PARA USUARIOS

Cerrar

Mi biblioteca
Mi biblioteca

+ Añadir a la biblioteca

Buscar
Buscar

Soporte
Soporte 24 horas | Normas de contactar

Escribir

una solicitud al rellenar un formulario

Llamar

+7 (495) 789-45-86

Foro

Sus solicitudes

Crear una nueva solicitud

Llamar

+7 (495) 789-45-86

Perfil

ES

RU CN DE EN ES FR IT JP KZ UZ PL BY
Cerrar
Servicios
Escáneres
Dr.Web vxCube
Demo
Peritaje de IIV
Biblioteca de virus
Base de conocimiento

Tecnologías

Términos

Formación y educación

Mitos

Noticias

Trojan.FakeAV.14835

Added to the Dr.Web virus database: 2013-06-16

Virus description added:

Technical Information

To ensure autorun and distribution:
Modifies the following registry keys:
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\supftrl.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\st2.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweep.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\supporter5.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ss3edit.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spider.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sphinx.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\srwatch.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spyxx.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweep95.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\syshelp.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sysdoc32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tasklist.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symtray.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweepsrv.sys.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweepnet.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symproxysvc.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\swnetsup.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spf.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sd.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scvhosl.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\serv95.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sdclt.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scrscan.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan95.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\schedapp.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanpm.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup_flowprotector_us.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smc.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shn.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sofi.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fwinstall.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shellspyinstall.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sgssfw32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setupvameeval.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sharedaccess.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sh.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmon.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcmserv.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\update.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbust.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcons.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\undoboot.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjscan.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tracert.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trojantrap3.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjsetup.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwin9x.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet95.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vettray.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet98.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcsetup.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vccmserv.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwinntw.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcontrol.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcleaner.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tracerpt.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcm.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tca.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcpsvs32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tc.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taumon.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbscan.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tauscan.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-98.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titanin.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tgbob.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tmntsrv.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titaninxp.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tftpd.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds-3.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-nt.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak5.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sbserv.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccwin97.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccpfw.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcdsetup.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccwin98.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccntmon.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccguide.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccclient.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccmain.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcciomon.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcfwallicon.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\perswf.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\persfw.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfwadmin.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pf2.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\periscope.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcscan.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcip10117_0.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\penis32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcscanpdsetup.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcc2k_76_1436.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ogrc.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\offguard.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ostronet.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwtool16.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvsvc32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvlaunch.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwservice.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwinst4.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostinstall.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsched.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavproxy.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcc2002s902.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavw.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavcl.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\padmin.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostproinstall.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pathping.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\panixk.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ping.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\realmon.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav8win32eng.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7win.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rapapp.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qserver.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscn95.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeweb.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rulaunch.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rshell.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\route.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rrguard.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\routemon.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qconsole.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\portmonitor.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\portdetective.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pptbc.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppinupdt.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\popscan.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pingscan.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\poproxy.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pop3trap.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppvstop.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\purge.