Trojan.DownLoader6.50728

Technical Information

To ensure autorun and distribution:

Modifies the following registry keys:

[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\supftrl.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\st2.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweep.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\supporter5.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ss3edit.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spider.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sphinx.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\srwatch.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spyxx.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweep95.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\syshelp.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sysdoc32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tasklist.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symtray.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweepsrv.sys.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweepnet.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symproxysvc.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\swnetsup.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spf.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sd.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scvhosl.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\serv95.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sdclt.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scrscan.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan95.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\schedapp.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanpm.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup_flowprotector_us.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smc.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shn.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sofi.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fwinstall.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shellspyinstall.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sgssfw32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setupvameeval.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sharedaccess.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sh.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmon.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcmserv.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\update.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbust.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcons.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\undoboot.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjscan.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tracert.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trojantrap3.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjsetup.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwin9x.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet95.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vettray.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet98.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcsetup.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vccmserv.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwinntw.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcontrol.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcleaner.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tracerpt.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcm.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tca.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcpsvs32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tc.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taumon.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbscan.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tauscan.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-98.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titanin.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tgbob.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tmntsrv.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titaninxp.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tftpd.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds-3.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-nt.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak5.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sbserv.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccwin97.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccpfw.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcdsetup.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccwin98.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccntmon.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccguide.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccclient.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccmain.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcciomon.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcfwallicon.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\perswf.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\persfw.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfwadmin.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pf2.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\periscope.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcscan.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcip10117_0.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\penis32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcscanpdsetup.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcc2k_76_1436.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ogrc.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\offguard.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ostronet.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwtool16.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvsvc32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvlaunch.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwservice.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwinst4.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostinstall.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsched.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavproxy.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcc2002s902.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavw.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavcl.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\padmin.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostproinstall.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pathping.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\panixk.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ping.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\realmon.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav8win32eng.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7win.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rapapp.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qserver.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscn95.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeweb.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rulaunch.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rshell.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\route.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rrguard.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\routemon.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qconsole.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\portmonitor.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\portdetective.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pptbc.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppinupdt.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\popscan.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pingscan.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\poproxy.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pop3trap.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppvstop.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\purge.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pspf.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pview95.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pview.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectx.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexplorerv1.0.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\processmonitor.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\proport.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\programauditor.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vfsetup.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avupgsvc.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avshadow.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfeann.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcadmin.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avscan.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwebloader.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\licmgr.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardhlp.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UserAccountControlSettings.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sched.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwsc.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fact.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shstat.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fslaunch.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cclaw.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zlh.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Regmon.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndntspst.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kav8.0.0.357es.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WS2Fix.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nd98spst.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kis8.0.0.506latam.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Filemon.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Netscape.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Safari.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Procmon.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prckiller.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gpedit.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\portmon.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemc.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SandboxieWUAU.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SbieSvc.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SandboxieCrypto.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SandboxieBITS.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamservice.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HiJackThis.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wuauclt.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamgui.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbam.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SandboxieDcomLaunch.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HelpPane.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\swreg.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7DF2E19834DF76BF63F6E1CE4F9DAE873DB28398BEB3BEFD' = '%HOMEPATH%\6514D49585E42555\winlogon.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'CBABAE2683B21A14F855064BB63923320C8882C6F9C1C006' = '%HOMEPATH%\6514D49585E42555\winlogon.exe'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hidec.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SbieCtrl.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SandboxieRpcSs.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pev.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ComboFix.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\earthagent.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spysweeper.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tmlisten.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\acs.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vmsrvc.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antigen.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashWebSv.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpcmap.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a2servic.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcuimgr.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BullGuard.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UI0Detect.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WerFault.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clamauto.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVServer.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavsvc.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ewido.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UCCLSID.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscan.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\watchdog.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webtrap.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\w9x.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinperse.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinntse.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\w32dsm89.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vvstat.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wfindv32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winmgm32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wink.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winrecon.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winppr32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winhlpp32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\whoswatchingme.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wgfe95.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wingate.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wimmun32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswin9xe.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpfw30s.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc42.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscan.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vptray.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\virusmdpersonalfirewall.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnpc3000.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnlan300.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscan40.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmon.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmain.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsscan40.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsisetup.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsched.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscenu6.02d30.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vshwin32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsecomr.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winroute.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Restart.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Process.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exit.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dumphive.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntdetect.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Opera_964_int_Setup.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleToolbarInstaller_download_signed.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HJTInstall.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ChromeSetup.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GenericRenosFix.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\swsc.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\swxcacls.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VACFix.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\unzip.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Diskmon.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEDFix.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HostsChk.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SrchSTS.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmitfraudFix.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fa-setup.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wrctrl.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wradmin.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wyvernworksfirewall.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsbgate.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnt.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winsfcm.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winservices.