Trojan.DownLoader6.56681

Technical Information

To ensure autorun and distribution:

Modifies the following registry keys:

[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\supftrl.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\st2.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweep.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\supporter5.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ss3edit.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spider.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sphinx.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\srwatch.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spyxx.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweep95.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\syshelp.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sysdoc32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tasklist.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symtray.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweepsrv.sys.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweepnet.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symproxysvc.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\swnetsup.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spf.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sd.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scvhosl.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\serv95.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sdclt.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scrscan.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan95.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\schedapp.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanpm.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup_flowprotector_us.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smc.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shn.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sofi.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fwinstall.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shellspyinstall.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sgssfw32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setupvameeval.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sharedaccess.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sh.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmon.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcmserv.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\update.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbust.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcons.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\undoboot.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjscan.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tracert.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trojantrap3.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjsetup.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwin9x.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet95.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vettray.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet98.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcsetup.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vccmserv.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwinntw.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcontrol.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcleaner.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tracerpt.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcm.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tca.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcpsvs32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tc.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taumon.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbscan.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tauscan.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-98.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titanin.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tgbob.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tmntsrv.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titaninxp.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tftpd.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds-3.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-nt.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak5.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sbserv.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccwin97.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccpfw.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcdsetup.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccwin98.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccntmon.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccguide.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccclient.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccmain.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcciomon.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcfwallicon.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\perswf.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\persfw.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfwadmin.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pf2.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\periscope.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcscan.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcip10117_0.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\penis32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcscanpdsetup.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcc2k_76_1436.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ogrc.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\offguard.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ostronet.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwtool16.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvsvc32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvlaunch.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwservice.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwinst4.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostinstall.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsched.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavproxy.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcc2002s902.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavw.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavcl.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\padmin.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostproinstall.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pathping.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\panixk.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ping.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\realmon.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav8win32eng.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7win.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rapapp.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qserver.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscn95.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeweb.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rulaunch.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rshell.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\route.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rrguard.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\routemon.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qconsole.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\portmonitor.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\portdetective.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pptbc.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppinupdt.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\popscan.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pingscan.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\poproxy.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pop3trap.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppvstop.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\purge.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pspf.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pview95.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pview.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectx.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexplorerv1.0.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\processmonitor.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\proport.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\programauditor.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vfsetup.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avupgsvc.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avshadow.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfeann.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcadmin.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avscan.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwebloader.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\licmgr.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardhlp.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UserAccountControlSettings.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sched.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwsc.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fact.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shstat.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fslaunch.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cclaw.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zlh.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Regmon.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndntspst.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kav8.0.0.357es.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WS2Fix.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nd98spst.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kis8.0.0.506latam.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Filemon.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Netscape.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Safari.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Procmon.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prckiller.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gpedit.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\portmon.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemc.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SandboxieWUAU.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SbieSvc.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SandboxieCrypto.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SandboxieBITS.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamservice.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HiJackThis.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wuauclt.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamgui.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbam.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SandboxieDcomLaunch.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HelpPane.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\swreg.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7DF2E19834DF76BF63F6E1CE4F9DAE873DB28398BEB3BEFD' = '%HOMEPATH%\6514D49585E42555\winlogon.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'CBABAE2683B21A14F855064BB63923320C8882C6F9C1C006' = '%HOMEPATH%\6514D49585E42555\winlogon.exe'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hidec.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SbieCtrl.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SandboxieRpcSs.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pev.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ComboFix.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\earthagent.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spysweeper.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tmlisten.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\acs.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vmsrvc.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antigen.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashWebSv.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpcmap.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a2servic.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcuimgr.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BullGuard.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UI0Detect.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WerFault.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clamauto.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVServer.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavsvc.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ewido.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UCCLSID.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscan.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\watchdog.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webtrap.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\w9x.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinperse.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinntse.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\w32dsm89.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vvstat.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wfindv32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winmgm32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wink.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winrecon.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winppr32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winhlpp32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\whoswatchingme.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wgfe95.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wingate.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wimmun32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswin9xe.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpfw30s.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc42.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscan.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vptray.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\virusmdpersonalfirewall.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnpc3000.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnlan300.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscan40.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmon.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmain.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsscan40.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsisetup.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsched.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscenu6.02d30.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vshwin32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsecomr.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winroute.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Restart.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Process.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exit.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dumphive.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntdetect.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Opera_964_int_Setup.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleToolbarInstaller_download_signed.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HJTInstall.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ChromeSetup.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GenericRenosFix.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\swsc.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\swxcacls.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VACFix.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\unzip.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Diskmon.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEDFix.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HostsChk.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SrchSTS.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmitfraudFix.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fa-setup.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wrctrl.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wradmin.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wyvernworksfirewall.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsbgate.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnt.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winsfcm.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winservices.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmiav.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmias.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpf202en.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonalarm.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zauinst.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonalm2601.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutorzauinst.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xscan.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutor.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csinsm32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csinject.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctrl.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\css1631.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpfnt206.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpd.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\connectionmonitor.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf9x206.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpdclnt.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cv.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\doors.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deputy.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drvins32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpf.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defwatch.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwntdwmo.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwnb181.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defscangui.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defalert.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmon016.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiaudit.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiadmin.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfind.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfgwiz.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccsetmgr.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccpxysvc.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cdp.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccshtdwn.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanpc.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner3.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmgrdian.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95cf.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clean.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95ct.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwatson.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-agnt95.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fch32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fast.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explored.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\evpn.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\etrustcipe.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\expert.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exantivirus-cnet.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fih32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flowprotector.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fix-it.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firewall.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\findviru.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FirewallSettings.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FirewallControlPanel.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\espwatch.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecmd.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecls.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\edi.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95_0.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dv95.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dv95_o.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\efinet32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanh95.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\esafe.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanv95.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanhnt.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ent.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\efpeadm.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EHttpSrv.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccevtmgr.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atwatch.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atupdater.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autodown.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aupdate.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atro55en.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aplica32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atguard.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autotrace.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv9.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkpop.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgw.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgctrl.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoupdate.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcc32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ave32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apimonitor.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_findviru.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpm.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti-trojan.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon9x.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ants.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirus.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alerter.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ahnsd.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkserv.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bd_professional.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\azonealarm.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidserver.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidef.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxw.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitor9x.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxquar.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitornt.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcp.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bs120.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\borg2.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\callmsi.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootwarn.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bisp.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcpevalsetup.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackice.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackd.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwinnt.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpcc.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpexec.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpdos32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwcl9.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkservice.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnt.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwctl9.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpinst.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsched32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avrescue.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin95.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsynmgr.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpupd.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpmon.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpm.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avptc32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpnt.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot95.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nai_vs_stat.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\n32scanw.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nav80try.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nav32_loader.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\n32scan.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mu0311ad.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssmmc32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mxtask.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mwatch.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navap.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navex15.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navengnavex15.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navnt.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navlu32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\naveng.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navdx.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navauto-protect.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspatch.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monitor.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\minilog.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monsysnt.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monsys32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgui.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrtcl.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfweng3.02d30.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mghtml.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrte.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monwow.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msblast.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msn.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msinfo32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrflux.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfagent.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\moolive.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpftray.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfservice.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navrunr.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfmessenger.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npf40_tw_98_nt_me_2k.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npscheck.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nprotect.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notstart.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nmain.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\norton_internet_secu_3.0_407.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\normist.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npssvc.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvapsvc.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nupgrade.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvc95.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvarch16.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nupdate.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntrtscan.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsched32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nui.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntxconfig.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisum.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ncinst4.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nc2000.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neomonitor.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndd32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navwnt.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navstub.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navsched.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neowatchlog.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netstat.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netspyhunter-1.2.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisserv.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netutils.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netscanpro.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netcfg.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netarmor.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netmon.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netinfo.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfw2en.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hwpe.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htlog.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamserv.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamapp.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hacktracersetup.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gibe.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\generics.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guarddog.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guard.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamstats.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icssuppnt.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmoon.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsupp95.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsupp.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmon.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmavsp.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmasn.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icloadnt.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icload95.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbpoll.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530wtbyb.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530stbyb.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsaa.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot95.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frw.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win_trial.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav95.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-stopw.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fssm32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbmenu.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fwenc.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsmb32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsgk32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsave32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsma32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsm32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsuppnt.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luall.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsetup.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lucomserver.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luau.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lookout.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\localnet.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldscan.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown2000.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luinit.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsrte.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcupdate.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdll.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mctool.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcagent.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luspt.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmnhdlr.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpromenu.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jammer.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isrv95.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jed.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iris.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ifw2000.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iface.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmor.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iomon98.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavlite40eng.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfw32.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpf.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpro.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldnetmon.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\killprocesssetup161.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-pf-213-en-win.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpers40eng.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrp-421-en-win.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrl-421-en-win.exe] 'Debugger' = '"%HOMEPATH%\6514D49585E42555\winlogon.exe"'