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pspf.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pview95.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pview.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectx.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexplorerv1.0.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\processmonitor.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\proport.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\programauditor.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vfsetup.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avupgsvc.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avshadow.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfeann.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcadmin.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avscan.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwebloader.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\licmgr.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardhlp.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UserAccountControlSettings.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sched.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwsc.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fact.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shstat.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fslaunch.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cclaw.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zlh.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Regmon.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndntspst.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kav8.0.0.357es.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WS2Fix.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nd98spst.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kis8.0.0.506latam.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Filemon.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Netscape.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Safari.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Procmon.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prckiller.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gpedit.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\portmon.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemc.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SandboxieWUAU.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SbieSvc.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SandboxieCrypto.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SandboxieBITS.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamservice.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HiJackThis.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wuauclt.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamgui.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbam.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SandboxieDcomLaunch.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HelpPane.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\swreg.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '616F613FA94875336F6660514F0A391D3F311C023C4A387F' = '%HOMEPATH%\1A617E607B3F6A65\396579.exe'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '57AB2E261E25963F6841874F21AE3F3F820B1D5C7B384684' = '%HOMEPATH%\1A617E607B3F6A65\396579.exe'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hidec.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SbieCtrl.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SandboxieRpcSs.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pev.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ComboFix.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\earthagent.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spysweeper.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tmlisten.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\acs.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vmsrvc.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antigen.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashWebSv.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpcmap.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a2servic.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcuimgr.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BullGuard.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UI0Detect.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WerFault.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clamauto.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVServer.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavsvc.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ewido.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UCCLSID.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscan.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\watchdog.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webtrap.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\w9x.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinperse.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinntse.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\w32dsm89.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vvstat.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wfindv32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winmgm32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wink.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winrecon.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winppr32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winhlpp32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\whoswatchingme.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wgfe95.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wingate.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wimmun32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswin9xe.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpfw30s.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc42.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscan.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vptray.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\virusmdpersonalfirewall.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnpc3000.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnlan300.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscan40.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmon.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmain.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsscan40.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsisetup.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsched.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscenu6.02d30.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vshwin32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsecomr.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winroute.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Restart.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Process.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exit.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dumphive.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntdetect.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Opera_964_int_Setup.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleToolbarInstaller_download_signed.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HJTInstall.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ChromeSetup.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GenericRenosFix.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\swsc.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\swxcacls.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VACFix.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\unzip.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Diskmon.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEDFix.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HostsChk.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SrchSTS.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmitfraudFix.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fa-setup.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wrctrl.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wradmin.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wyvernworksfirewall.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsbgate.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnt.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winsfcm.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winservices.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmiav.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmias.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpf202en.