Trojan.FakeAV.14976

Technical Information

To ensure autorun and distribution:

Modifies the following registry keys:

[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\st2.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ss3edit.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\supporter5.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\supftrl.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\srwatch.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sphinx.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spf.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spyxx.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spider.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweep.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sysdoc32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symtray.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\syshelp.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symproxysvc.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweepnet.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweep95.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\swnetsup.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweepsrv.sys.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sofi.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scvhosl.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scrscan.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sdclt.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sd.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\schedapp.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sbserv.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanpm.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan95.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\serv95.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shn.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shellspyinstall.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fwinstall.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smc.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sharedaccess.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setupvameeval.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup_flowprotector_us.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sh.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sgssfw32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tasklist.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\update.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\undoboot.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcons.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcmserv.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trojantrap3.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tracert.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tracerpt.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjsetup.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjscan.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbust.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcsetup.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet98.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet95.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcontrol.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwinntw.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwin9x.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcleaner.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vccmserv.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tmntsrv.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tca.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tc.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcpsvs32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcm.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbscan.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmon.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tauscan.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taumon.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tgbob.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tftpd.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titaninxp.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titanin.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak5.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-nt.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-98.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds-3.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeweb.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccpfw.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccntmon.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccwin98.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccwin97.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccmain.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccclient.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcc2k_76_1436.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcciomon.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccguide.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcdsetup.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\persfw.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\periscope.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pf2.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\perswf.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\penis32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcip10117_0.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcfwallicon.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcscanpdsetup.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcscan.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcc2002s902.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\offguard.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwtool16.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ostronet.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ogrc.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwservice.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvlaunch.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvc95.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwinst4.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvsvc32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavproxy.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavcl.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavw.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsched.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pathping.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostproinstall.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostinstall.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\panixk.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\padmin.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfwadmin.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav8win32eng.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7win.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\realmon.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qserver.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qconsole.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rapapp.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rshell.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rulaunch.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscn95.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rrguard.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\routemon.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\route.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pview95.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\portdetective.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\popscan.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppinupdt.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\portmonitor.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\poproxy.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pingscan.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ping.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pop3trap.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pptbc.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pspf.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectx.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pview.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\purge.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\proport.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\processmonitor.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppvstop.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\programauditor.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexplorerv1.0.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avscan.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avupgsvc.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avshadow.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Netscape.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcadmin.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fact.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\licmgr.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardhlp.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shstat.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwebloader.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfeann.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwsc.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Safari.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndntspst.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nd98spst.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fslaunch.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cclaw.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kis8.0.0.506latam.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UCCLSID.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VACFix.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kav8.0.0.357es.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WS2Fix.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Regmon.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Procmon.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Filemon.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\portmon.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zlh.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prckiller.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gpedit.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sched.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamservice.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamgui.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SandboxieWUAU.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SbieSvc.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbam.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UI0Detect.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HiJackThis.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wuauclt.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SandboxieBITS.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hidec.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pev.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HelpPane.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\swreg.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ComboFix.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SandboxieDcomLaunch.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SandboxieCrypto.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SbieCtrl.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SandboxieRpcSs.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WerFault.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vmsrvc.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpcmap.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\earthagent.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spysweeper.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a2servic.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemc.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UserAccountControlSettings.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antigen.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashWebSv.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\acs.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clamauto.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BullGuard.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ewido.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcuimgr.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tmlisten.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVServer.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavsvc.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\unzip.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\w9x.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\w32dsm89.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscan.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\watchdog.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vvstat.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswin9xe.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinperse.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinntse.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winhlpp32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wingate.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winmgm32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wink.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wimmun32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wfindv32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webtrap.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\whoswatchingme.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wgfe95.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsscan40.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnpc3000.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpfw30s.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc42.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnlan300.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vfsetup.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vettray.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\virusmdpersonalfirewall.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vptray.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsisetup.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vshwin32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmon.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmain.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsecomr.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscan40.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscan.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsched.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscenu6.02d30.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winppr32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntdetect.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HJTInstall.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Restart.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Process.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ChromeSetup.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fa-setup.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Opera_964_int_Setup.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleToolbarInstaller_download_signed.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dumphive.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Diskmon.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SrchSTS.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\swsc.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\swxcacls.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmitfraudFix.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GenericRenosFix.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exit.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEDFix.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HostsChk.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonalm2601.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnt.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmiav.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wrctrl.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wradmin.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmias.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winroute.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winrecon.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winsfcm.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winservices.