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmiav.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmias.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpf202en.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonalarm.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zauinst.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonalm2601.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutorzauinst.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xscan.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutor.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csinsm32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csinject.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctrl.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\css1631.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpfnt206.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpd.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\connectionmonitor.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf9x206.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpdclnt.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cv.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\doors.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deputy.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drvins32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpf.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defwatch.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwntdwmo.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwnb181.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defscangui.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defalert.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmon016.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiaudit.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiadmin.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfind.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfgwiz.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccsetmgr.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccpxysvc.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cdp.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccshtdwn.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanpc.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner3.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmgrdian.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95cf.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clean.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95ct.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwatson.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-agnt95.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fch32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fast.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explored.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\evpn.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\etrustcipe.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\expert.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exantivirus-cnet.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fih32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flowprotector.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fix-it.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firewall.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\findviru.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FirewallSettings.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FirewallControlPanel.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\espwatch.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecmd.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecls.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\edi.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95_0.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dv95.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dv95_o.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\efinet32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanh95.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\esafe.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanv95.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanhnt.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ent.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\efpeadm.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EHttpSrv.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccevtmgr.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atwatch.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atupdater.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autodown.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aupdate.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atro55en.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aplica32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atguard.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autotrace.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv9.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkpop.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgw.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgctrl.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoupdate.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcc32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ave32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apimonitor.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_findviru.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpm.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti-trojan.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon9x.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ants.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirus.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alerter.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ahnsd.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkserv.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bd_professional.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\azonealarm.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidserver.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidef.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxw.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitor9x.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxquar.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitornt.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcp.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bs120.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\borg2.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\callmsi.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootwarn.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bisp.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcpevalsetup.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackice.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackd.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwinnt.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpcc.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpexec.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpdos32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwcl9.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkservice.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnt.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwctl9.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpinst.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsched32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avrescue.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin95.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsynmgr.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpupd.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpmon.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpm.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avptc32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpnt.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot95.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nai_vs_stat.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\n32scanw.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nav80try.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nav32_loader.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\n32scan.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mu0311ad.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssmmc32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mxtask.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mwatch.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navap.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navex15.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navengnavex15.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navnt.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navlu32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\naveng.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navdx.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navauto-protect.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspatch.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monitor.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\minilog.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monsysnt.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monsys32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgui.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrtcl.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfweng3.02d30.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mghtml.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrte.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monwow.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msblast.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msn.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msinfo32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrflux.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfagent.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\moolive.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpftray.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfservice.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navrunr.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfmessenger.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npf40_tw_98_nt_me_2k.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npscheck.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nprotect.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notstart.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nmain.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\norton_internet_secu_3.0_407.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\normist.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npssvc.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvapsvc.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nupgrade.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvc95.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvarch16.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nupdate.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntrtscan.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsched32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nui.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntxconfig.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisum.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ncinst4.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nc2000.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neomonitor.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndd32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navwnt.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navstub.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navsched.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neowatchlog.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netstat.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netspyhunter-1.2.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisserv.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netutils.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netscanpro.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netcfg.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netarmor.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netmon.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netinfo.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfw2en.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hwpe.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htlog.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamserv.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamapp.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hacktracersetup.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gibe.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\generics.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guarddog.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guard.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamstats.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icssuppnt.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmoon.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsupp95.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsupp.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmon.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmavsp.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmasn.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icloadnt.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icload95.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbpoll.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530wtbyb.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530stbyb.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsaa.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot95.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frw.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win_trial.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav95.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-stopw.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fssm32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbmenu.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fwenc.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsmb32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsgk32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsave32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsma32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsm32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsuppnt.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luall.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsetup.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lucomserver.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luau.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lookout.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\localnet.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldscan.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown2000.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luinit.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsrte.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcupdate.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdll.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mctool.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcagent.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luspt.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmnhdlr.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpromenu.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jammer.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isrv95.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jed.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iris.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ifw2000.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iface.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmor.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iomon98.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavlite40eng.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfw32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpf.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpro.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldnetmon.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\killprocesssetup161.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-pf-213-en-win.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpers40eng.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrp-421-en-win.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrl-421-en-win.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'

