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccpfw.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fslaunch.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jed.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\doors.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfmessenger.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csinsm32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luinit.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\offguard.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wfindv32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530wtbyb.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcupdate.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcons.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown2000.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nupdate.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\etrustcipe.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVServer.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tftpd.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnlan300.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nc2000.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iface.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\licmgr.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Process.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcp.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavproxy.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mctool.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndd32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rrguard.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fch32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcadmin.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HelpPane.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\earthagent.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidserver.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BullGuard.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\programauditor.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkservice.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrl-421-en-win.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcciomon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exit.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccwin98.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfeann.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamgui.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet98.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UCCLSID.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scvhosl.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\whoswatchingme.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpro.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vfsetup.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-stopw.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defalert.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\esafe.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symproxysvc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sharedaccess.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FirewallSettings.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdll.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alerter.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexplorerv1.0.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleToolbarInstaller_download_signed.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamservice.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwcl9.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ewido.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navwnt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nav32_loader.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxquar.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfweng3.02d30.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppinupdt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hacktracersetup.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ping.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netarmor.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icloadnt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\realmon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explored.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\naveng.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netutils.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccntmon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccevtmgr.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbmenu.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpcc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\borg2.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccmain.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweepsrv.sys.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tmntsrv.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icssuppnt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings
    Enabled
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmgrdian.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EHttpSrv.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scrscan.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win_trial.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navengnavex15.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamserv.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mghtml.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clamauto.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luau.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WerFault.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    NoAutoRebootWithLoggedOnUsers
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpd.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
    Progid
    IE.HTTP
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon9x.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccguide.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taumon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ifw2000.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpf202en.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitor9x.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setupvameeval.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monwow.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\w9x.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pview95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ncinst4.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscan.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpf.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscan40.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
    c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe
    RUNASADMIN
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avrescue.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winrecon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweep95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atwatch.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iris.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tracerpt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dv95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldscan.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    PromptOnSecureDesktop
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trojantrap3.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccwin97.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spider.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tracert.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    NoFolderOptions
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeweb.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wink.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
Registry Keys Modified
  • HKCU\Control Panel\Sound
    Beep
    no
  • HKCU\Software\Microsoft\Internet Explorer\Main
    Search Page
    http://www.okaysearch.com/
  • HKLM\SOFTWARE\Microsoft\Internet Explorer\Main
    Start Page
    http://www.okaysearch.com/
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
    DisableTaskMgr
    0x00000001
  • HKCR\https\shell\open\command
    (Default)
    "C:\Program Files\Internet Explorer\iexplore.exe"
  • HKLM\SYSTEM\CurrentControlSet\Services\wscsvc
    Start
    0x00000004
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    ShowSuperHidden
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
    LowRiskFileTypes
    .exe
  • HKCR\ftp\shell\open\command
    (Default)
    "C:\Program Files\Internet Explorer\iexplore.exe"
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    DoNotAllowExceptions
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Security Center
    FirewallDisableNotify
    0x00000001
  • HKCU\Software\Microsoft\Internet Explorer\Download
    CheckExeSignatures
    no
  • HKCR\HTTP\shell\open\command
    (Default)
    "C:\Program Files\Internet Explorer\iexplore.exe"
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
    DoNotAllowExceptions
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\aa8572077abf7717\898e75.exe
  • c:\Documents and Settings\test user\aa8572077abf7717\d68f3e632d.exe
  • c:\windows\system32\svchost.exe
HTTP Requests
  • http://cloud.ns1.dnsdynnet.com/
  • http://whos.amung.us/swidget/78ejo1rdbrrt
  • http://widgets.amung.us/small/00/7.png
DNS Requests
  • cloud.ns1.dnsdynnet.com
  • whos.amung.us
  • widgets.amung.us

Example 3

File Information

Size
294K
SHA-1
18aced340184c65e883724776bd2015eff99e26b
MD5
1ffbea01f78139a1a251b5a9ff49cc7f
CRC-32
3bcfc3c1
File type
Windows executable
First seen
2013-09-19

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Update.exe
  • C:\Documents and Settings\All Users\Start Menu\Programs\Windows Media Center.exe
  • C:\Documents and Settings\All Users\Start Menu\Windows DVD Maker.exe
  • F:/9DAEED8257A292D1F983/8FA69C5D58F4EEE3F1.exe
  • F:/9DAEED8257A292D1F983/S-1-3-01-4631041401-1277863829-464015834-1505/F4E6CA734D8C9D9EAE.exe
  • c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe
  • c:\Documents and Settings\test user\Start Menu\Fax y Esc□ner de Windows.exe
  • c:\Documents and Settings\test user\Start Menu\Programs\Internet Explorer.exe
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\Windows Anytime Upgrade.exe
Dropped Files
  • F:/9DAEED8257A292D1F983/Desktop.ini
  • C:\WINDOWS\system32\drivers\etc\hosts
    Size
    575K
    SHA-1
    98c2e3d642b584cb236d34f09b22479104dbd263
    MD5
    062bf9aaf57800b628cb1e881110c78a
    CRC-32
    8601267e
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-09-25
  • F:/9DAEED8257A292D1F983/S-1-3-01-4631041401-1277863829-464015834-1505/Desktop.ini
Modified Files
  • %SYSTEM%\drivers\etc\hosts
    • Changed the file contents
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-98.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostproinstall.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcc2002s902.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcscan.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mwatch.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsched.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exantivirus-cnet.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netspyhunter-1.2.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanh95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sdclt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\connectionmonitor.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SandboxieRpcSs.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navstub.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectx.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\serv95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_findviru.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfservice.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweep95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navap.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisserv.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsscan40.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\callmsi.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Restart.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lookout.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanv95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\swnetsup.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