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsbgate.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutorzauinst.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutor.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonalarm.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zauinst.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpf202en.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wyvernworksfirewall.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xscan.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csinsm32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csinject.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctrl.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\css1631.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpfnt206.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpd.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\connectionmonitor.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf9x206.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpdclnt.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cv.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\doors.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deputy.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drvins32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpf.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defwatch.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwntdwmo.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwnb181.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defscangui.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defalert.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmon016.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiaudit.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiadmin.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfind.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfgwiz.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccsetmgr.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccpxysvc.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cdp.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccshtdwn.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanpc.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner3.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmgrdian.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95cf.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clean.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95ct.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwatson.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-agnt95.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fch32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fast.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explored.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\evpn.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\etrustcipe.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\expert.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exantivirus-cnet.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fih32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flowprotector.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fix-it.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firewall.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\findviru.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FirewallSettings.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FirewallControlPanel.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\espwatch.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecmd.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecls.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\edi.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95_0.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dv95.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dv95_o.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\efinet32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanh95.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\esafe.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanv95.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanhnt.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ent.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\efpeadm.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EHttpSrv.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccevtmgr.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atwatch.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atupdater.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autodown.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aupdate.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atro55en.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aplica32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atguard.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autotrace.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv9.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkpop.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgw.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgctrl.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoupdate.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcc32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ave32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apimonitor.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_findviru.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpm.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti-trojan.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon9x.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ants.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirus.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alerter.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ahnsd.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkserv.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bd_professional.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\azonealarm.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidserver.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidef.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxw.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitor9x.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxquar.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitornt.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcp.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bs120.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\borg2.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\callmsi.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootwarn.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bisp.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcpevalsetup.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackice.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackd.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwinnt.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpcc.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpexec.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpdos32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwcl9.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkservice.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnt.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwctl9.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpinst.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsched32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avrescue.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin95.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsynmgr.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpupd.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpmon.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpm.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avptc32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpnt.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\n32scanw.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\n32scan.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nav32_loader.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nai_vs_stat.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mxtask.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssmmc32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspatch.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mwatch.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mu0311ad.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nav80try.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navengnavex15.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\naveng.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navlu32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navex15.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navdx.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navap.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navauto-protect.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msn.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\minilog.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgui.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monsys32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monitor.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mghtml.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfweng3.02d30.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfw2en.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrte.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrtcl.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monsysnt.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msblast.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrflux.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msinfo32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpftray.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\moolive.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monwow.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfservice.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfagent.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navnt.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npf40_tw_98_nt_me_2k.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notstart.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nprotect.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfmessenger.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\norton_internet_secu_3.0_407.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nmain.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisum.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\normist.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npscheck.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nupgrade.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nupdate.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvarch16.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvapsvc.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nui.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsched32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npssvc.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntxconfig.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntrtscan.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisserv.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nc2000.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navwnt.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndd32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ncinst4.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navsched.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navrunr.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navstub.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neomonitor.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netspyhunter-1.2.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netscanpro.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netutils.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netstat.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netmon.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netarmor.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neowatchlog.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netinfo.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netcfg.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdll.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htlog.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hacktracersetup.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamapp.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hwpe.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guarddog.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\generics.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbpoll.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guard.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gibe.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamserv.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmoon.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmon.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsupp.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icssuppnt.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icloadnt.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmasn.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamstats.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icload95.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmavsp.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbmenu.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsaa.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530stbyb.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frw.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot95.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot95.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win_trial.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530wtbyb.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fssm32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsmb32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fwenc.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-stopw.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsma32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsave32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav95.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsm32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsgk32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsupp95.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsetup.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lookout.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luau.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luall.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown2000.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldscan.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpromenu.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\localnet.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lucomserver.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcupdate.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mctool.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsrte.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luspt.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luinit.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmnhdlr.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcagent.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpro.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isrv95.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iris.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jed.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jammer.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmor.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iface.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsuppnt.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iomon98.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ifw2000.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpf.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\killprocesssetup161.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldnetmon.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfw32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrp-421-en-win.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpers40eng.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavlite40eng.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrl-421-en-win.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-pf-213-en-win.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'