Creates or modifies the following files:

%ALLUSERSPROFILE%\Start Menu\Programs\Startup\Windows Update.exe
%HOMEPATH%\Start Menu\Programs\Startup\Windows Anytime Upgrade.exe

Creates the following files on removable media:

<Drive name for removable media>:\8C6D5037206608C8A5ED\9EF52E73282C7EF82B.exe
<Drive name for removable media>:\autorun.inf
<Drive name for removable media>:\8C6D5037206608C8A5ED\S-1-3-01-4631041401-1149015520-464015834-1505\64317049265C0809F3.exe
<Drive name for removable media>:\8C6D5037206608C8A5ED\Desktop.ini
<Drive name for removable media>:\8C6D5037206608C8A5ED\S-1-3-01-4631041401-1149015520-464015834-1505\Desktop.ini

Malicious functions:

To bypass firewall, removes or modifies the following registry keys:

[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%HOMEPATH%\6514D49585E42555\winlogon.exe' = '%HOMEPATH%\6514D49585E42555\winlogon.exe:*:Enabled:@xpsp2res.dll,-53342401'
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%HOMEPATH%\6514D49585E42555\winlogon.exe' = '%HOMEPATH%\6514D49585E42555\winlogon.exe:*:Enabled:@xpsp2res.dll,-70554750'
[<HKLM>\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%HOMEPATH%\6514D49585E42555\winlogon.exe' = '%HOMEPATH%\6514D49585E42555\winlogon.exe:*:Enabled:@xpsp2res.dll,-28956246'
[<HKLM>\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%HOMEPATH%\6514D49585E42555\winlogon.exe' = '%HOMEPATH%\6514D49585E42555\winlogon.exe:*:Enabled:@xpsp2res.dll,-57951861'
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'DoNotAllowExceptions' = '00000000'
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'DisableNotifications' = '00000001'
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'EnableFirewall' = '00000000'

To complicate detection of its presence in the operating system,

forces the system hide from view:

hidden files
file extensions

blocks execution of the following system utilities:

Command Prompt (CMD)
Windows Task Manager (Taskmgr)
Registry Editor (RegEdit)

blocks the following features:

System Restore (SR)
User Account Control (UAC)
Windows Security Center

Creates and executes the following:

%HOMEPATH%\6514D49585E42555\winlogon.exe

Executes the following:

<SYSTEM32>\wbem\unsecapp.exe -Embedding
<SYSTEM32>\svchost.exe

Terminates or attempts to terminate

the following system processes:

<SYSTEM32>\ctfmon.exe

the following user processes:

mpftray.exe
NAVAPW32.EXE
MCAGENT.EXE
fsav32.exe
GUARD.EXE
nod32.exe
zapro.exe
ZONEALARM.EXE
smc.exe
opera.exe
outpost.exe
fsav.exe
AVP.EXE
AVP32.EXE
AVP.COM
AVGCC32.EXE
AVGCTRL.EXE
AVPCC.EXE
ecmd.exe
ekrn.exe
ccapp.exe
AVPM.EXE
AVSYNMGR.EXE

Modifies settings of Windows Explorer:

[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] 'NoFolderOptions' = '00000000'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFolderOptions' = '00000000'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoRun' = '00000001'

Modifies settings of Windows Internet Explorer:

[<HKCU>\Software\Microsoft\Internet Explorer\Download] 'RunInvalidSignatures' = '00000001'
[<HKCU>\Software\Microsoft\Internet Explorer\Download] 'CheckExeSignatures' = 'no'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Associations] 'LowRiskFileTypes' = '.exe'

Sets a new unauthorized home page for Windows Internet Explorer.

Modifies file system :

Creates the following files:

%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Windows XP Professional SP3 - Activated.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\DAEMON Tools Pro Advanced 4.41.0314.0232 Incl Crack.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Google.Sketchup.Pro.v8.0.3117.Incl.Keygen-MESMERiZE.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Windows 7 Activator RemoveWAT v2.2.5.2 by Hazar.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Ashampoo Burning Studio 10.10.0.1 +Key (32-64bit) -TrT.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Internet Download Manager 6.04 Final + Crack-[HB].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Nero 7 + KeyGen.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Avast AntiVirus Home Edition 6.0.11 + Serial Keys - {RedDragon}.exe
C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\drivetable.txt
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\AUTODESK AUTOCAD V2012 MULTI WIN64-ISO.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\ADOBE.CREATIVE.SUITE.5.5.MASTER.COLLECTION.ESD-ISO.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Mathworks.Matlab.R2011a.ISO-TBE.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Microsoft Windows XP Professional SP3 Integrated February 2011.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\CyberLink powerdirector 9 with key by TheAaax9.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Microsoft Visual Studio 2010 Ultimate x86-TKiSO.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Steinberg Cubase 5.1 - Advanced Music Production System.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Adobe Photoshop CS5 + Serial [1337x] [Ahmed].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\AUTODESK AUTOCAD V2012 MULTI WIN32-ISO.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Office 2010 Toolkit and EZ-Activator v 2.1.6 Final.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Rosetta Stone 3.4.5 + Crack(VasiaZozulia).exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Atomix Virtual DJ Pro V7.02 {Precracked} + Addons {blaze69}.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Microsoft Office 2010 Pro. FULL CRACKED [PRIME].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\ADOBE CREATIVE SUITE 5.5 MASTER COLLECTION [thethingy].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Autodesk AutoCAD 2010 [64-bit].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\MICROSOFT OFFICE 2010 POWERPOINT X64 [thethingy].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Antares Autotune VST v5.09 [T-Pain Software Sound Like T-Pain].exe
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Call of Duty Modern Warfare 2 PROPER-SKIDROW.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Counter strike 1.6.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Grand Theft Auto IV PC Version Full Game and Crack.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\GTA San Andreas full game pc with crack.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Super Street Fighter IV Arcade Edition-SKIDROW.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Angry.Birds.PC.and.MacOSX.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Virtua Tennis 4-SKIDROW.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\The Sims Medieval-RELOADED.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Total War Shogun 2 READNFO-FLT.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Minecraft Beta 1.1_02 (Updatable) [Fullversion] [EN] - IHack4Yo.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Alice Madness Returns-SKIDROW.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Dragon Age 2-RELOADED.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\World of Warcraft Wrath of the Lich King 3.3.5a (12340).com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\The Sims 3 - Razor1911 Final MAXSPEED.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Portal 2-SKIDROW.com
C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\_filelst.cfg
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Nero Burning ROM 10.5.10300 + Key [RH].exe
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\The.Witcher.2.Assassins.of.Kings-SKIDROW.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\The Sims 3 Generations-RELOADED.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Harry Potter and the Deathly Hallows Part 2-SKIDROW.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Fable III-SKIDROW (Fable 3).com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Call.of.Duty.Black.Ops-SKIDROW-[tracker.BTARENA.org].iso.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Duke Nukem Forever-Razor1911.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Dirt 3-SKIDROW.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Assassins Creed Brotherhood-SKIDROW.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Crysis 2-FLT.com
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Microsoft Office 2010 Professional [CRACKED].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\WinRAR 3.93 Final 32Bit And 64Bit Full {blaze69}.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Microsoft Windows 7 Ultimate Retail(Final) x86 and x64.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Adobe After Effects CS4 (Final) + Crack [RH].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Microsoft Office 2010 Professionaus.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Virtual DJ v7.0 PRO + Crack [ChattChitto RG].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\MICROSOFT OFFICE 2010 WORD X64 [thethingy].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Windows 7 Loader eXtreme Edition v3.503-NAPALUM~DiBYA.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\FRUITY LOOPS Studio Producer Edition 9-cracks incl.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\ADOBE DREAMWEAVER CS5.5 [thethingy].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\ADOBE ILLUSTRATOR CS5.1 [thethingy].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Corel Draw X5 with keygen.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\KMS Activator for Microsoft Office 2010 Applications x86 x64 Mul.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\ADOBE PHOTOSHOP CS5.1 EXTENDED EDITION [thethingy].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Windows 7 Ultimate - 32 Bit (Auto Activation) - Cracked.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\MICROSOFT OFFICE 2010 PERMANENT ACTIVATOR [thethingy].exe