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonalarm.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zauinst.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonalm2601.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutorzauinst.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xscan.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutor.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csinsm32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csinject.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctrl.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\css1631.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpfnt206.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpd.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\connectionmonitor.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf9x206.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpdclnt.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cv.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\doors.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deputy.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drvins32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpf.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defwatch.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwntdwmo.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwnb181.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defscangui.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defalert.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmon016.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiaudit.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiadmin.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfind.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfgwiz.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccsetmgr.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccpxysvc.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cdp.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccshtdwn.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanpc.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner3.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmgrdian.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95cf.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clean.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95ct.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwatson.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-agnt95.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fch32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fast.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explored.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\evpn.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\etrustcipe.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\expert.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exantivirus-cnet.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fih32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flowprotector.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fix-it.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firewall.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\findviru.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FirewallSettings.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FirewallControlPanel.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\espwatch.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecmd.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecls.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\edi.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95_0.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dv95.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dv95_o.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\efinet32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanh95.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\esafe.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanv95.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanhnt.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ent.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\efpeadm.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EHttpSrv.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccevtmgr.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atwatch.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atupdater.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autodown.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aupdate.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atro55en.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aplica32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atguard.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autotrace.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv9.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkpop.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgw.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgctrl.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoupdate.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcc32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ave32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apimonitor.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_findviru.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpm.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti-trojan.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon9x.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ants.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirus.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alerter.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ahnsd.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkserv.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bd_professional.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\azonealarm.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidserver.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidef.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxw.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitor9x.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxquar.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitornt.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcp.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bs120.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\borg2.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\callmsi.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootwarn.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bisp.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcpevalsetup.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackice.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackd.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwinnt.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpcc.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpexec.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpdos32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwcl9.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkservice.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnt.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwctl9.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpinst.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsched32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avrescue.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin95.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsynmgr.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpupd.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpmon.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpm.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avptc32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpnt.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot95.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nai_vs_stat.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\n32scanw.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nav80try.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nav32_loader.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\n32scan.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mu0311ad.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssmmc32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mxtask.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mwatch.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navap.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navex15.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navengnavex15.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navnt.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navlu32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\naveng.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navdx.