    c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe
    RUNASADMIN
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iris.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WS2Fix.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aplica32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcm.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msinfo32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autodown.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apimonitor.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppvstop.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfagent.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symtray.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcpsvs32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweep.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atupdater.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ahnsd.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpfw30s.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-agnt95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpm.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netscanpro.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcontrol.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Opera_964_int_Setup.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\acs.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iomon98.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kav8.0.0.357es.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\watchdog.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcleaner.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pop3trap.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntrtscan.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nmain.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95ct.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atro55en.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\css1631.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\offguard.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwinnt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csinsm32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\licmgr.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\portmon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner3.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exit.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvc95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-stopw.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxquar.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vvstat.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\realmon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleToolbarInstaller_download_signed.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccmain.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tmntsrv.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonalm2601.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamserv.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings
    Enabled
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hwpe.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WerFault.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Filemon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpfnt206.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fix-it.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fa-setup.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpinst.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\unzip.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrflux.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsuppnt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tauscan.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titanin.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FirewallSettings.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-nt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-pf-213-en-win.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ostronet.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prckiller.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\edi.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanpm.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nai_vs_stat.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\localnet.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\moolive.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\azonealarm.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\route.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ogrc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvarch16.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wuauclt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\killprocesssetup161.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpdclnt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defscangui.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vptray.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csinject.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cdp.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssmmc32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
    NoFile
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sbserv.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\normist.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\processmonitor.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccpxysvc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bisp.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbpoll.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antigen.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gpedit.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SandboxieBITS.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notstart.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\routemon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavsvc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutorzauinst.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcuimgr.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnpc3000.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winhlpp32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UserAccountControlSettings.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpcmap.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navauto-protect.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neomonitor.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Security Center
    InternetSettingsDisableNotify
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vccmserv.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deputy.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccpfw.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navsched.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SandboxieWUAU.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrte.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sharedaccess.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95cf.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lucomserver.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdll.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drvins32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\programauditor.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\borg2.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explored.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbmenu.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf9x206.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon9x.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccguide.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SrchSTS.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hidec.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpf.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmnhdlr.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntdetect.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fwenc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsched.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsetup.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwtool16.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKCU\Software\Microsoft\Internet Explorer\Main
    Default_Page_URL
    http://www.okaysearch.com/
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfgwiz.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SandboxieDcomLaunch.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xscan.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcc32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsaa.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pptbc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEDFix.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpmon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpm.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fact.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winroute.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctrl.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\panixk.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navex15.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfw32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak5.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv9.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wgfe95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
    c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe
    RUNASADMIN
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nd98spst.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmon016.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\undoboot.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgui.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npf40_tw_98_nt_me_2k.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\purge.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwcl9.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ewido.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SbieSvc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icloadnt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ping.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppinupdt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nav32_loader.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icssuppnt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsched32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccntmon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweepsrv.sys.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccevtmgr.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeweb.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\naveng.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navwnt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netarmor.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hacktracersetup.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win_trial.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mghtml.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmgrdian.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpcc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scrscan.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\srwatch.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clamauto.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EHttpSrv.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navengnavex15.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guard.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taumon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti-trojan.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    NoAutoRebootWithLoggedOnUsers