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Hereafter (2010) DVDRip XviD-MAX.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Faster DVDRip XviD-ARROW.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\DriverPack Solution 11 (x32-x64) [ Victory].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Adobe Photoshop CS5 Extended (Crack + Instructions).exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Nero 10.0 + Serials - DivXNL-Team.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Microsoft OFFICE 2010 Pro Plus PRECRACKED.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Adobe.Photoshop.CS5.Extended.v12.Keygen.Only.EMBRACE-Deantjah.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Microsoft Office 2007 Enterprise + Serial Key - {RedDragon}.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\MICROSOFT OFFICE WORD 2007 [thethingy].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Nero Burning ROM 10.5.10300 +Serial [UT].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Windows 7 Activator Patch [2010] - [GuruFuel].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Sony Vegas PRO 10.0c+Keygen(x86x64)(Registered) [ kk ].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Ableton Live Suite 8.1.1 + Easy Patch.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\ADOBE PHOTOSHOP CS4 EXTENDED EDITION [thethingy].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\MAGIX Music Maker 17 Premium incl. content packs - english.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Microsoft Office 2007 - Product keySerial.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\ADOBE FLASH PROFESSIONAL CS5.5 [thethingy].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Microsoft.Windows.XP.SP3.Professional.March.2011.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Microsoft Office 2007.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Adobe Photoshop CS3 Extended Version Full + Crack.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Fraps v3.4.0 (Full Registered Version) [RH].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\FL Studio 10.0.2 Producer Edition (x32x64).exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Microsoft Office Home and Student 2007 Activation Keys.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\ Powerpoint.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\ Outlook.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\ Acces.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\WinZip PRO FINAL v15.0 + Serials [ChattChitto RG].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Windows.7.ULTIMATE.SP1.ALL.EDITIONS.32-64.bit-MAFIAA.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\ Excel.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Windows.7.Ultimate.Sp1.32bit.x86.June.2011.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Guitar Pro 5.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Cinema 4D Studio V12 Full iso.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Nero 8 Ultra Edition 8.3.2.1 [PC] [Multilanguage].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Total Video Converter HD v3.71 + Serials [ChattChitto RG].exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Microsoft Office Enterprise 2010 Corporate Final (full activated.exe
%TEMP%\EBFDF3CEE3016952F0\PROGRAMAS\Microsoft Windows XP Professional SP3 Integrated July 2011.exe
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Football Manager 2011 PROPER-RELOADED.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Need for Speed Shift 2 Unleashed-RELOADED-[tracker.BTARENA.org]..com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Grand Theft Auto San Andreas 2009 Super Version 2 [PC] [MULTI2].com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Call of Duty Black Ops.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Rome Total War.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\GTA San Andreas Extreme Edition 2011.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Magicka-SKIDROW.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Tom.Clancya€™s.Splinter.Cell.Conviction-SKIDROW.iso.com
%TEMP%\EBFDF3CEE3016952F0\LIBROS\Men's Fitness - 12 Minute Workout (2011) (UK).doc.pif
%TEMP%\EBFDF3CEE3016952F0\LIBROS\101 Small Business Ideas for Under $5000-Mantesh.doc.pif
%TEMP%\EBFDF3CEE3016952F0\LIBROS\George R R Martin - A Dance with Dragons (Book 5).doc.pif
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Call of Duty 4+Keygen and Crack.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Harry Potter And The Deathly Hallows Part 1-Razor1911(No Rars).com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Dungeon Siege III-RELOADED.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Need for Speed Carbon Full PC Game+crack.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\F.E.A.R.3-SKIDROW.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Call of Duty 2.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\LEGO Pirates of the Caribbean-SKIDROW.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\GTA ROMANIA 2.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\LEGO Star Wars III The Clone Wars-SKIDROW.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\The Sims 3 World Adventures-RELOADED.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Diablo 2 With Lord of Destruction (v1.13c) (Direct Play) (Latest.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\The.Sims.3.Outdoor.Living.Stuff-FLT-[tracker.BTARENA.org].iso.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Assassins Creed II-SKIDROW.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Minecraft infdev 1.015 alpha.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\F.A.C.E.S. Collectors Edition - Wendy99.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Cars 2 The Video Game-RELOADED.com
%TEMP%\EBFDF3CEE3016952F0\LIBROS\How to Blow Her Mind in Bed The essential guide for any man who.doc.pif
%TEMP%\EBFDF3CEE3016952F0\LIBROS\13 Things That Don't Make Sense The Most Baffling Scientific M.doc.pif
%TEMP%\EBFDF3CEE3016952F0\LIBROS\Digital Photography Top 100 Simplified Tips & Tricks.doc.pif
%TEMP%\EBFDF3CEE3016952F0\LIBROS\National Geographic Interactive Magazine. 2010 Full Collection..doc.pif
%TEMP%\EBFDF3CEE3016952F0\LIBROS\What Did We Use Before Toilet Paper 200 Curious Questions and.doc.pif
%TEMP%\EBFDF3CEE3016952F0\LIBROS\How to Analyze People on Sight-Mantesh.doc.pif
%TEMP%\EBFDF3CEE3016952F0\LIBROS\ 4th Editi.doc.pif
%TEMP%\EBFDF3CEE3016952F0\LIBROS\Talk Less.doc.pif
%TEMP%\EBFDF3CEE3016952F0\LIBROS\ Say More Three Habits to Influence Others and Make T.doc.pif
%TEMP%\EBFDF3CEE3016952F0\LIBROS\101 Short Cuts in Maths Any One Can Do-Mantesh.doc.pif
%TEMP%\EBFDF3CEE3016952F0\LIBROS\Microsoft Office 2010 Illustrated Introductory.doc.pif
%TEMP%\EBFDF3CEE3016952F0\LIBROS\ First Course.doc.pif
%TEMP%\EBFDF3CEE3016952F0\LIBROS\50 Best Jobs for Your Personality-Mantesh.doc.pif
%TEMP%\EBFDF3CEE3016952F0\LIBROS\The Complete Book of Drawing Techniques [PDF] - Oceanhawk.doc.pif
%TEMP%\EBFDF3CEE3016952F0\LIBROS\1000 Photoshop Tips and Tricks (Dec 2010)-Mantesh.doc.pif
%TEMP%\EBFDF3CEE3016952F0\LIBROS\George R.R. Martin - A Song of Ice and Fire Books 1-4 v2.0.doc.pif
%TEMP%\EBFDF3CEE3016952F0\LIBROS\Excel 2010 Formulas [PDF] - Oceanhawk.doc.pif
%TEMP%\EBFDF3CEE3016952F0\LIBROS\How to Answer Hard Interview Questions And Everything Else You N.doc.pif
%TEMP%\EBFDF3CEE3016952F0\LIBROS\Natural Bodybuilding and Fitness - August 2011-Mantesh.doc.pif
%TEMP%\EBFDF3CEE3016952F0\LIBROS\Photoshop CS5 All-in-One For Dummies (2010) - (Malestrom).doc.pif
%TEMP%\EBFDF3CEE3016952F0\LIBROS\How a Genius Your Brain and How to Train It-Mantesh.doc.pif
%TEMP%\EBFDF3CEE3016952F0\LIBROS\100 Decorating Ideas Big Style for Small Rooms - 2011-Mantesh.doc.pif
%TEMP%\EBFDF3CEE3016952F0\LIBROS\Advanced Sex Explicit Positions for Explosive Lovemaking-Mantes.doc.pif
%TEMP%\EBFDF3CEE3016952F0\LIBROS\Playboy Magazine USA June 2011 [PDF - Eng].doc.pif
%TEMP%\EBFDF3CEE3016952F0\LIBROS\Hacking - Firewalls And Networks How To Hack Into Remote Compute.doc.pif
%TEMP%\EBFDF3CEE3016952F0\LIBROS\How To Make People Like You In 90 Seconds Or Less-Mantesh.doc.pif