Creates or modifies the following files:

%ALLUSERSPROFILE%\Start Menu\Programs\Startup\Windows Update.exe
%HOMEPATH%\Start Menu\Programs\Startup\Windows Anytime Upgrade.exe

Creates the following files on removable media:

<Drive name for removable media>:\453F6F619B5541613F4F\553F893F94533F5389.exe
<Drive name for removable media>:\autorun.inf
<Drive name for removable media>:\453F6F619B5541613F4F\S-1-3-01-4631041401--55736164-464015834-1505\3F753F3F3F6F492E4F.exe
<Drive name for removable media>:\453F6F619B5541613F4F\Desktop.ini
<Drive name for removable media>:\453F6F619B5541613F4F\S-1-3-01-4631041401--55736164-464015834-1505\Desktop.ini

Malicious functions:

To bypass firewall, removes or modifies the following registry keys:

[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%HOMEPATH%\1A617E607B3F6A65\396579.exe' = '%HOMEPATH%\1A617E607B3F6A65\396579.exe:*:Enabled:@xpsp2res.dll,-53342401'
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%HOMEPATH%\1A617E607B3F6A65\396579.exe' = '%HOMEPATH%\1A617E607B3F6A65\396579.exe:*:Enabled:@xpsp2res.dll,-70554750'
[<HKLM>\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%HOMEPATH%\1A617E607B3F6A65\396579.exe' = '%HOMEPATH%\1A617E607B3F6A65\396579.exe:*:Enabled:@xpsp2res.dll,-28956246'
[<HKLM>\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%HOMEPATH%\1A617E607B3F6A65\396579.exe' = '%HOMEPATH%\1A617E607B3F6A65\396579.exe:*:Enabled:@xpsp2res.dll,-57951861'
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'DoNotAllowExceptions' = '00000000'
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'DisableNotifications' = '00000001'
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'EnableFirewall' = '00000000'

To complicate detection of its presence in the operating system,

forces the system hide from view:

hidden files
file extensions

blocks execution of the following system utilities:

Command Prompt (CMD)
Windows Task Manager (Taskmgr)
Registry Editor (RegEdit)

blocks the following features:

System Restore (SR)
User Account Control (UAC)
Windows Security Center

Creates and executes the following:

'%HOMEPATH%\1A617E607B3F6A65\396579.exe'
'%HOMEPATH%\1A617E607B3F6A65\396579.exe' 88E6680F

Executes the following:

'<SYSTEM32>\wbem\unsecapp.exe' -Embedding

Terminates or attempts to terminate

the following system processes:

<SYSTEM32>\cmd.exe
<SYSTEM32>\ctfmon.exe

the following user processes:

NAVAPW32.EXE
nod32.exe
mpftray.exe
fsav32.exe
GUARD.EXE
opera.exe
safari.exe
ZONEALARM.EXE
outpost.exe
zapro.exe
fsav.exe
AVP.EXE
AVP32.EXE
AVP.COM
AVGCC32.EXE
AVGCTRL.EXE
ecmd.exe
ekrn.exe
AVSYNMGR.EXE
AVPCC.EXE
AVPM.EXE

Modifies settings of Windows Explorer:

[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] 'NoFolderOptions' = '00000000'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFolderOptions' = '00000000'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoRun' = '00000001'

Modifies settings of Windows Internet Explorer:

[<HKCU>\Software\Microsoft\Internet Explorer\Download] 'RunInvalidSignatures' = '00000001'
[<HKCU>\Software\Microsoft\Internet Explorer\Download] 'CheckExeSignatures' = 'no'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Associations] 'LowRiskFileTypes' = '.exe'

Sets a new unauthorized home page for Windows Internet Explorer.

Modifies file system :

Creates the following files:

%TEMP%\647970497E82693F73\FOTOS\Hubble Telescope Desktops (52 JPEGS @ 1920X1200).jpg.pif
%TEMP%\647970497E82693F73\FOTOS\200 Amazing Cars Wallpapers Full HD 1920 X 1080 [Set 12].jpg.pif
%TEMP%\647970497E82693F73\FOTOS\100 Best Mobile Wallpapers (240x320) [Set - 3] ~~~AbhinavRocks.jpg.pif
%TEMP%\647970497E82693F73\FOTOS\Beaches & Nature Wallpapers.jpg.pif
C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\drivetable.txt
%TEMP%\647970497E82693F73\FOTOS\Vladmodels TANYA y157 Complete (177 sets) by Exmnova.jpg.pif
%TEMP%\647970497E82693F73\FOTOS\Transformers - Dark Of The Moon HQ Themes Pack For [Windows 7 &.jpg.pif
%TEMP%\647970497E82693F73\FOTOS\Fame-Girls Sandra Set 156.jpg.pif
%TEMP%\647970497E82693F73\FOTOS\80 Dark Wallpapers Full HD 1080p.jpg.pif
%TEMP%\647970497E82693F73\FOTOS\777 Interior Design Wallpaper.jpg.pif
%TEMP%\647970497E82693F73\FOTOS\ 1600x1200 XxX.jpg.pif
%TEMP%\647970497E82693F73\FOTOS\Fascinating Wallpapers 1280x1024.jpg.pif
%TEMP%\647970497E82693F73\FOTOS\Met-Art Collection.jpg.pif
%TEMP%\647970497E82693F73\FOTOS\Playboy Every Centerfold 1954-2008.jpg.pif
%TEMP%\647970497E82693F73\FOTOS\335 Salvador Dali Paintings [Amazing Collection] [1925 to 1983].jpg.pif
%TEMP%\647970497E82693F73\FOTOS\Historic buildings Wallpapers [HQPictures].jpg.pif
%TEMP%\647970497E82693F73\FOTOS\The COMPLETE Ultimate Tattoo Flash Collection (A-Z).jpg.pif
%TEMP%\647970497E82693F73\FOTOS\40 Super Sexy Girls Wallpapers 1920 X 1200 [Set 43].jpg.pif
%TEMP%\647970497E82693F73\FOTOS\40 Sexy Girls HD Wallpapers (1920 X 1440).jpg.pif
%TEMP%\647970497E82693F73\FOTOS\Ass wallpapers and other pics.jpg.pif
%TEMP%\647970497E82693F73\FOTOS\400 Super Sexy Girls Wallpapers 1600 X 1200 [Amazing Collection].jpg.pif
C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\_filelst.cfg
%TEMP%\647970497E82693F73\FOTOS\Sexy FACEBOOK.jpg.pif
%TEMP%\647970497E82693F73\FOTOS\900 Amazing Tribal Tattoo Designs 700 X 700.jpg.pif
%TEMP%\647970497E82693F73\FOTOS\Icon Collection Pack 2011 (5296 icons) [InterlinkKnight].jpg.pif
%TEMP%\647970497E82693F73\PELICULAS\Source Code (2011) DVDRip XviD-MAX.avi.pif
%TEMP%\647970497E82693F73\MUSICA\Beyonce - Best Thing I Never Had (2nd Single) (iTunes Version).mp3.pif
%TEMP%\647970497E82693F73\MUSICA\David Guetta-Gettin' Over You (Feat. Fergie & LMFAO).mp3.mp3.pif
%TEMP%\647970497E82693F73\PELICULAS\Harry Potter and the Deathly Hallows Part 2 2011 TS UnKnOwN.avi.pif
%TEMP%\647970497E82693F73\PELICULAS\X-Men First Class 2011 R5 LiNE READNFO XViD-IMAGiNE.avi.pif
%TEMP%\647970497E82693F73\PELICULAS\The Veteran (2011) DVDRip XviD-ICE.avi.pif
%TEMP%\647970497E82693F73\MUSICA\DJ Khaled - We The Best Forever (2011) $AC3$.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Katy Perry - Firework [Single 2010].mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Jason Aldean - My Kinda Party CDRip -2010- [MJN].mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Martin Solveig Feat. Dragonette - Hello.mp3.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\David Guetta ft. Taio Cruz & Ludacris - Little Bad Girl @320kbps.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Tinie Tempah Ft Eric Turner-Written In The Stars-(Single)-2010-T.mp3.pif
%TEMP%\647970497E82693F73\PELICULAS\Bad Teacher 2011 TS XViD DTRG.avi.pif
%TEMP%\647970497E82693F73\FOTOS\830 FUNNY PHOTOGRAPHS.jpg.pif
%TEMP%\647970497E82693F73\FOTOS\100 Awesome Cityscapes Full HD Wallpapers 1920 X 1080.jpg.pif
%TEMP%\647970497E82693F73\FOTOS\Fame-Girls Virginia Set 156.jpg.pif
%TEMP%\647970497E82693F73\FOTOS\Kim Kardashian (Leaked Early) Playboy Photos December 2007.jpg.pif
%TEMP%\647970497E82693F73\FOTOS\Old Maps Of The World..jpg.pif
%TEMP%\647970497E82693F73\FOTOS\300 Wonderful Nature Wide Screen Wallpapers [Must Have] 1920 px.jpg.pif
%TEMP%\647970497E82693F73\PELICULAS\Hall Pass (2011) DVDRip XviD-MAX.avi.pif
%TEMP%\647970497E82693F73\PELICULAS\Sucker Punch (2011) DVDRip XviD-MAX.avi.pif
%TEMP%\647970497E82693F73\PELICULAS\Ironclad 2011 BDRiP XViD-PSiG.avi.pif
%TEMP%\647970497E82693F73\FOTOS\2000 Amazing World War 2 Pictures Collection HQ [1980 X 1200].jpg.pif
%TEMP%\647970497E82693F73\PELICULAS\Cars 2 2011 TS XViD-IMAGiNE.avi.pif
%TEMP%\647970497E82693F73\PELICULAS\The Adjustment Bureau (2011) DVDRip XviD-MAX.avi.pif
%TEMP%\647970497E82693F73\FOTOS\Full HD Pack Beautiful Wallpapers (543) [ ThumperRG ].jpg.pif
%TEMP%\647970497E82693F73\FOTOS\shutterstock Vector images.jpg.pif
%TEMP%\647970497E82693F73\FOTOS\7000 Clipart.jpg.pif
%TEMP%\647970497E82693F73\FOTOS\100 Best Mobile Wallpapers (240x320) [Set - 1] ~~~AbhinavRocks.jpg.pif