Creates or modifies the following files:

%ALLUSERSPROFILE%\Start Menu\Programs\Startup\Windows Update.exe
%HOMEPATH%\Start Menu\Programs\Startup\Windows Anytime Upgrade.exe

Creates the following files on removable media:

<Drive name for removable media>:\689702D9F110DDB941AA\7A0F7C9DF95AAB89CF.exe
<Drive name for removable media>:\autorun.inf
<Drive name for removable media>:\689702D9F110DDB941AA\S-1-3-01-4631041401-952401369-464015834-1505\80CB22A7F72ADD7817.exe
<Drive name for removable media>:\689702D9F110DDB941AA\Desktop.ini
<Drive name for removable media>:\689702D9F110DDB941AA\S-1-3-01-4631041401-952401369-464015834-1505\Desktop.ini

Malicious functions:

To bypass firewall, removes or modifies the following registry keys:

[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%HOMEPATH%\6514D49585E42555\winlogon.exe' = '%HOMEPATH%\6514D49585E42555\winlogon.exe:*:Enabled:@xpsp2res.dll,-53342401'
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%HOMEPATH%\6514D49585E42555\winlogon.exe' = '%HOMEPATH%\6514D49585E42555\winlogon.exe:*:Enabled:@xpsp2res.dll,-70554750'
[<HKLM>\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%HOMEPATH%\6514D49585E42555\winlogon.exe' = '%HOMEPATH%\6514D49585E42555\winlogon.exe:*:Enabled:@xpsp2res.dll,-28956246'
[<HKLM>\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%HOMEPATH%\6514D49585E42555\winlogon.exe' = '%HOMEPATH%\6514D49585E42555\winlogon.exe:*:Enabled:@xpsp2res.dll,-57951861'
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'DoNotAllowExceptions' = '00000000'
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'DisableNotifications' = '00000001'
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'EnableFirewall' = '00000000'

To complicate detection of its presence in the operating system,

forces the system hide from view:

hidden files
file extensions

blocks execution of the following system utilities:

Command Prompt (CMD)
Windows Task Manager (Taskmgr)
Registry Editor (RegEdit)

blocks the following features:

System Restore (SR)
User Account Control (UAC)
Windows Security Center

Creates and executes the following:

%HOMEPATH%\6514D49585E42555\winlogon.exe

Executes the following:

<SYSTEM32>\wbem\unsecapp.exe -Embedding
<SYSTEM32>\svchost.exe

Terminates or attempts to terminate

the following system processes:

<SYSTEM32>\ctfmon.exe

the following user processes:

mpftray.exe
NAVAPW32.EXE
MCAGENT.EXE
fsav32.exe
GUARD.EXE
nod32.exe
zapro.exe
ZONEALARM.EXE
smc.exe
opera.exe
outpost.exe
fsav.exe
AVP.EXE
AVP32.EXE
AVP.COM
AVGCC32.EXE
AVGCTRL.EXE
AVPCC.EXE
ecmd.exe
ekrn.exe
ccapp.exe
AVPM.EXE
AVSYNMGR.EXE

Modifies settings of Windows Explorer:

[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] 'NoFolderOptions' = '00000000'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFolderOptions' = '00000000'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoRun' = '00000001'

Modifies settings of Windows Internet Explorer:

[<HKCU>\Software\Microsoft\Internet Explorer\Download] 'RunInvalidSignatures' = '00000001'
[<HKCU>\Software\Microsoft\Internet Explorer\Download] 'CheckExeSignatures' = 'no'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Associations] 'LowRiskFileTypes' = '.exe'

Sets a new unauthorized home page for Windows Internet Explorer.