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navauto-protect.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspatch.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monitor.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\minilog.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monsysnt.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monsys32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgui.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrtcl.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfweng3.02d30.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mghtml.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrte.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monwow.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msblast.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msn.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msinfo32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrflux.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfagent.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\moolive.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpftray.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfservice.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navrunr.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfmessenger.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npf40_tw_98_nt_me_2k.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npscheck.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nprotect.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notstart.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nmain.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\norton_internet_secu_3.0_407.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\normist.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npssvc.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvapsvc.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nupgrade.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvc95.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvarch16.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nupdate.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntrtscan.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsched32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nui.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntxconfig.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisum.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ncinst4.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nc2000.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neomonitor.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndd32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navwnt.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navstub.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navsched.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neowatchlog.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netstat.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netspyhunter-1.2.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisserv.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netutils.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netscanpro.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netcfg.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netarmor.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netmon.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netinfo.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfw2en.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hwpe.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htlog.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamserv.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamapp.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hacktracersetup.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gibe.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\generics.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guarddog.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guard.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamstats.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icssuppnt.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmoon.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsupp95.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsupp.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmon.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmavsp.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmasn.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icloadnt.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icload95.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbpoll.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530wtbyb.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530stbyb.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsaa.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot95.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frw.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win_trial.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav95.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-stopw.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fssm32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbmenu.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fwenc.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsmb32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsgk32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsave32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsma32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsm32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsuppnt.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luall.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsetup.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lucomserver.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luau.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lookout.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\localnet.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldscan.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown2000.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luinit.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsrte.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcupdate.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdll.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mctool.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcagent.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luspt.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmnhdlr.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpromenu.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jammer.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isrv95.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jed.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iris.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ifw2000.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iface.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmor.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iomon98.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavlite40eng.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfw32.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpf.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpro.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldnetmon.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\killprocesssetup161.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-pf-213-en-win.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpers40eng.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrp-421-en-win.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrl-421-en-win.exe] 'Debugger' = '"%HOMEPATH%\1A617E607B3F6A65\396579.exe"'
Creates or modifies the following files:
  • %ALLUSERSPROFILE%\Start Menu\Programs\Startup\Windows Update.exe
  • %HOMEPATH%\Start Menu\Programs\Startup\Windows Anytime Upgrade.exe
Creates the following files on removable media:
  • <Drive name for removable media>:\4E6EA4113245613F6F41\5C664F493D7A993F79.exe
  • <Drive name for removable media>:\autorun.inf
  • <Drive name for removable media>:\4E6EA4113245613F6F41\S-1-3-01-4631041401--255085063-464015834-1505\27263F61283F656E3F.exe
  • <Drive name for removable media>:\4E6EA4113245613F6F41\Desktop.ini
  • <Drive name for removable media>:\4E6EA4113245613F6F41\S-1-3-01-4631041401--255085063-464015834-1505\Desktop.ini
Malicious functions:
To bypass firewall, removes or modifies the following registry keys:
  • [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%HOMEPATH%\1A617E607B3F6A65\396579.exe' = '%HOMEPATH%\1A617E607B3F6A65\396579.exe:*:Enabled:@xpsp2res.dll,-53342401'