%TEMP%\647970497E82693F73\FOTOS\100 Hot and Sexy Girls Wallpapers 1280 X 1024 [Set 5].jpg.pif
%TEMP%\647970497E82693F73\FOTOS\303 High Quality Wallpapers..[Raymondryche].jpg.pif
%TEMP%\647970497E82693F73\FOTOS\75 Stunning Landscapes Full HD Wallpapers 1920 X 1080.jpg.pif
%TEMP%\647970497E82693F73\FOTOS\35 Amazing Cityscapes Widescreen Wallpapers 1680 X 1050.jpg.pif
%TEMP%\647970497E82693F73\FOTOS\Ultimate Vector Collection.jpg.pif
%TEMP%\647970497E82693F73\FOTOS\40 Amazing Insects Wallpapers 1920 X 1200 [Set 1].jpg.pif
%TEMP%\647970497E82693F73\FOTOS\70 Amazing Dragons Tattoo Designs [Up to 3000 Px].jpg.pif
%TEMP%\647970497E82693F73\FOTOS\Stock photography archive (13).jpg.pif
%TEMP%\647970497E82693F73\FOTOS\Stock photography archive (3a3).jpg.pif
%TEMP%\647970497E82693F73\FOTOS\25 Nice Romantic HD Wallpapers [DwzRG].jpg.pif
%TEMP%\647970497E82693F73\FOTOS\Stardock DeskScapes 2.0 + 75 Wallpaper Dreams [3trn1ty].jpg.pif
%TEMP%\647970497E82693F73\FOTOS\Emma Watson Ultimate Sexy Pics.jpg.pif
%TEMP%\647970497E82693F73\FOTOS\Desi Beutifull Girls (Set 1).jpg.pif
%TEMP%\647970497E82693F73\FOTOS\Fame-Girls Sandra Set 155.jpg.pif
%TEMP%\647970497E82693F73\FOTOS\70 Amazing Italian HD Wallpapers [DwzRG].jpg.pif
%TEMP%\647970497E82693F73\FOTOS\The Ultimate Tattoo Flash Collection - over 7000+ sheets by arti.jpg.pif
%TEMP%\647970497E82693F73\FOTOS\The Anti-Newfag Kit Version 3.0 FINAL.jpg.pif
%TEMP%\647970497E82693F73\FOTOS\Digital Backdrops - Digital Backgrounds.jpg.pif
%TEMP%\647970497E82693F73\FOTOS\55 Different Great Super Cars HD Wallpapers [DwzRG].jpg.pif
%TEMP%\647970497E82693F73\FOTOS\60 Incredible Ladies HQ Perfect HD Wallpapers (1600x1200-2560x16.jpg.pif
%TEMP%\647970497E82693F73\FOTOS\30 Beautiful Bridges HD Wallpapers [DwzRG].jpg.pif
%TEMP%\647970497E82693F73\FOTOS\100 Amazing Fantasy Wallpapers 1280 X 1024 [Set 2].jpg.pif
%TEMP%\647970497E82693F73\FOTOS\470 Amazing Military Aircraft HR Photos [Up to 4300 Px].jpg.pif
%TEMP%\647970497E82693F73\FOTOS\80 Amazing NASA Pictures Wallpapers [1920 X 1200] HQ - {RedDrago.jpg.pif
%TEMP%\647970497E82693F73\FOTOS\12000 Loli Pictures + Loli Game.jpg.pif
%TEMP%\647970497E82693F73\FOTOS\25 Beautiful Seashore HD Wallpapers [DwzRG].jpg.pif
%TEMP%\647970497E82693F73\FOTOS\Fame-Girls Ella Set 155.jpg.pif
%TEMP%\647970497E82693F73\FOTOS\Fame-Girls Virginia Set 156 [1920x1280].jpg.pif
%TEMP%\647970497E82693F73\FOTOS\Brenda Melissa [98 pict] 18y amateur.jpg.pif
%TEMP%\647970497E82693F73\FOTOS\70 Beautiful Cities HD Wallpapers [DwzRG].jpg.pif
%TEMP%\647970497E82693F73\FOTOS\Sexy & nude girls wallpapers from Read-Ero.info (1920x1200) pt.5.jpg.pif
%TEMP%\647970497E82693F73\FOTOS\Fame-Girls Virginia Set 155.jpg.pif
%TEMP%\647970497E82693F73\FOTOS\27 Amazing Landscapes Dual Screen Wallpapers 3200 X 1200.jpg.pif
%TEMP%\647970497E82693F73\FOTOS\Aridi Vector EPS Clipart Collection all 38 Original Volumes.jpg.pif
%TEMP%\647970497E82693F73\FOTOS\100 Best Mobile Wallpapers (240x320) [Set - 2] ~~~AbhinavRocks.jpg.pif
%TEMP%\647970497E82693F73\FOTOS\Tattoo Flash With Transparent Backgrounds.jpg.pif
%TEMP%\647970497E82693F73\FOTOS\The Complete Ultimate Tattoo Flash Collection (Over 7000 Sheets.jpg.pif
%TEMP%\647970497E82693F73\FOTOS\100 Amazing Windows 7 Wallpapers 1920 X 1200.jpg.pif
%TEMP%\647970497E82693F73\FOTOS\45 Amazing Digital Art Wallpapers Ful HD 1920 X 1080.jpg.pif
%TEMP%\647970497E82693F73\FOTOS\77 NASA Picture of the Day (2011) Wallpapers 1600 X 1200.jpg.pif
%TEMP%\647970497E82693F73\FOTOS\Stock photography archive (23).jpg.pif
%TEMP%\647970497E82693F73\FOTOS\Baby Jana pt8 (Ex Webe Model Allison).jpg.pif
%TEMP%\647970497E82693F73\FOTOS\150 Amazing Fantasy Tattoo Designs [Up to 2000 Px].jpg.pif
%TEMP%\647970497E82693F73\FOTOS\100 Stunning Digital Art Wallpapers 1600 X 1200.jpg.pif
%TEMP%\647970497E82693F73\FOTOS\Christina Model (Sets 1028-1031New).jpg.pif
%TEMP%\647970497E82693F73\FOTOS\50 Amazing Animals Full HD Wallpapers 1920 X 1080 [Set 1].jpg.pif
%TEMP%\647970497E82693F73\MUSICA\Eminem-Recovery-(Retail)-2010-[NoFS].mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Katy Perry - Last Friday Night (T.G.I.F.).mp3.pif