Modifies file system :

Creates the following files:

%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Microsoft Office 2010 Professionaus.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Adobe After Effects CS4 (Final) + Crack [RH].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Adobe.Photoshop.CS5.Extended.v12.Keygen.Only.EMBRACE-Deantjah.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Virtual DJ v7.0 PRO + Crack [ChattChitto RG].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Microsoft Windows 7 Ultimate Retail(Final) x86 and x64.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\WinRAR 3.93 Final 32Bit And 64Bit Full {blaze69}.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Microsoft Office 2010 Professional [CRACKED].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Microsoft OFFICE 2010 Pro Plus PRECRACKED.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Adobe Photoshop CS5 Extended (Crack + Instructions).exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\MICROSOFT OFFICE 2010 PERMANENT ACTIVATOR [thethingy].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Windows 7 Ultimate - 32 Bit (Auto Activation) - Cracked.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Microsoft Office 2007 Enterprise + Serial Key - {RedDragon}.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Nero 10.0 + Serials - DivXNL-Team.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Nero Burning ROM 10.5.10300 +Serial [UT].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\MICROSOFT OFFICE WORD 2007 [thethingy].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\MICROSOFT OFFICE 2010 WORD X64 [thethingy].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Adobe After Effects CS5 [Win][CyberPiraten].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\ADOBE PHOTOSHOP LIGHTROOM 3.4 [thethingy].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\AVG Internet Security 2011 v10.0.1120 Build 3152 Multi + Serials.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\ADOBE PREMIERE PRO CS5.5 [thethingy].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\AVS Video Converter V7.1.2.480 + Crack {blaze69}.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Virtual DJ Pro 7 & Serieal.exe
C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\drivetable.txt
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Windows.7.ULTIMATE.SP1.ALL.EDITIONS.32-64.bit-MAFIAA.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\KMS Activator for Microsoft Office 2010 Applications x86 x64 Mul.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Corel Draw X5 with keygen.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\ADOBE ILLUSTRATOR CS5.1 [thethingy].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Windows 7 Loader eXtreme Edition v3.503-NAPALUM~DiBYA.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\WinZip PRO FINAL v15.0 + Serials [ChattChitto RG].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\ADOBE DREAMWEAVER CS5.5 [thethingy].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\FRUITY LOOPS Studio Producer Edition 9-cracks incl.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\ADOBE PHOTOSHOP CS5.1 EXTENDED EDITION [thethingy].exe
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\TRON Legacy (2010) DVDRip XviD-MAX.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Harry Potter and the Deathly Hallows Part 1 DVDRip XviD-MAX.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Pirates of the Caribbean On Stranger Tides 2011 TS XviD AC3 HQ H.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Transformers Dark of the Moon 2011 TS XViD - IMAGiNE.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Inception (2010) DVDRip XviD-MAX.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\The Way Back (2010) DVDRip XviD-MAX.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\No Strings Attached 2011 BDRip XviD-AMIABLE.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Zindagi Na Milegi Dobara - DVDScr - XviD - 1CDRip - [DDR].avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Take Me Home Tonight 2011 DVDRip XViD-EP1C.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\The Lincoln Lawyer 2011 480p BRRip XviD AC3-AsA.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Rio (2011) R5 XviD-MAX.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\The Mountie[2011]DVDRip XviD-ExtraTorrentRG.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Paul (2011) DVDRip XviD-MAX.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Rango (2011) DVDSCR XviD-MAX.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Kung Fu Panda 2 2011 TS AC3 XViD-EP1C.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Delhi Belly 2011 Hindi Pre-DVDRip XviD E-SuB xRG.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Iron Man 2 (2010) DVDRip XviD-MAX.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Deiva Thirumagal(Tamil 2011)HQ DVDSCR Rip(New)@mastitorrents.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Just Go With It[2011]R5 XviD-ExtraTorrentRG.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Robin Hood (2010) UNRATED DVDRip XviD-MAX.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\DriverPack Solution 11 (x32-x64) [ Victory].exe
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Faster DVDRip XviD-ARROW.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Hereafter (2010) DVDRip XviD-MAX.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\The Hit List 2011 BRRip XviD AC3-ELiTE.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Season of the Witch (2011) DVDRip XviD-MAX.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Limitless 2011 R5 LiNE XViD - IMAGiNE [NO RAR].avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Drive Angry (2011) DVDRip XviD-MAX.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Horrible_Bosses_2011_XViD_CAM_DTRG.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\The Hangover (2009) DVDSCR-MAXSPEED.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Jackass 3D UNRATED DVDRip XviD-DEFACED.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\The Next Three Days (2010) DVDRip XviD-MAX.