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Fallout.New.Vegas-SKIDROW-[tracker.BTARENA.org].iso.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Brink-SKIDROW.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\F1 2010-Razor1911.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Dead Space 2-FLT.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Hunted The Demons Forge-SKIDROW.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Angry Birds - 2011 - PC - Cracked.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\FEAR.3-SKIDROW-[tracker.BTARENA.org].iso.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Bulletstorm-FLT.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Minecraft Beta 1.7.3 Cracked [Full Installer].com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Need for Speed Most wanted.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Amnesia.The.Dark.Descent-SKIDROW.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Red Faction Armageddon 2xDVD5-TeaMGENTi.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Need.for.Speed.Hot.Pursuit-RELOADED.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\FIFA 2011 RELOADED.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Age of Empires 3.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\The.Sims.3-RELOADED.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Pro.Evolution.Soccer.2011-RELOADED.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\FIFA.11-RELOADED-[tracker.BTARENA.org].iso.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Mafia II-SKIDROW (Mafia 2).com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Need for Speed Hot Pursuit-RELOADED.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Grand Theft Auto San Andreas.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Need For Speed Underground 2.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Battlefield Bad Company 2-RELOADED.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\GTA IV PC Version.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Test Drive Unlimited 2-SKIDROW.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Homefront-SKIDROW.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Pro.Evolution.Soccer.2011-RELOADED-[tracker.BTARENA.org].iso.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Grand Theft Auto Vice City - PC.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\The Witcher 2 Assassins of Kings-SKIDROW.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Fallout New Vegas Honest Hearts DLC-SKIDROW.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\StarCraft II Wings of Liberty-RELOADED.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Sniper Ghost Warrior-SKIDROW.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Sims 2.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\The Sims 3 Ambitions-ViTALiTY-[tracker.BTARENA.org].iso.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\The Elder Scrolls IV Oblivion Game Of The Year Deluxe Edition.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Plants vs Zombies Game Of The Year Edition 2010 [ENG] [exe] [m.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Bejeweled 3 - allsmartgames.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Football Manager 2011-DiNKY.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Mass Effect 2 [PC ~ Multi6] (Razor1911).com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Counter Strike 1.6 Full with maps and cheats.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Warcraft III + The Frozen Throne Expansion + DotA + The Latest P.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Prototype-Razor1911 FULL PC ISO MAX.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Operation Flashpoint Red River-RELOADED.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\The Witcher 2 Assassins of Kings-BlackBox.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\PC_NBA.2K11.Full-Rip.-TPTB.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Terraria Retail Non-Steam.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\The.Sims.3.Late.Night-RELOADED-[tracker.BTARENA.org].com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Sid.Meiers.Civilization.V-SKIDROW-[tracker.BTARENA.org].iso.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Farming Simulator 2011 (English).com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Shift 2 Unleashed-RELOADED.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Portal 2 Crack Fix-SKIDROW.com
%TEMP%\EBFDF3CEE3016952F0\JUEGOS\Batman.Arkham.Asylum-RELOADED.com
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Robin Hood (2010) UNRATED DVDRip XviD-MAX.avi.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Florence And The Machine-Between Two Lungs-2CD-2010-CaHeSo.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Britney Spears - Femme Fatale (Deluxe Edition-2011).mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Coldplay - Every Teardrop Is A Waterfall (2011) Single - woollyt.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Adele - 19 (Deluxe Edition).mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Lady GaGa - The Fame Monster 2CDRip 2009 [Cov+2CD][Bubanee].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Bruno Mars - Just the Way You Are [2010-Single][MJN].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Jason Derulo - Dont Wanna Go Home @320kbps (FULL) [PRIME].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Bon Iver - Bon Iver [mp3-320-2011][trfkad].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Wiz Khalifa - Rolling Papers.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Pitbull - Hey Baby (ft. T-Pain) [2010-Single][MJN].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Jeremih - Down On Me (feat. 50 Cent).mp3.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Lady Antebellum - Need You Now (Retail.2010)'JB59.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Foster the People - Torches [192kbps].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Ke$ha (Kesha) - Animal Deluxe Edition (2010)'JB59.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Fleet Foxes - Helplessness Blues [mp3-320-2011][trfkad].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Lady Gaga - The Edge Of Glory.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Katy Perry-Teenage Dream mp3.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Diddy & Dirty Money - I'm Coming Home (feat. Skylar Grey).mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Wiz Khalifa - Black and Yellow [2010-Single@320][TJ].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\LMFAO ft. Lauren Bennett & Goon Rock - Party Rock Anthem.mp3.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Drake-Thank.Me.Later-(Retail)-2010-[NoFS].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\100 Dance Club_Hits_Vol.2-2011-.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Nicki Minaj - Super Bass [Single Mp3 2011].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Nicole Scherzinger ft. 50 Cent - Right There @320kbps [PRIME].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Maroon_5-Hands_All_Over_ (Deluxe_Edition)-2010-DOH.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\The Rolling Stones - Greatest Hits (2008) 320 vtwin88cube.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Cee Lo Green - The Lady Killer (Deluxe) -2010-[SW].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Lil.Wayne-Im.Not.A.Human.Being.EP-(Retail)-2010-[NoFS].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Eminem Discography.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Jennifer Lopez - I'm Into You (ft. Lil Wayne) [2011-Single@320].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Dr. Dre - I Need a Doctor (feat. Eminem) [2011-Single][MJN].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Jason Derulo - Don't Wanna Go Home [2011-Single][MJN].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Taylor Swift - Fearless.Platinum Edition+Bonus (2009.JB59).mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Drake.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Rick Ross-Im On One (Cdq-Dirty)Dj.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Take That - Progress (2010) @ 320kbs.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Shakira Feat. Pitbull - Rabiosa [2011Single] 320 kbps.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Trey.Songz-Passion.Pain.And.Pleasure-(Deluxe.Edition)-2010-[NoFS.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Dj Khaled Ft Lil Wayne.