%TEMP%\647970497E82693F73\MUSICA\500 Oldies Superhits[mp3].mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Alexandra Stan - Mr. Saxobeat 320kbps.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Lady Gaga-Born This Way (Special Edition) 2CD 2011-pLAN9.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Black Eyed Peas - Just Can't Get Enough [2011-Single][SW].mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Chris Brown Ft Lil Wayne & Busta Rhymes - Look At Me Now [Single.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Jessie J - Price Tag (feat. B.o.B) [2011-Single][MJN].mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Snoop Dogg - Sweat (David Guetta Remix) [2011-Single][SW].mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Rihanna - Loud [2010-MP3-Cov][Bubanee].mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Lil Wayne - How To Love (Tha Carter IV) [2011] {mp3}.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\The_Script-Science_And_Faith-2010-CaHeSo.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Bruno Mars-Doo Wops And Hooligans-2010-H3X.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\ ft. Eric Turner.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Tinie Tempah - Written in the Stars.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\David Guetta - The Best Of 2010.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Diddy & Dirty Money - I'm Coming Home (feat. Skylar Grey).mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Katy Perry-Teenage Dream mp3.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Rihanna - Only Girl (In The World) [2010-Single][MJN].mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Enrique Iglesias - Dirty Dancer Ft Usher & Lil Wayne 2011 (YOUSE.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Katy Perry & Kanye West - E.T [2011] - Mp3ViLLe.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Bruno Mars - The Lazy Song(Radio Edit)[320kbps].mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Kelly Rowland - Motivation (feat. Lil Wayne) [2011-Single][MJN].mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Big Sean - Finally Famous (Full Album) [Silver RG] - PR!M3.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\The Lonely Island - Turtleneck And Chain 2011-FNT.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\David Guetta feat. Nicki Minaj & Flo Rida - Where Them Girls At.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\LMFAO - Party Rock Anthem [2011-Single@320][TJ].mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Jennifer Lopez - On The Floor (Feat. Pitbull).mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Mumford And Sons - Sigh No More (Album).mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Black Eyed Peas - The Beginning (Deluxe Edition) 2010-DOH.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Kanye West-My Beautiful Dark Twisted Fantasy (Explicit) @320kbps.mp3.pif
%HOMEPATH%\Start Menu\Programs\Internet Explorer.exe
%HOMEPATH%\Start Menu\Fax y Escaner de Windows.exe
%HOMEPATH%\1A617E607B3F6A65\396579.exe
%TEMP%\647970497E82693F73\MUSICA\Adele - 21 (Limited Edition CD-Rip @320kbps Bonus+Cov) [PRIME].mp3.pif
%ALLUSERSPROFILE%\Start Menu\Programs\Windows Media Center.exe
%ALLUSERSPROFILE%\Start Menu\Windows DVD Maker.exe
%TEMP%\647970497E82693F73\MUSICA\Adele - 21_PROPER_320kbps_VRTX.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Lil.Wayne-Sorry.4.The.Wait-(Deluxe.Edition)-2011-[NoFS].mp3.pif
%TEMP%\647970497E82693F73\MUSICA\ Afrojack Nayer - Give Me Everything (Tonight).mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Pitbull ft. Ne-Yo.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Foo Fighters 2011 Wasting Light 320 Kbps.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Chris Brown - F.A.M.E Deluxe [2011-MP3-Cov][Bubanee].mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Jessie J - Who You Are 2011 Album [Deluxe Edition].mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Beyonce-4_(Deluxe_Edition)-2CD-2011-VOiCE.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Rihanna - LOUD (2011 With 5 Bonus Tracks).mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Pitbull - Give Me Everything (feat. Ne-Yo) [2011-Single][SW].mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Nicki Minaj - Pink Friday (Deluxe Edition) 2011.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Adele - Rolling In the Deep [2010-Single][SW].mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Now Thats What I Call Music 78 (2011) - 2CD.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Miguel-All I Want Is You-2010-CR.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Big Sean - Finally Famous [album [2011-MP3-Cov] [love Rulz].mp3.pif
%TEMP%\647970497E82693F73\MUSICA\The Black Keys [DISCOGRAPHY] [320Kbps].mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Chris Brown - Beautiful People (ft. Benny Benassi) [2011-Single].mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Black Eyed Peas - The Time (The Dirty Bit) 256kbps CDQ [WooZ].mp3.pif