  • [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%HOMEPATH%\1A617E607B3F6A65\396579.exe' = '%HOMEPATH%\1A617E607B3F6A65\396579.exe:*:Enabled:@xpsp2res.dll,-70554750'
  • [<HKLM>\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%HOMEPATH%\1A617E607B3F6A65\396579.exe' = '%HOMEPATH%\1A617E607B3F6A65\396579.exe:*:Enabled:@xpsp2res.dll,-28956246'
  • [<HKLM>\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%HOMEPATH%\1A617E607B3F6A65\396579.exe' = '%HOMEPATH%\1A617E607B3F6A65\396579.exe:*:Enabled:@xpsp2res.dll,-57951861'
  • [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
  • [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'DoNotAllowExceptions' = '00000000'
  • [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'DisableNotifications' = '00000001'
  • [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
  • [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'EnableFirewall' = '00000000'
To complicate detection of its presence in the operating system,
forces the system hide from view:
  • hidden files
  • file extensions
blocks execution of the following system utilities:
  • Command Prompt (CMD)
  • Windows Task Manager (Taskmgr)
  • Registry Editor (RegEdit)
blocks the following features:
  • System Restore (SR)
  • User Account Control (UAC)
  • Windows Security Center
Creates and executes the following:
  • '%HOMEPATH%\1A617E607B3F6A65\396579.exe'
  • '%HOMEPATH%\1A617E607B3F6A65\396579.exe' 88E6680F
Executes the following:
  • '<SYSTEM32>\wbem\unsecapp.exe' -Embedding
Terminates or attempts to terminate
the following system processes:
  • <SYSTEM32>\cmd.exe
  • <SYSTEM32>\ctfmon.exe
the following user processes:
  • NAVAPW32.EXE
  • nod32.exe
  • mpftray.exe
  • fsav32.exe
  • GUARD.EXE
  • opera.exe
  • safari.exe
  • ZONEALARM.EXE
  • outpost.exe
  • zapro.exe
  • fsav.exe
  • AVP.EXE
  • AVP32.EXE
  • AVP.COM
  • AVGCC32.EXE
  • AVGCTRL.EXE
  • ecmd.exe
  • ekrn.exe
  • AVSYNMGR.EXE
  • AVPCC.EXE
  • AVPM.EXE
Modifies settings of Windows Explorer:
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] 'NoFolderOptions' = '00000000'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFolderOptions' = '00000000'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoRun' = '00000001'
Modifies settings of Windows Internet Explorer:
  • [<HKCU>\Software\Microsoft\Internet Explorer\Download] 'RunInvalidSignatures' = '00000001'
  • [<HKCU>\Software\Microsoft\Internet Explorer\Download] 'CheckExeSignatures' = 'no'
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Associations] 'LowRiskFileTypes' = '.exe'
Sets a new unauthorized home page for Windows Internet Explorer.
Modifies file system :
Creates the following files:
  • %TEMP%\647970497E82693F73\LIBROS\ Focused Practice that Improves Your Ma.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\The Ultimate Computer Repair Guide.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\Super Immunity Foods A Complete Program to Boost Wellness.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\1001 Math Problems Fast.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\The Complete Idiot's Guide to Magic Tricks-Mantesh.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\623 BOOKS FOR THE IPHONE & IPAD EPUB.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\25 Language Learning Packs Collection.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\ Nonfiction 1700 Sorted Ebooks Pack PHC.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\Best Ever Woodworking Project & Shop Tricks 2010 - (Malestrom).doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\543 For Dummies E-Books - )_)ReUpLd)_).doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\Professional Photographer (UK) - August 2011.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\Smart Photography - July 2011 (Malestrom).doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\Seven Languages in Seven Weeks A Pragmatic Guide to Learning Pr.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\ADOBE PHOTOSHOP CS5 TRAINING MANUAL [thethingy].doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\How to Succeed at Interviews Includes over 200 Interview Questi.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\Web User 100 Best Sites You Never Heard Of - July 14 2011(HQ-PD.doc.pif
  • %TEMP%\647970497E82693F73\JUEGOS\Portal 2-SKIDROW.com
  • %TEMP%\647970497E82693F73\JUEGOS\Harry Potter and the Deathly Hallows Part 2-SKIDROW.com
  • %TEMP%\647970497E82693F73\JUEGOS\Dirt 3-SKIDROW.com
  • %TEMP%\647970497E82693F73\JUEGOS\The Sims 3 - Razor1911 Final MAXSPEED.com
  • %TEMP%\647970497E82693F73\PROGRAMAS\Nero Burning ROM 10.5.10300 + Key [RH].exe
  • %TEMP%\647970497E82693F73\JUEGOS\The.Witcher.2.Assassins.of.Kings-SKIDROW.com
  • %TEMP%\647970497E82693F73\JUEGOS\The Sims 3 Generations-RELOADED.com
  • %TEMP%\647970497E82693F73\JUEGOS\Assassins Creed Brotherhood-SKIDROW.com
  • %TEMP%\647970497E82693F73\LIBROS\Professional Android 2 Application Development (2010) (Malestrom.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\How To Make Money Ebooks Collection-Mantesh.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\The 4 Hour Body - Timothy Ferriss.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\Triple Your Reading Speed-Mantesh.doc.pif
  • PARSE ERROR
  • %TEMP%\647970497E82693F73\LIBROS\All New Electronics Self-Teaching Guide 3 Ed - (Malestrom).doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\The Multi-Orgasmic Man Sexual Secrets Every Man Should Know-Man.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\Routledge Ebook Pack 867 Books Sorted PHC.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\10 Self Help Books Collection-Mantesh.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\Self-Confidence The Remarkable Truth of Why a Small Change Can.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\The_Adult_Joke_Book-viny.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\Lynda.com.Joomla.1.6.Creating.and.Editing.Custom.Templates-QUASA.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\Maximum Strength Get Your Strongest Body in 16 Weeks with the U.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\1001 Motivational Quotes for Success Great Quotes from Great Mi.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\21 Income Streams- Multiple Ways to Make Money Online-Mantesh.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\50 Psychology Classics Who We Are.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\ How We Think.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\ What We Do-Ma.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\New York Times Best Sellers Week 49 Ebooks-P2P PDFePUB.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\A Game Of Thrones.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\WA's Best Homes Design 2011 & 2012 - (Malestrom).doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\E-Book Recipes Collection 2.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\AutoCAD 2011 for Dummies - Oceanhawk.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\The Best Secrets of Great Small Businesses-Mantesh.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\The Five Secrets You Must Discover Before You Die-Mantesh.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\501 Killer Marketing Tactics to Increase Sales.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\The Game - Neil Strauss.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\OREILLY - LEARNING ANDROID (2011) [thethingy].doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\Electrical Safety Handbook-Mantesh.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\Wireless Hacking.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\ Maximize Profits.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\Cross-Train Your Brain A Mental Fitness Program for Maximizing.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\Portrait Photography Secrets of Posing & Lighting -Mantesh.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\Dreamweaver CS5 All-in-One For Dummies (2010) - (Malestrom).doc.pif
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\_filelst.cfg
  • %TEMP%\647970497E82693F73\LIBROS\Prescription for Nutritional Healing 3rd Ed.-Mantesh.doc.pif
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\drivetable.txt
  • %TEMP%\647970497E82693F73\LIBROS\PC_Magazine_2011-08.pdf.doc.pif