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Kid.Cudi-Man.on.The.Moon.II-The.Legend.of.Mr.Rager-(Retail)-2010.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Lil.Wayne-Rebirth-Retail.Deluxe.Edition)-2010-[NoFS].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Kesha - Blow(2010) (320kbps).mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Bruno Mars - Grenade.mp3.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Eminem Feat. Rihanna - Love The Way You Lie.mp3.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Nicki Minaj - Pink Friday [2010-MP3-Cov][Bubanee].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Enrique Iglesias - Tonight (feat. Ludacris)(Dirty)~Struzzin~.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\P!nk (Pink) - Raise Your Glass [2010-Single][MJN].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Black Eyed Peas - The Time (The Dirty Bit) 256kbps CDQ [WooZ].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Chris Brown - Beautiful People (ft. Benny Benassi) [2011-Single].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\The Black Keys [DISCOGRAPHY] [320Kbps].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Big Sean - Finally Famous [album [2011-MP3-Cov] [love Rulz].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Miguel-All I Want Is You-2010-CR.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Adele - 21_PROPER_320kbps_VRTX.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Pitbull - Give Me Everything (feat. Ne-Yo) [2011-Single][SW].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Rihanna - LOUD (2011 With 5 Bonus Tracks).mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Kanye West-My Beautiful Dark Twisted Fantasy (Explicit) @320kbps.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Black Eyed Peas - The Beginning (Deluxe Edition) 2010-DOH.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Mumford And Sons - Sigh No More (Album).mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Beyonce-4_(Deluxe_Edition)-2CD-2011-VOiCE.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Pitbull ft. Ne-Yo.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\ Afrojack Nayer - Give Me Everything (Tonight).mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Lil.Wayne-Sorry.4.The.Wait-(Deluxe.Edition)-2011-[NoFS].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Now Thats What I Call Music 78 (2011) - 2CD.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Adele - Rolling In the Deep [2010-Single][SW].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Nicki Minaj - Pink Friday (Deluxe Edition) 2011.mp3.pif
%ALLUSERSPROFILE%\Start Menu\Windows DVD Maker.exe
%ALLUSERSPROFILE%\Start Menu\Programs\Windows Media Center.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\buscaid[1]
%HOMEPATH%\6514D49585E42555\winlogon.exe
%HOMEPATH%\Start Menu\Fax y Escaner de Windows.exe
%HOMEPATH%\Start Menu\Programs\Internet Explorer.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\buscaid[1]
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Jennifer Lopez - On The Floor (Feat. Pitbull).mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\LMFAO - Party Rock Anthem [2011-Single@320][TJ].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\David Guetta feat. Nicki Minaj & Flo Rida - Where Them Girls At.mp3.pif
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\buscaid[1]
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\buscaid[1]
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Adele - 21 (Limited Edition CD-Rip @320kbps Bonus+Cov) [PRIME].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Bruno Mars - The Lazy Song(Radio Edit)[320kbps].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Katy Perry & Kanye West - E.T [2011] - Mp3ViLLe.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Enrique Iglesias - Dirty Dancer Ft Usher & Lil Wayne 2011 (YOUSE.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Lady Gaga-Born This Way (Special Edition) 2CD 2011-pLAN9.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Alexandra Stan - Mr. Saxobeat 320kbps.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Bruno Mars-Doo Wops And Hooligans-2010-H3X.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\The Lonely Island - Turtleneck And Chain 2011-FNT.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Tinie Tempah - Written in the Stars.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\ ft. Eric Turner.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Rihanna - Only Girl (In The World) [2010-Single][MJN].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Big Sean - Finally Famous (Full Album) [Silver RG] - PR!M3.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Kelly Rowland - Motivation (feat. Lil Wayne) [2011-Single][MJN].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\David Guetta - The Best Of 2010.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Snoop Dogg - Sweat (David Guetta Remix) [2011-Single][SW].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Jessie J - Price Tag (feat. B.o.B) [2011-Single][MJN].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Chris Brown Ft Lil Wayne & Busta Rhymes - Look At Me Now [Single.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Jessie J - Who You Are 2011 Album [Deluxe Edition].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Chris Brown - F.A.M.E Deluxe [2011-MP3-Cov][Bubanee].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Foo Fighters 2011 Wasting Light 320 Kbps.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\The_Script-Science_And_Faith-2010-CaHeSo.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Katy Perry - Last Friday Night (T.G.I.F.).mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Eminem-Recovery-(Retail)-2010-[NoFS].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Black Eyed Peas - Just Can't Get Enough [2011-Single][SW].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Lil Wayne - How To Love (Tha Carter IV) [2011] {mp3}.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Rihanna - Loud [2010-MP3-Cov][Bubanee].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\500 Oldies Superhits[mp3].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Jason Aldean - My Kinda Party CDRip -2010- [MJN].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\The Mechanic DVDRip XviD-ARROW.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Kill the Irishman 2011 DVDRip AC3 XviD-CM8.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Zindagi Na Milegi Dobara 2011 Hindi Pre-DVDRip XviD E-SuB xRG.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Hanna 2011 R5 LiNE AC3 XViD-EP1C.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\The.Rite.DVDRip.XviD-ARROW.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\5 Days of War 2011 DVDRip AC3 XViD-EP1C.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Fast Five 2011 PPVRIP IFLIX.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Unstoppable (2010) DVDRip.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Harry Potter And The Deathly Hallows Part 1 TS XViD - IMAGiNE.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\The Chronicles of Narnia 3 (2010) DVDRip XviD-MAX.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Murder 2 2011 Hindi Pre-DVDRip XviD E-SuB xRG.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\2012 Ice Age 2011 DVDRip Xvid AC3-Freebee.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Transformers 3 Dark Of The Moon TS AC3 CUSTOM DVDR - IMAGiNE.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\The Orgasm Diaries 2010 DVDRip Xvid UnKnOwN.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Jackass 3.5 (2011) DVDRip XviD-EXViD.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Battle Los Angeles 2011 R5 XViD-IMAGiNE.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Bad Teacher (2011) TS XViD - IMAGiNE.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Harry Potter and the Deathly Hallows Part 2 2011 TS X264-ExtraTo.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Rango 2011 EXTENDED DVDRip XviD-EXViD.