%TEMP%\647970497E82693F73\MUSICA\P!nk (Pink) - Raise Your Glass [2010-Single][MJN].mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Kid.Cudi-Man.on.The.Moon.II-The.Legend.of.Mr.Rager-(Retail)-2010.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Nicki Minaj - Pink Friday [2010-MP3-Cov][Bubanee].mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Eminem Feat. Rihanna - Love The Way You Lie.mp3.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Enrique Iglesias - Tonight (feat. Ludacris)(Dirty)~Struzzin~.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Kesha - Blow(2010) (320kbps).mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Lil.Wayne-Rebirth-Retail.Deluxe.Edition)-2010-[NoFS].mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Jennifer Lopez - I'm Into You (ft. Lil Wayne) [2011-Single@320].mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Dj Khaled Ft Lil Wayne.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Trey.Songz-Passion.Pain.And.Pleasure-(Deluxe.Edition)-2010-[NoFS.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Shakira Feat. Pitbull - Rabiosa [2011Single] 320 kbps.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Take That - Progress (2010) @ 320kbs.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Rick Ross-Im On One (Cdq-Dirty)Dj.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Drake.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Cee Lo Green - The Lady Killer (Deluxe) -2010-[SW].mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Jason Derulo - Don't Wanna Go Home [2011-Single][MJN].mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Dr. Dre - I Need a Doctor (feat. Eminem) [2011-Single][MJN].mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Taylor Swift - Fearless.Platinum Edition+Bonus (2009.JB59).mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Eminem Discography.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Lil.Wayne-Im.Not.A.Human.Being.EP-(Retail)-2010-[NoFS].mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Drake-Thank.Me.Later-(Retail)-2010-[NoFS].mp3.pif
%TEMP%\647970497E82693F73\MUSICA\The Rolling Stones - Greatest Hits (2008) 320 vtwin88cube.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Maroon_5-Hands_All_Over_ (Deluxe_Edition)-2010-DOH.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Adele - 19 (Deluxe Edition).mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Nicki Minaj - Super Bass [Single Mp3 2011].mp3.pif
%TEMP%\647970497E82693F73\MUSICA\100 Dance Club_Hits_Vol.2-2011-.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Fleet Foxes - Helplessness Blues [mp3-320-2011][trfkad].mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Ke$ha (Kesha) - Animal Deluxe Edition (2010)'JB59.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Wiz Khalifa - Black and Yellow [2010-Single@320][TJ].mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Nicole Scherzinger ft. 50 Cent - Right There @320kbps [PRIME].mp3.pif
%TEMP%\647970497E82693F73\MUSICA\LMFAO ft. Lauren Bennett & Goon Rock - Party Rock Anthem.mp3.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Lady Gaga - The Edge Of Glory.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Lady GaGa - The Fame Monster 2CDRip 2009 [Cov+2CD][Bubanee].mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Bon Iver - Bon Iver [mp3-320-2011][trfkad].mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Foster the People - Torches [192kbps].mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Lady Antebellum - Need You Now (Retail.2010)'JB59.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Bruno Mars - Grenade.mp3.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Pitbull - Hey Baby (ft. T-Pain) [2010-Single][MJN].mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Wiz Khalifa - Rolling Papers.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Britney Spears - Femme Fatale (Deluxe Edition-2011).mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Florence And The Machine-Between Two Lungs-2CD-2010-CaHeSo.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Bruno Mars - Just the Way You Are [2010-Single][MJN].mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Jeremih - Down On Me (feat. 50 Cent).mp3.mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Jason Derulo - Dont Wanna Go Home @320kbps (FULL) [PRIME].mp3.pif
%TEMP%\647970497E82693F73\MUSICA\Coldplay - Every Teardrop Is A Waterfall (2011) Single - woollyt.mp3.pif