  • %TEMP%\647970497E82693F73\PROGRAMAS\Microsoft Windows XP Professional SP3 Integrated July 2011.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Guitar Pro 5.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Cinema 4D Studio V12 Full iso.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Microsoft Office Enterprise 2010 Corporate Final (full activated.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\ Acces.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Windows.7.Ultimate.Sp1.32bit.x86.June.2011.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Total Video Converter HD v3.71 + Serials [ChattChitto RG].exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Nero 8 Ultra Edition 8.3.2.1 [PC] [Multilanguage].exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Sony Vegas PRO 10.0c+Keygen(x86x64)(Registered) [ kk ].exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Ableton Live Suite 8.1.1 + Easy Patch.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\ADOBE FLASH PROFESSIONAL CS5.5 [thethingy].exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Windows 7 Activator Patch [2010] - [GuruFuel].exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\ADOBE PHOTOSHOP CS4 EXTENDED EDITION [thethingy].exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\MAGIX Music Maker 17 Premium incl. content packs - english.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Microsoft Office 2007 - Product keySerial.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\ Outlook.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\WinRAR 4.00 32Bit And 64Bit Full-Version {blaze69}.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\ADOBE AFTER EFFECTS CS5.5 [thethingy].exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Rosetta Stone v3.4.5 (with 22 Languages v3).exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Adobe Acrobat Pro X v10.0 Multilingual (Full) [RH].exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\TuneUp Utilities 2011 v10.0.2011.65 + Crack-Serials [CC RG].exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\ADOBE CS5 5 MASTER COLLECTION KEYGEN WIN OSX-XFORCE.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Adobe Photoshop CS5 Ext. Edition [+SERIALS ].exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Adobe Dreamweaver CS5 [Win]-[CyberPiraten].exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Microsoft Office Xp Pro (Word.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\ Excel.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\ Powerpoint.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Windows 7 Activation - Remove WAT v2.2.5.2 (ThumperTM).exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\MICROSOFT OFFICE 2010 ACTIVATOR [thethingy].exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\MICROSOFT OFFICE 2003+KEY.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\AVG Anti-Virus Professional 9.0 Build 663a1706 + Keygen [RH].exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Ashampoo Burning Studio 10.10.0.1 +Key (32-64bit) -TrT.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Internet Download Manager 6.04 Final + Crack-[HB].exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Windows XP Professional SP3 - Activated.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Windows 7 Activator RemoveWAT v2.2.5.2 by Hazar.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Atomix Virtual DJ Pro V7.02 {Precracked} + Addons {blaze69}.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Microsoft Office 2010 Pro. FULL CRACKED [PRIME].exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\ADOBE CREATIVE SUITE 5.5 MASTER COLLECTION [thethingy].exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\DAEMON Tools Pro Advanced 4.41.0314.0232 Incl Crack.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Microsoft Windows XP Professional SP3 Integrated February 2011.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Avast AntiVirus Home Edition 6.0.11 + Serial Keys - {RedDragon}.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\AUTODESK AUTOCAD V2012 MULTI WIN64-ISO.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Mathworks.Matlab.R2011a.ISO-TBE.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Google.Sketchup.Pro.v8.0.3117.Incl.Keygen-MESMERiZE.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Nero 7 + KeyGen.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\ADOBE.CREATIVE.SUITE.5.5.MASTER.COLLECTION.ESD-ISO.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Antares Autotune VST v5.09 [T-Pain Software Sound Like T-Pain].exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Microsoft Office 2007.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Adobe Photoshop CS3 Extended Version Full + Crack.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Adobe Photoshop CS5 + Serial [1337x] [Ahmed].exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Microsoft.Windows.XP.SP3.Professional.March.2011.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Fraps v3.4.0 (Full Registered Version) [RH].exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\FL Studio 10.0.2 Producer Edition (x32x64).exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Microsoft Office Home and Student 2007 Activation Keys.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\AUTODESK AUTOCAD V2012 MULTI WIN32-ISO.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Rosetta Stone 3.4.5 + Crack(VasiaZozulia).exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Autodesk AutoCAD 2010 [64-bit].exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\MICROSOFT OFFICE 2010 POWERPOINT X64 [thethingy].exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Steinberg Cubase 5.1 - Advanced Music Production System.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Office 2010 Toolkit and EZ-Activator v 2.1.6 Final.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\CyberLink powerdirector 9 with key by TheAaax9.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Microsoft Visual Studio 2010 Ultimate x86-TKiSO.exe
  • %TEMP%\647970497E82693F73\FOTOS\7000 Clipart.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\shutterstock Vector images.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\Full HD Pack Beautiful Wallpapers (543) [ ThumperRG ].jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\40 Amazing Insects Wallpapers 1920 X 1200 [Set 1].jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\75 Stunning Landscapes Full HD Wallpapers 1920 X 1080.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\Stock photography archive (13).jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\70 Amazing Dragons Tattoo Designs [Up to 3000 Px].jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\303 High Quality Wallpapers..[Raymondryche].jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\The Anti-Newfag Kit Version 3.0 FINAL.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\The Ultimate Tattoo Flash Collection - over 7000+ sheets by arti.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\30 Beautiful Bridges HD Wallpapers [DwzRG].jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\Digital Backdrops - Digital Backgrounds.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\100 Hot and Sexy Girls Wallpapers 1280 X 1024 [Set 5].jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\100 Best Mobile Wallpapers (240x320) [Set - 1] ~~~AbhinavRocks.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\Stock photography archive (3a3).jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\35 Amazing Cityscapes Widescreen Wallpapers 1680 X 1050.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\Stock photography archive (23).jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\50 Amazing Animals Full HD Wallpapers 1920 X 1080 [Set 1].jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\Christina Model (Sets 1028-1031New).jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\Baby Jana pt8 (Ex Webe Model Allison).jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\12000 Loli Pictures + Loli Game.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\Aridi Vector EPS Clipart Collection all 38 Original Volumes.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\150 Amazing Fantasy Tattoo Designs [Up to 2000 Px].jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\100 Stunning Digital Art Wallpapers 1600 X 1200.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\45 Amazing Digital Art Wallpapers Ful HD 1920 X 1080.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\100 Amazing Windows 7 Wallpapers 1920 X 1200.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\Ultimate Vector Collection.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\77 NASA Picture of the Day (2011) Wallpapers 1600 X 1200.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\The Complete Ultimate Tattoo Flash Collection (Over 7000 Sheets.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\Tattoo Flash With Transparent Backgrounds.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\100 Best Mobile Wallpapers (240x320) [Set - 2] ~~~AbhinavRocks.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\50 Great Motorcycles HD Wallpapers [DwzRG].jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\Fame-Girls Ella Set 154.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\Fame-Girls Sandra Set 152.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\hot female celebs wallpaper {bdlnaredi}.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\Origami Collection - Jpg - PDF - [TNTVillage].jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\Wallpaper collection (full hd & hd).jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\50 Best Nature Wide Screen Full HD Wallpapers part 1.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\40 Super Sexy Girls HD Wallpapers [DwzRG].jpg.pif