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Pinnacle Studio 15 HD Ultimate - by Mick (Full Version).exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Microsoft Office Home and Student 2007 Activation Keys.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\FL Studio 10.0.2 Producer Edition (x32x64).exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Fraps v3.4.0 (Full Registered Version) [RH].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Microsoft.Windows.XP.SP3.Professional.March.2011.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Adobe Photoshop CS5 + Serial [1337x] [Ahmed].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Adobe Photoshop CS3 Extended Version Full + Crack.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Microsoft Office 2007.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\ADOBE FLASH PROFESSIONAL CS5.5 [thethingy].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\MAGIX Music Maker 17 Premium incl. content packs - english.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\ADOBE PHOTOSHOP CS4 EXTENDED EDITION [thethingy].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Nero 8 Ultra Edition 8.3.2.1 [PC] [Multilanguage].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Microsoft Office 2007 - Product keySerial.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Ableton Live Suite 8.1.1 + Easy Patch.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Sony Vegas PRO 10.0c+Keygen(x86x64)(Registered) [ kk ].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Windows 7 Activator Patch [2010] - [GuruFuel].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\AUTODESK AUTOCAD V2012 MULTI WIN32-ISO.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\ADOBE CREATIVE SUITE 5.5 MASTER COLLECTION [thethingy].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Microsoft Office 2010 Pro. FULL CRACKED [PRIME].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Atomix Virtual DJ Pro V7.02 {Precracked} + Addons {blaze69}.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Windows 7 Activator RemoveWAT v2.2.5.2 by Hazar.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Windows XP Professional SP3 - Activated.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Internet Download Manager 6.04 Final + Crack-[HB].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Ashampoo Burning Studio 10.10.0.1 +Key (32-64bit) -TrT.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Antares Autotune VST v5.09 [T-Pain Software Sound Like T-Pain].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Microsoft Visual Studio 2010 Ultimate x86-TKiSO.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\CyberLink powerdirector 9 with key by TheAaax9.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Office 2010 Toolkit and EZ-Activator v 2.1.6 Final.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Steinberg Cubase 5.1 - Advanced Music Production System.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\MICROSOFT OFFICE 2010 POWERPOINT X64 [thethingy].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Autodesk AutoCAD 2010 [64-bit].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Rosetta Stone 3.4.5 + Crack(VasiaZozulia).exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Cinema 4D Studio V12 Full iso.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\ADOBE CS5 5 MASTER COLLECTION KEYGEN WIN OSX-XFORCE.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\TuneUp Utilities 2011 v10.0.2011.65 + Crack-Serials [CC RG].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\avast! Pro AV + IS v6.0.1000 Final + Crack [Till 2050] - loco.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Adobe Photoshop CS5 Ext. Edition [+SERIALS ].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\ADOBE AFTER EFFECTS CS5.5 [thethingy].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\WinRAR 4.00 32Bit And 64Bit Full-Version {blaze69}.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Adobe Acrobat Pro X v10.0 Multilingual (Full) [RH].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\MICROSOFT OFFICE 2010 COMBINED EDITION X86 [thethingy].exe
C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\_filelst.cfg
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\VLC Media Player.1.1.5.final.updated(windows all).aaaevilacharya.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Alcohol 120 7 + serial -TrT.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\PowerISO v4.7 + Serials [ChattChitto RG].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Windows XP Activation Crack.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Sony Vegas Pro 10 x86-x64 Cracked-TL.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\ESET NOD32 Anti-Virus 4.0.468.0-For Life.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Rosetta Stone v3.4.5 (with 22 Languages v3).exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Windows.7.Ultimate.Sp1.32bit.x86.June.2011.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\ Acces.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\ Outlook.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Total Video Converter HD v3.71 + Serials [ChattChitto RG].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Guitar Pro 5.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Microsoft Windows XP Professional SP3 Integrated July 2011.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Microsoft Office Enterprise 2010 Corporate Final (full activated.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\ Powerpoint.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\MICROSOFT OFFICE 2003+KEY.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\MICROSOFT OFFICE 2010 ACTIVATOR [thethingy].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Adobe Dreamweaver CS5 [Win]-[CyberPiraten].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\AVG Anti-Virus Professional 9.0 Build 663a1706 + Keygen [RH].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\ Excel.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Microsoft Office Xp Pro (Word.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Windows 7 Activation - Remove WAT v2.2.5.2 (ThumperTM).exe