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\YellowBrickRoad.2010.DVDRiP.XviD-UNVEiL.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\The Mechanic (2011) XVid.AC3.avi English.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\X-Men.First.Class.2011.TS.V2.XViD-EP1C.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Pirates of the Caribbean 4 2011 XViD- MEM [ENG AUDIO].avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Thor 2011 TS READNFO XViD - IMAGiNE [NO RAR].avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Beastly 2011 DVDRip XviD AC3-BeFRee.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Green Lantern 2011 TS XViD-IMAGiNE.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\How Do You Know 2010 DVDRip XviD-Original.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\The Roommate BDRip XviD-ARROW.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Due Date BDRip XviD-ARROW.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Transformers.Dark.of.the.Moon.2011.TS.x264.Feel-Free.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Red.Riding.Hood.DVDRip.XviD-DEFACED.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Fast.Five.2011.SWESUB.PPVRip.XviD-[www.Shareitall.se].avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Soul Surfer[2011]BRRip XviD-ExtraTorrentRG.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Just Go With It[2011]R5 XviD-ExtraTorrentRG.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Deiva Thirumagal(Tamil 2011)HQ DVDSCR Rip(New)@mastitorrents.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Iron Man 2 (2010) DVDRip XviD-MAX.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Jackass 3D UNRATED DVDRip XviD-DEFACED.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\The Hangover (2009) DVDSCR-MAXSPEED.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\The Hit List 2011 BRRip XviD AC3-ELiTE.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Fast.and.Furious.5.Rio.Heist.2011.NEW.HQ.VIDEO.TS.XviD.AC3.Hive-.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Chillar Party - DVDRip - XviD - 1CDRip - [DDR].avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\The Kings.Speech.2010.DVDSCR.XviD.AC3-NYDIC.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Horrible Bosses 2011 CAM READNFO XViD - IMAGiNE.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Little Fockers DVDRip XviD-DEFACED.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Green.Lantern.2011.TS.XViD-IMAGiNE.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Transformers 2 Revenge Of The Fallen DVDRip XviD-MAX.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Tangled 2010 PPVRip LiNE XviD-TiMPE.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Three Kings [malayalam 2011] x264 AAC PDVDRiP@mastitorrents.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Source Code 2011 TS XViD - IMAGiNE.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\The.Veteran.2011.SWESUB.DVDRip.XviD-[www.Shareitall.se].avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Jumping.the.Broom.2011.BRRip Xvid AC3 UnKnOwN.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Paul.2011.DVDRip.XviD-ALLiANCE.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Cars 2 2011 TS XViD-IMAGiNE.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Harry Potter and the Deathly Hallows Part 1[2010]DVDRip XviD-Ext.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Transformers 3 Dark of the Moon CAMRip V2 RELIZLAB ENGLISH AUDI.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Sucker Punch (2011) DVDRip XviD-MAX.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Hall Pass (2011) DVDRip XviD-MAX.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\The Adjustment Bureau (2011) DVDRip XviD-MAX.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Unknown (2011) DVDRip XviD-MAX.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\The.Hangover.Part.II.2011.TS.XViD-EP1C.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Arthur 2011 DVDRip XviD-TARGET.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Rio (2011) R5 XviD-MAX.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Bridesmaids 2011 TS XViD DTRG.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Just Go with It (2011) DVDRip XviD-MAX.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\I Am Number Four (2011) DVDRip XviD-MAX.avi.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\David Guetta ft. Taio Cruz & Ludacris - Little Bad Girl @320kbps.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Martin Solveig Feat. Dragonette - Hello.mp3.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\David Guetta-Gettin' Over You (Feat. Fergie & LMFAO).mp3.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Katy Perry - Firework [Single 2010].mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\DJ Khaled - We The Best Forever (2011) $AC3$.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Tinie Tempah Ft Eric Turner-Written In The Stars-(Single)-2010-T.mp3.pif
%TEMP%\EBFDF3CEE3016952F0\MUSICA\Beyonce - Best Thing I Never Had (2nd Single) (iTunes Version).mp3.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Harry Potter and the Deathly Hallows Part 2 2011 TS UnKnOwN.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Bad Teacher 2011 TS XViD DTRG.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Ironclad 2011 BDRiP XViD-PSiG.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Source Code (2011) DVDRip XviD-MAX.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\The Veteran (2011) DVDRip XviD-ICE.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\X-Men First Class 2011 R5 LiNE READNFO XViD-IMAGiNE.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Limitless 2011 R5 LiNE XViD - IMAGiNE [NO RAR].avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Season of the Witch (2011) DVDRip XviD-MAX.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Horrible_Bosses_2011_XViD_CAM_DTRG.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Inception (2010) DVDRip XviD-MAX.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Delhi Belly 2011 Hindi Pre-DVDRip XviD E-SuB xRG.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Drive Angry (2011) DVDRip XviD-MAX.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\The Next Three Days (2010) DVDRip XviD-MAX.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\True Grit (2010) DVDRip XviD-MAX.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Gnomeo and Juliet (2011) DVDRip XviD-MAX.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\The Fighter (2010) DVDRip XviD-MAX.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Limitless 2011 UNRATED 480p BRRip XviD AC3-AsA.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Priest 2011 R5 LiNE AC3 XViD-EP1C.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Zookeeper 2011 CAM Xvid UnKnOwN.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Kung Fu Panda 2 2011 TS AC3 XViD-EP1C.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Rango (2011) DVDSCR XviD-MAX.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Paul (2011) DVDRip XviD-MAX.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\The Lincoln Lawyer 2011 480p BRRip XviD AC3-AsA.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Take Me Home Tonight 2011 DVDRip XViD-EP1C.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\The Mountie[2011]DVDRip XviD-ExtraTorrentRG.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Zindagi Na Milegi Dobara - DVDScr - XviD - 1CDRip - [DDR].avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Transformers Dark of the Moon 2011 TS XViD - IMAGiNE.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\No Strings Attached 2011 BDRip XviD-AMIABLE.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\The Way Back (2010) DVDRip XviD-MAX.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Pirates of the Caribbean On Stranger Tides 2011 TS XviD AC3 HQ H.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\Harry Potter and the Deathly Hallows Part 1 DVDRip XviD-MAX.avi.pif
%TEMP%\EBFDF3CEE3016952F0\PELICULAS\TRON Legacy (2010) DVDRip XviD-MAX.avi.pif