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wink.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luau.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
    Progid
    IE.HTTP
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ifw2000.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsrte.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monwow.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecls.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setupvameeval.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpf202en.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\w9x.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscan.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pview95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ncinst4.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscan40.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clean.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitor9x.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscn95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ants.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\schedapp.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\update.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavw.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luspt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsma32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netinfo.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\virusmdpersonalfirewall.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navdx.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sysdoc32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guarddog.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardhlp.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avrescue.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\minilog.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zauinst.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpupd.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmoon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wingate.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npscheck.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bs120.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsupp.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msblast.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\syshelp.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tasklist.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Safari.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navnt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwinntw.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\espwatch.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pingscan.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winrecon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcc2k_76_1436.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sphinx.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\st2.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmor.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pspf.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netcfg.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tgbob.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webtrap.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccclient.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ComboFix.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\padmin.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\persfw.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsisetup.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vmsrvc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc42.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfind.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxw.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\penis32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\n32scanw.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpnt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpers40eng.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
    HomePage
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcsetup.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shn.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup_flowprotector_us.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiadmin.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldnetmon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndntspst.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\efpeadm.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ent.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbam.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall
    DisableMonitoring
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwctl9.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjsetup.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atguard.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a2servic.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\n32scan.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7win.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mxtask.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpromenu.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonalarm.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiaudit.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\norton_internet_secu_3.0_407.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neowatchlog.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winservices.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKCU\Software\Microsoft\Internet Explorer\Download
    RunInvalidSignatures
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgctrl.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsynmgr.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinperse.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinntse.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjscan.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atwatch.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titaninxp.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ss3edit.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcscanpdsetup.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rulaunch.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmitfraudFix.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwnb181.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ChromeSetup.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Security Center\Svc
    AntiSpywareOverride
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sofi.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvapsvc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutor.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkpop.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wrctrl.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npssvc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanhnt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidef.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autotrace.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccsetmgr.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Regmon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwntdwmo.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\perswf.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wimmun32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ave32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspatch.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\supftrl.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pathping.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice
    Progid
    IE.HTTPS
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95_0.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds-3.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmasn.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winsfcm.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isrv95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monitor.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav8win32eng.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netmon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tracerpt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luall.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qserver.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswin9xe.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FirewallControlPanel.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe
    c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe:*:Enabled:@xpsp2res.dll,-53342401
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\swxcacls.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Security Center\Monitoring
    DisableMonitoring
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmias.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrp-421-en-win.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntxconfig.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vshwin32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice
    Progid
    IE.AssocFile.HTM
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\efinet32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mu0311ad.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmavsp.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msn.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dv95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcdsetup.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pf2.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zlh.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsave32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sh.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\portdetective.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avptc32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fast.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gibe.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HiJackThis.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscan.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\generics.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\ftp\UserChoice
    Progid
    IE.FTP
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\poproxy.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackd.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpf.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sched.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvsvc32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tca.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirus.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avshadow.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsgk32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\w32dsm89.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nui.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashWebSv.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoupdate.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsecomr.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwinst4.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sd.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcfwallicon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsupp95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\portmonitor.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsched32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netstat.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navrunr.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldscan.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwatson.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisum.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Procmon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icload95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fih32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile
    EnableFirewall
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwsc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcagent.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbust.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Diskmon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winmgm32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dumphive.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwin9x.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecmd.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweepnet.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cv.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsbgate.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spf.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    PromptOnSecureDesktop
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccshtdwn.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitornt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UI0Detect.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bd_professional.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SandboxieCrypto.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cclaw.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKCU\Software\Policies\Microsoft\Windows\System
    DisableCMD
    0x00000001
  • HKCU\Software\Microsoft\Windows Script Host\Settings
    Enabled
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpftray.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fwinstall.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SbieCtrl.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\popscan.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trojantrap3.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\swreg.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firewall.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootwarn.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rapapp.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HJTInstall.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcmserv.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aupdate.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kis8.0.0.506latam.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tmlisten.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qconsole.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmiav.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\proport.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrtcl.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spysweeper.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avscan.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winppr32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamstats.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwservice.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsm32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus
    DisableMonitoring
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530stbyb.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nupgrade.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nav80try.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\expert.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Netscape.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frw.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monsys32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
    EnableFirewall
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\evpn.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GenericRenosFix.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgw.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\swsc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsmb32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\findviru.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pev.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpexec.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanpc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jed.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbscan.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscenu6.02d30.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fslaunch.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavlite40eng.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luinit.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcons.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\doors.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccwin97.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin95.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sgssfw32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530wtbyb.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nc2000.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nupdate.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcupdate.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spider.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVServer.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcp.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wfindv32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnlan300.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfmessenger.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iface.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown2000.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\earthagent.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackice.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mctool.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavproxy.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rrguard.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndd32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpdos32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcadmin.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\etrustcipe.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HelpPane.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcciomon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfw2en.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BullGuard.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkservice.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Process.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fch32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrl-421-en-win.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tracert.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet98.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidserver.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamgui.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scvhosl.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccwin98.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpro.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\whoswatchingme.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vfsetup.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defalert.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfweng3.02d30.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexplorerv1.0.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symproxysvc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monsysnt.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfeann.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UCCLSID.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\esafe.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamservice.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    NoFolderOptions
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vettray.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wyvernworksfirewall.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dv95_o.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rshell.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HostsChk.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavcl.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fssm32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jammer.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defwatch.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\periscope.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navlu32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htlog.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwebloader.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avupgsvc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\supporter5.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spyxx.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tc.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcip10117_0.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamapp.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostinstall.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flowprotector.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfwadmin.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wradmin.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvlaunch.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkserv.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nprotect.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shellspyinstall.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VACFix.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shstat.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcpevalsetup.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pview.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmain.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tftpd.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alerter.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netutils.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpd.exe
    Debugger
    "c:\Documents and Settings\test user\AA8572077ABF7717\898E75.exe"
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Security Center
    FirewallDisableNotify
    0x00000001
  • HKCR\HTTP\shell\open\command
    (Default)
    "C:\Program Files\Internet Explorer\iexplore.exe"
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
    LowRiskFileTypes
    .exe
  • HKCU\Software\Microsoft\Internet Explorer\Download
    CheckExeSignatures
    no
  • HKCR\https\shell\open\command
    (Default)
    "C:\Program Files\Internet Explorer\iexplore.exe"
  • HKCU\Control Panel\Sound
    Beep
    no
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    ShowSuperHidden
    0x00000000
  • HKCR\ftp\shell\open\command
    (Default)
    "C:\Program Files\Internet Explorer\iexplore.exe"
  • HKLM\SOFTWARE\Microsoft\Internet Explorer\Main
    Start Page
    http://www.okaysearch.com/
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    DoNotAllowExceptions
    0x00000000
  • HKLM\SYSTEM\CurrentControlSet\Services\wscsvc
    Start
    0x00000004
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
    DoNotAllowExceptions
    0x00000000
  • HKCU\Software\Microsoft\Internet Explorer\Main
    Search Page
    http://www.okaysearch.com/
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
    DisableTaskMgr
    0x00000001
Processes Created
  • c:\Documents and Settings\test user\aa8572077abf7717\898e75.exe
  • c:\windows\system32\svchost.exe
HTTP Requests
  • http://cloud.ns1.dnsdynnet.com/
  • http://whos.amung.us/swidget/78ejo1rdbrrt
  • http://widgets.amung.us/small/00/9.png
DNS Requests
  • cloud.ns1.dnsdynnet.com
  • whos.amung.us
  • widgets.amung.us

download Try Sophos products for free
Download now