%TEMP%\EBFDF3CEE3016952F0\MUSICA\The Lonely Island - Turtleneck And Chain 2011-FNT.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Enrique Iglesias - Dirty Dancer Ft Usher & Lil Wayne 2011 (YOUSE.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Katy Perry & Kanye West - E.T [2011] - Mp3ViLLe.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Big Sean - Finally Famous (Full Album) [Silver RG] - PR!M3.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Tinie Tempah - Written in the Stars.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\David Guetta - The Best Of 2010.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Kelly Rowland - Motivation (feat. Lil Wayne) [2011-Single][MJN].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Bruno Mars - The Lazy Song(Radio Edit)[320kbps].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Eminem-Recovery-(Retail)-2010-[NoFS].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Katy Perry - Last Friday Night (T.G.I.F.).mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\500 Oldies Superhits[mp3].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Black Eyed Peas - Just Can't Get Enough [2011-Single][SW].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Bruno Mars-Doo Wops And Hooligans-2010-H3X.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Alexandra Stan - Mr. Saxobeat 320kbps.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Lady Gaga-Born This Way (Special Edition) 2CD 2011-pLAN9.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\ ft. Eric Turner.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\The Rolling Stones - Greatest Hits (2008) 320 vtwin88cube.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Maroon_5-Hands_All_Over_ (Deluxe_Edition)-2010-DOH.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Nicole Scherzinger ft. 50 Cent - Right There @320kbps [PRIME].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Drake-Thank.Me.Later-(Retail)-2010-[NoFS].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Adele - 19 (Deluxe Edition).mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Nicki Minaj - Super Bass [Single Mp3 2011].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\100 Dance Club_Hits_Vol.2-2011-.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\LMFAO ft. Lauren Bennett & Goon Rock - Party Rock Anthem.mp3.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Diddy & Dirty Money - I'm Coming Home (feat. Skylar Grey).mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Katy Perry-Teenage Dream mp3.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Rihanna - Only Girl (In The World) [2010-Single][MJN].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Wiz Khalifa - Black and Yellow [2010-Single@320][TJ].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Lady Gaga - The Edge Of Glory.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Fleet Foxes - Helplessness Blues [mp3-320-2011][trfkad].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Ke$ha (Kesha) - Animal Deluxe Edition (2010)'JB59.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Rihanna - Loud [2010-MP3-Cov][Bubanee].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Kanye West-My Beautiful Dark Twisted Fantasy (Explicit) @320kbps.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\David Guetta feat. Nicki Minaj & Flo Rida - Where Them Girls At.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\LMFAO - Party Rock Anthem [2011-Single@320][TJ].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Black Eyed Peas - The Beginning (Deluxe Edition) 2010-DOH.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Pitbull - Give Me Everything (feat. Ne-Yo) [2011-Single][SW].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Adele - 21_PROPER_320kbps_VRTX.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Mumford And Sons - Sigh No More (Album).mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Jennifer Lopez - On The Floor (Feat. Pitbull).mp3.pif
%HOMEPATH%\Start Menu\Programs\Internet Explorer.exe
%HOMEPATH%\Start Menu\Fax y Escaner de Windows.exe
%HOMEPATH%\6514D49585E42555\winlogon.exe
%ALLUSERSPROFILE%\Start Menu\Windows DVD Maker.exe
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Adele - 21 (Limited Edition CD-Rip @320kbps Bonus+Cov) [PRIME].mp3.pif
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\buscaid[1]
%ALLUSERSPROFILE%\Start Menu\Programs\Windows Media Center.exe
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Rihanna - LOUD (2011 With 5 Bonus Tracks).mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Snoop Dogg - Sweat (David Guetta Remix) [2011-Single][SW].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Foo Fighters 2011 Wasting Light 320 Kbps.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Chris Brown - F.A.M.E Deluxe [2011-MP3-Cov][Bubanee].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Jessie J - Price Tag (feat. B.o.B) [2011-Single][MJN].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Lil Wayne - How To Love (Tha Carter IV) [2011] {mp3}.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\The_Script-Science_And_Faith-2010-CaHeSo.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Chris Brown Ft Lil Wayne & Busta Rhymes - Look At Me Now [Single.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Jessie J - Who You Are 2011 Album [Deluxe Edition].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Adele - Rolling In the Deep [2010-Single][SW].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Now Thats What I Call Music 78 (2011) - 2CD.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Beyonce-4_(Deluxe_Edition)-2CD-2011-VOiCE.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Nicki Minaj - Pink Friday (Deluxe Edition) 2011.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Lil.Wayne-Sorry.4.The.Wait-(Deluxe.Edition)-2011-[NoFS].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\ Afrojack Nayer - Give Me Everything (Tonight).mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Pitbull ft. Ne-Yo.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Lady GaGa - The Fame Monster 2CDRip 2009 [Cov+2CD][Bubanee].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Martin Solveig Feat. Dragonette - Hello.mp3.