Sets the 'hidden' attribute to the following files:

<Drive name for removable media>:\8C6D5037206608C8A5ED\9EF52E73282C7EF82B.exe
<Drive name for removable media>:\autorun.inf
<Drive name for removable media>:\8C6D5037206608C8A5ED\S-1-3-01-4631041401-1149015520-464015834-1505\64317049265C0809F3.exe
<Drive name for removable media>:\8C6D5037206608C8A5ED\Desktop.ini
<Drive name for removable media>:\8C6D5037206608C8A5ED\S-1-3-01-4631041401-1149015520-464015834-1505\Desktop.ini

Deletes the following files:

%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\buscaid[1]
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\buscaid[1]
<SYSTEM32>\Restore\MachineGuid.txt
<DRIVERS>\etc\hosts
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\buscaid[1]
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\buscaid[1]

Substitutes the HOSTS file.

Network activity:

Connects to:

'www.bu##aid.com':80
'1a##########2eb85jc76caksag508.ipcheker.com':80
'ah##########9kqpi0j90g373xt968.ipcheker.com':80
'wh##.amung.us':80
'2n##########p7927u7ly0554w47vk.ipcheker.com':80
'localhost':1043

TCP:

HTTP GET requests:

www.bu##aid.com/?ad#
1a##########2eb85jc76caksag508.ipcheker.com/
ah##########9kqpi0j90g373xt968.ipcheker.com/
wh##.amung.us/swidget/26n2qf7pnk0x
2n##########p7927u7ly0554w47vk.ipcheker.com/
wh##.amung.us/swidget/243dr2pd8x85

UDP:

DNS ASK 1a##########2eb85jc76caksag508.ipcheker.com
DNS ASK ah##########9kqpi0j90g373xt968.ipcheker.com
DNS ASK www.bu##aid.com
DNS ASK wh##.amung.us
DNS ASK 2n##########p7927u7ly0554w47vk.ipcheker.com

Miscellaneous:

Searches for the following windows:

ClassName: 'CConvWndBase' WindowName: ''
ClassName: 'MS_AutodialMonitor' WindowName: ''
ClassName: 'MS_WebcheckMonitor' WindowName: ''
ClassName: 'IMWindowClass' WindowName: ''
ClassName: '' WindowName: ''
ClassName: 'Shell_TrayWnd' WindowName: ''
ClassName: 'IEFrame' WindowName: ''

Technologies

Begriffe

Schulung und Training

Mythen

Technical Information

Curing recommendations

Free trial