Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\evpn.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\etrustcipe.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\espwatch.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explored.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\expert.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exantivirus-cnet.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanv95.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ent.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EHttpSrv.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanhnt.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanh95.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\esafe.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fix-it.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FirewallSettings.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FirewallControlPanel.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flowprotector.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firewall.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fast.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-agnt95.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\findviru.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fih32.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fch32.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deputy.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defwatch.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defscangui.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drvins32.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpf.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\doors.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defalert.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctrl.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\css1631.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csinsm32.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwntdwmo.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwnb181.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cv.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\edi.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecmd.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\efpeadm.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\efinet32.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecls.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dv95.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb32.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwatson.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95_0.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dv95_o.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icloadnt.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icload95.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmavsp.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icssuppnt.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmoon.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmon.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmasn.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hwpe.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htlog.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hacktracersetup.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamstats.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamserv.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamapp.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jammer.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isrv95.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iris.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavlite40eng.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jed.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmor.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsuppnt.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsupp95.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsupp.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iomon98.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ifw2000.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iface.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530stbyb.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsave32.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav95.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530wtbyb.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsaa.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot95.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot95.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frw.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win_trial.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\generics.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbpoll.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbmenu.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guarddog.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guard.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gibe.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fwenc.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsma32.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsm32.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsgk32.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-stopw.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fssm32.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsmb32.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csinject.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv9.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgctrl.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkserv.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkpop.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgw.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcc32.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autotrace.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autodown.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aupdate.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ave32.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoupdate.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpinst.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpexec.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpdos32.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpnt.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpmon.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpm.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpcc.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwctl9.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwcl9.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkservice.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnt.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ahnsd.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alerter.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_findviru.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpm.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atguard.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atwatch.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atupdater.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atro55en.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aplica32.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti-trojan.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon9x.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apimonitor.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ants.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirus.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfind.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiaudit.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95cf.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet32.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiadmin.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccsetmgr.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccpxysvc.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccevtmgr.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfgwiz.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cdp.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccshtdwn.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpd.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\connectionmonitor.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmon016.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpfnt206.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf9x206.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpdclnt.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmgrdian.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clean.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95ct.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanpc.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner3.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitornt.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitor9x.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd32.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\azonealarm.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxw.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxquar.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwinnt.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avrescue.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpupd.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avptc32.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin95.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsynmgr.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsched32.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\borg2.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootwarn.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackice.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\callmsi.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bs120.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackd.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidserver.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidef.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bd_professional.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bisp.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcpevalsetup.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcp.exe] 'Debugger' = '"%HOMEPATH%\%USERNAME%1\winlogon.exe"'
- User Account Control (UAC)
- Windows Security Center
- %HOMEPATH%\%USERNAME%1\winlogon.exe
- <SYSTEM32>\svchost.exe
- MCAGENT.EXE
- sro_client.exe
- magent.exe
- elementclient.exe
- lotroclient.exe
- fsav32.exe
- GUARD.EXE
- fsav.exe
- ybclient.exe
- zlclient.exe
- bdagent.exe
- AVP32.EXE
- AVPCC.EXE
- AVP.EXE
- AVGCC32.EXE
- AVGCTRL.EXE
- ecmd.exe
- ekrn.exe
- ccapp.exe
- AVPM.EXE
- AVSYNMGR.EXE
- %HOMEPATH%\%USERNAME%1\winlogon.exe