Sets the 'hidden' attribute to the following files:

<Drive name for removable media>:\453F6F619B5541613F4F\553F893F94533F5389.exe
<Drive name for removable media>:\autorun.inf
<Drive name for removable media>:\453F6F619B5541613F4F\S-1-3-01-4631041401--55736164-464015834-1505\3F753F3F3F6F492E4F.exe
<Drive name for removable media>:\453F6F619B5541613F4F\Desktop.ini
<Drive name for removable media>:\453F6F619B5541613F4F\S-1-3-01-4631041401--55736164-464015834-1505\Desktop.ini

Deletes the following files:

<SYSTEM32>\Restore\MachineGuid.txt
<DRIVERS>\etc\hosts

Substitutes the HOSTS file.

Network activity:

Connects to:

'wh##.amung.us':80
'cl###.#s1.dnsdynnet.com':80

TCP:

HTTP GET requests:

wh##.amung.us/swidget/78ejo1rdbrrt
cl###.#s1.dnsdynnet.com/

UDP:

DNS ASK wh##.amung.us
DNS ASK cl###.#s1.dnsdynnet.com

Miscellaneous:

Searches for the following windows:

ClassName: 'Shell_TrayWnd' WindowName: '(null)'
ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
ClassName: 'MS_AutodialMonitor' WindowName: '(null)'

Tecnologie

Termini

Formazione ed informazione

Falsi miti

Technical Information

Curing recommendations

Free trial