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\David Guetta ft. Taio Cruz & Ludacris - Little Bad Girl @320kbps.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Tinie Tempah Ft Eric Turner-Written In The Stars-(Single)-2010-T.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\David Guetta-Gettin' Over You (Feat. Fergie & LMFAO).mp3.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\The Veteran (2011) DVDRip XviD-ICE.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Source Code (2011) DVDRip XviD-MAX.avi.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Beyonce - Best Thing I Never Had (2nd Single) (iTunes Version).mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\DJ Khaled - We The Best Forever (2011) $AC3$.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Drake.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Dj Khaled Ft Lil Wayne.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Trey.Songz-Passion.Pain.And.Pleasure-(Deluxe.Edition)-2010-[NoFS.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Rick Ross-Im On One (Cdq-Dirty)Dj.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Katy Perry - Firework [Single 2010].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Jason Aldean - My Kinda Party CDRip -2010- [MJN].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Take That - Progress (2010) @ 320kbs.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\X-Men First Class 2011 R5 LiNE READNFO XViD-IMAGiNE.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Bridesmaids 2011 TS XViD DTRG.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Unknown (2011) DVDRip XviD-MAX.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Transformers 3 Dark of the Moon CAMRip V2 RELIZLAB ENGLISH AUDI.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Just Go with It (2011) DVDRip XviD-MAX.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Arthur 2011 DVDRip XviD-TARGET.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\The.Hangover.Part.II.2011.TS.XViD-EP1C.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\I Am Number Four (2011) DVDRip XviD-MAX.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Harry Potter and the Deathly Hallows Part 1[2010]DVDRip XviD-Ext.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Ironclad 2011 BDRiP XViD-PSiG.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Bad Teacher 2011 TS XViD DTRG.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Harry Potter and the Deathly Hallows Part 2 2011 TS UnKnOwN.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Sucker Punch (2011) DVDRip XviD-MAX.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Cars 2 2011 TS XViD-IMAGiNE.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\The Adjustment Bureau (2011) DVDRip XviD-MAX.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Hall Pass (2011) DVDRip XviD-MAX.avi.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Shakira Feat. Pitbull - Rabiosa [2011Single] 320 kbps.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Pitbull - Hey Baby (ft. T-Pain) [2010-Single][MJN].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Wiz Khalifa - Rolling Papers.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Bon Iver - Bon Iver [mp3-320-2011][trfkad].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Bruno Mars - Grenade.mp3.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Kid.Cudi-Man.on.The.Moon.II-The.Legend.of.Mr.Rager-(Retail)-2010.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Nicki Minaj - Pink Friday [2010-MP3-Cov][Bubanee].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Eminem Feat. Rihanna - Love The Way You Lie.mp3.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Foster the People - Torches [192kbps].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Britney Spears - Femme Fatale (Deluxe Edition-2011).mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Florence And The Machine-Between Two Lungs-2CD-2010-CaHeSo.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Bruno Mars - Just the Way You Are [2010-Single][MJN].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Coldplay - Every Teardrop Is A Waterfall (2011) Single - woollyt.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Lady Antebellum - Need You Now (Retail.2010)'JB59.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Jeremih - Down On Me (feat. 50 Cent).mp3.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Jason Derulo - Dont Wanna Go Home @320kbps (FULL) [PRIME].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Lil.Wayne-Rebirth-Retail.Deluxe.Edition)-2010-[NoFS].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Jason Derulo - Don't Wanna Go Home [2011-Single][MJN].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Dr. Dre - I Need a Doctor (feat. Eminem) [2011-Single][MJN].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Jennifer Lopez - I'm Into You (ft. Lil Wayne) [2011-Single@320].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Cee Lo Green - The Lady Killer (Deluxe) -2010-[SW].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Taylor Swift - Fearless.Platinum Edition+Bonus (2009.JB59).mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Eminem Discography.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Lil.Wayne-Im.Not.A.Human.Being.EP-(Retail)-2010-[NoFS].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Chris Brown - Beautiful People (ft. Benny Benassi) [2011-Single].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\The Black Keys [DISCOGRAPHY] [320Kbps].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Enrique Iglesias - Tonight (feat. Ludacris)(Dirty)~Struzzin~.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Kesha - Blow(2010) (320kbps).mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Big Sean - Finally Famous [album [2011-MP3-Cov] [love Rulz].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Black Eyed Peas - The Time (The Dirty Bit) 256kbps CDQ [WooZ].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\P!nk (Pink) - Raise Your Glass [2010-Single][MJN].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Miguel-All I Want Is You-2010-CR.mp3.pif