  • %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\buscaid[1]
  • %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\buscaid[1]
  • %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\okaysearch[1]
  • %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\buscaid[1]
  • %TEMP%\647970497E82693F73\FOTOS\480 Natalie Portman HQ Photos [Up to 4300 Px] [Set 2].jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\Wallpaper Man's Collection.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\Playboys - Playboy Girls Network (PGN).jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\High-res Studio HDRi pack.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\25 Nice Romantic HD Wallpapers [DwzRG].jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\70 Amazing Italian HD Wallpapers [DwzRG].jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\Fame-Girls Sandra Set 155.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\Stardock DeskScapes 2.0 + 75 Wallpaper Dreams [3trn1ty].jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\60 Incredible Ladies HQ Perfect HD Wallpapers (1600x1200-2560x16.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\55 Different Great Super Cars HD Wallpapers [DwzRG].jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\Emma Watson Ultimate Sexy Pics.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\Desi Beutifull Girls (Set 1).jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\Harry Potter Deathly Hallows Part 2 Photos And Wallpapers.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\100 Amazing Fantasy Wallpapers 1280 X 1024 [Set 1].jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\80 Amazing Windows 7 Wallpapers 1920 X 1200.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\100 Best Mobile Wallpapers (240x320) [Set - 4] ~~~AbhinavRocks.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\Arab Girls New Pics 2011.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\Ksaunsdra Model (#80 Ft-Christina-New).jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\50 Best Nature Wide Screen Full HD Wallpapers part 2.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\180 Stunning National Geographic Wallpapers [2010-2011] 1600 X 1.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\2000 Amazing World War 2 Pictures Collection HQ [1980 X 1200].jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\Fame-Girls Virginia Set 156.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\50 Best Real World Full HD Wallpapers 1920 X 1080.jpg.pif
  • %TEMP%\647970497E82693F73\LIBROS\The Truth About Six Pack Abs [afn_afg].doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\Microsoft Office 2010 Ultimate Tips and Tricks-Mantesh.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\Go The Fuck To Sleep.doc.pif
  • %TEMP%\647970497E82693F73\FOTOS\100 Awesome Cityscapes Full HD Wallpapers 1920 X 1080.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\80 Dark Wallpapers Full HD 1080p.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\Fame-Girls Sandra Set 156.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\Transformers - Dark Of The Moon HQ Themes Pack For [Windows 7 &.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\Kim Kardashian (Leaked Early) Playboy Photos December 2007.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\830 FUNNY PHOTOGRAPHS.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\300 Wonderful Nature Wide Screen Wallpapers [Must Have] 1920 px.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\Old Maps Of The World..jpg.pif
  • %TEMP%\647970497E82693F73\LIBROS\Maximum PC Guide to Building a Dream PC-Mantesh.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\Electronic Devices (7th ed) - Floyd.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\Hacking for Dummies 3rd Edition 2010 - Oceanhawk.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\DK Eyewitness Books Collection.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\Language Learning Packs Collection (Vol. 2).doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\Get Well at Home Complete Home Health Care for the Family-Mante.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\Yoga as Medicine The Yogic Prescription for Health and Healing-.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\Cambridge Univ. Press Ebook MEGA Pack - 1193 Ebooks PHC.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\Microsoft Excel VBA Programming 2010 for Dummies - Oceanhawk.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\The Pocket Guide to Fungal Infection.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\Men's Health USA - July & August 2011 (Malestrom).doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\Mathemagics How to Look Like a Genius Without Really Trying-Man.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\1001 Books You Must Read Before You Die.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\Oxford University Press Ebook Pack 652 Books - Sorted - PHC.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\Strength Training-Mantesh.doc.pif
  • %TEMP%\647970497E82693F73\LIBROS\Home Networking Do-It-Yourself For Dummies-viny.doc.pif
  • %TEMP%\647970497E82693F73\FOTOS\70 Beautiful Cities HD Wallpapers [DwzRG].jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\Brenda Melissa [98 pict] 18y amateur.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\Fame-Girls Virginia Set 156 [1920x1280].jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\The COMPLETE Ultimate Tattoo Flash Collection (A-Z).jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\Playboy Every Centerfold 1954-2008.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\40 Sexy Girls HD Wallpapers (1920 X 1440).jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\40 Super Sexy Girls Wallpapers 1920 X 1200 [Set 43].jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\27 Amazing Landscapes Dual Screen Wallpapers 3200 X 1200.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\100 Amazing Fantasy Wallpapers 1280 X 1024 [Set 2].jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\Fame-Girls Ella Set 155.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\25 Beautiful Seashore HD Wallpapers [DwzRG].jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\470 Amazing Military Aircraft HR Photos [Up to 4300 Px].jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\Fame-Girls Virginia Set 155.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\Sexy & nude girls wallpapers from Read-Ero.info (1920x1200) pt.5.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\80 Amazing NASA Pictures Wallpapers [1920 X 1200] HQ - {RedDrago.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\335 Salvador Dali Paintings [Amazing Collection] [1925 to 1983].jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\200 Amazing Cars Wallpapers Full HD 1920 X 1080 [Set 12].jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\Hubble Telescope Desktops (52 JPEGS @ 1920X1200).jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\Vladmodels TANYA y157 Complete (177 sets) by Exmnova.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\100 Best Mobile Wallpapers (240x320) [Set - 3] ~~~AbhinavRocks.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\Fascinating Wallpapers 1280x1024.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\ 1600x1200 XxX.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\777 Interior Design Wallpaper.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\Beaches & Nature Wallpapers.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\900 Amazing Tribal Tattoo Designs 700 X 700.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\Sexy FACEBOOK.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\Historic buildings Wallpapers [HQPictures].jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\Icon Collection Pack 2011 (5296 icons) [InterlinkKnight].jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\Met-Art Collection.jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\400 Super Sexy Girls Wallpapers 1600 X 1200 [Amazing Collection].jpg.pif
  • %TEMP%\647970497E82693F73\FOTOS\Ass wallpapers and other pics.jpg.pif
  • %TEMP%\647970497E82693F73\PROGRAMAS\avast! Pro AV + IS v6.0.1000 Final + Crack [Till 2050] - loco.exe