Sets the 'hidden' attribute to the following files:

<Drive name for removable media>:\689702D9F110DDB941AA\7A0F7C9DF95AAB89CF.exe
<Drive name for removable media>:\autorun.inf
<Drive name for removable media>:\689702D9F110DDB941AA\S-1-3-01-4631041401-952401369-464015834-1505\80CB22A7F72ADD7817.exe
<Drive name for removable media>:\689702D9F110DDB941AA\Desktop.ini
<Drive name for removable media>:\689702D9F110DDB941AA\S-1-3-01-4631041401-952401369-464015834-1505\Desktop.ini

Deletes the following files:

<SYSTEM32>\Restore\MachineGuid.txt
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\buscaid[1]
<DRIVERS>\etc\hosts

Substitutes the HOSTS file.

Network activity:

Connects to:

'93##########9b1r19i04dqp3v4p5r.ipcheker.com':80
'34##########bt4jotdyc0262xs5pn.ipcheker.com':80
'yw##########4jq50u9yqt8354e16d.ipcheker.com':80
'www.bu##aid.com':80
'wh##.amung.us':80
'h3##########u4a52z4692jf51c1g0.ipcheker.com':80
'localhost':1044

TCP:

HTTP GET requests:

93##########9b1r19i04dqp3v4p5r.ipcheker.com/
34##########bt4jotdyc0262xs5pn.ipcheker.com/
yw##########4jq50u9yqt8354e16d.ipcheker.com/
www.bu##aid.com/?ad#
wh##.amung.us/swidget/26n2qf7pnk0x
h3##########u4a52z4692jf51c1g0.ipcheker.com/
wh##.amung.us/swidget/243dr2pd8x85

UDP:

DNS ASK 93##########9b1r19i04dqp3v4p5r.ipcheker.com
DNS ASK 34##########bt4jotdyc0262xs5pn.ipcheker.com
DNS ASK yw##########4jq50u9yqt8354e16d.ipcheker.com
DNS ASK wh##.amung.us
DNS ASK h3##########u4a52z4692jf51c1g0.ipcheker.com
DNS ASK www.bu##aid.com

Miscellaneous:

Searches for the following windows:

ClassName: 'CConvWndBase' WindowName: ''
ClassName: 'MS_AutodialMonitor' WindowName: ''
ClassName: 'MS_WebcheckMonitor' WindowName: ''
ClassName: 'IMWindowClass' WindowName: ''
ClassName: '' WindowName: ''
ClassName: 'Shell_TrayWnd' WindowName: ''
ClassName: 'IEFrame' WindowName: ''

Technologies

Terminology

Training and education

Myths

Technical Information

Curing recommendations

Free trial