  • %TEMP%\647970497E82693F73\MUSICA\Big Sean - Finally Famous [album [2011-MP3-Cov] [love Rulz].mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Miguel-All I Want Is You-2010-CR.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\P!nk (Pink) - Raise Your Glass [2010-Single][MJN].mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\The Black Keys [DISCOGRAPHY] [320Kbps].mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Lil.Wayne-Rebirth-Retail.Deluxe.Edition)-2010-[NoFS].mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Kesha - Blow(2010) (320kbps).mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Enrique Iglesias - Tonight (feat. Ludacris)(Dirty)~Struzzin~.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Black Eyed Peas - The Time (The Dirty Bit) 256kbps CDQ [WooZ].mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Cee Lo Green - The Lady Killer (Deluxe) -2010-[SW].mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Lil.Wayne-Im.Not.A.Human.Being.EP-(Retail)-2010-[NoFS].mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Eminem Discography.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Jason Derulo - Don't Wanna Go Home [2011-Single][MJN].mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Chris Brown - Beautiful People (ft. Benny Benassi) [2011-Single].mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Jennifer Lopez - I'm Into You (ft. Lil Wayne) [2011-Single@320].mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Dr. Dre - I Need a Doctor (feat. Eminem) [2011-Single][MJN].mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Kid.Cudi-Man.on.The.Moon.II-The.Legend.of.Mr.Rager-(Retail)-2010.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Coldplay - Every Teardrop Is A Waterfall (2011) Single - woollyt.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Jason Derulo - Dont Wanna Go Home @320kbps (FULL) [PRIME].mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Jeremih - Down On Me (feat. 50 Cent).mp3.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Britney Spears - Femme Fatale (Deluxe Edition-2011).mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Lady GaGa - The Fame Monster 2CDRip 2009 [Cov+2CD][Bubanee].mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Bruno Mars - Just the Way You Are [2010-Single][MJN].mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Florence And The Machine-Between Two Lungs-2CD-2010-CaHeSo.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Lady Antebellum - Need You Now (Retail.2010)'JB59.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Bruno Mars - Grenade.mp3.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Eminem Feat. Rihanna - Love The Way You Lie.mp3.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Nicki Minaj - Pink Friday [2010-MP3-Cov][Bubanee].mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Pitbull - Hey Baby (ft. T-Pain) [2010-Single][MJN].mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Foster the People - Torches [192kbps].mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Bon Iver - Bon Iver [mp3-320-2011][trfkad].mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Wiz Khalifa - Rolling Papers.mp3.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Ironclad 2011 BDRiP XViD-PSiG.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Sucker Punch (2011) DVDRip XviD-MAX.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Hall Pass (2011) DVDRip XviD-MAX.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Bad Teacher 2011 TS XViD DTRG.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\The Veteran (2011) DVDRip XviD-ICE.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\X-Men First Class 2011 R5 LiNE READNFO XViD-IMAGiNE.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Harry Potter and the Deathly Hallows Part 2 2011 TS UnKnOwN.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\The Adjustment Bureau (2011) DVDRip XviD-MAX.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Bridesmaids 2011 TS XViD DTRG.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Just Go with It (2011) DVDRip XviD-MAX.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\I Am Number Four (2011) DVDRip XviD-MAX.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Unknown (2011) DVDRip XviD-MAX.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Cars 2 2011 TS XViD-IMAGiNE.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Harry Potter and the Deathly Hallows Part 1[2010]DVDRip XviD-Ext.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Transformers 3 Dark of the Moon CAMRip V2 RELIZLAB ENGLISH AUDI.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Source Code (2011) DVDRip XviD-MAX.avi.pif
  • %TEMP%\647970497E82693F73\MUSICA\Drake.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Rick Ross-Im On One (Cdq-Dirty)Dj.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Take That - Progress (2010) @ 320kbs.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Dj Khaled Ft Lil Wayne.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Taylor Swift - Fearless.Platinum Edition+Bonus (2009.JB59).mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Shakira Feat. Pitbull - Rabiosa [2011Single] 320 kbps.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Trey.Songz-Passion.Pain.And.Pleasure-(Deluxe.Edition)-2010-[NoFS.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Jason Aldean - My Kinda Party CDRip -2010- [MJN].mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Martin Solveig Feat. Dragonette - Hello.mp3.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\David Guetta-Gettin' Over You (Feat. Fergie & LMFAO).mp3.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Beyonce - Best Thing I Never Had (2nd Single) (iTunes Version).mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\David Guetta ft. Taio Cruz & Ludacris - Little Bad Girl @320kbps.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Katy Perry - Firework [Single 2010].mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\DJ Khaled - We The Best Forever (2011) $AC3$.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Tinie Tempah Ft Eric Turner-Written In The Stars-(Single)-2010-T.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\ Afrojack Nayer - Give Me Everything (Tonight).mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Lil.Wayne-Sorry.4.The.Wait-(Deluxe.Edition)-2011-[NoFS].mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Jessie J - Who You Are 2011 Album [Deluxe Edition].mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Pitbull ft. Ne-Yo.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Now Thats What I Call Music 78 (2011) - 2CD.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Adele - Rolling In the Deep [2010-Single][SW].mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Nicki Minaj - Pink Friday (Deluxe Edition) 2011.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Chris Brown - F.A.M.E Deluxe [2011-MP3-Cov][Bubanee].mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\The_Script-Science_And_Faith-2010-CaHeSo.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Lil Wayne - How To Love (Tha Carter IV) [2011] {mp3}.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Rihanna - Loud [2010-MP3-Cov][Bubanee].mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Chris Brown Ft Lil Wayne & Busta Rhymes - Look At Me Now [Single.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Foo Fighters 2011 Wasting Light 320 Kbps.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Snoop Dogg - Sweat (David Guetta Remix) [2011-Single][SW].mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Jessie J - Price Tag (feat. B.o.B) [2011-Single][MJN].mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Beyonce-4_(Deluxe_Edition)-2CD-2011-VOiCE.mp3.pif
  • %ALLUSERSPROFILE%\Start Menu\Programs\Windows Media Center.exe
  • %TEMP%\647970497E82693F73\MUSICA\Adele - 21 (Limited Edition CD-Rip @320kbps Bonus+Cov) [PRIME].mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Jennifer Lopez - On The Floor (Feat. Pitbull).mp3.pif
  • %ALLUSERSPROFILE%\Start Menu\Windows DVD Maker.exe
  • %HOMEPATH%\1A617E607B3F6A65\396579.exe
  • %HOMEPATH%\Start Menu\Fax y Escaner de Windows.exe
  • %HOMEPATH%\Start Menu\Programs\Internet Explorer.exe
  • %TEMP%\647970497E82693F73\MUSICA\LMFAO - Party Rock Anthem [2011-Single@320][TJ].mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Adele - 21_PROPER_320kbps_VRTX.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Pitbull - Give Me Everything (feat. Ne-Yo) [2011-Single][SW].mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Rihanna - LOUD (2011 With 5 Bonus Tracks).mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Mumford And Sons - Sigh No More (Album).mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\David Guetta feat. Nicki Minaj & Flo Rida - Where Them Girls At.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Kanye West-My Beautiful Dark Twisted Fantasy (Explicit) @320kbps.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Black Eyed Peas - The Beginning (Deluxe Edition) 2010-DOH.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Ke$ha (Kesha) - Animal Deluxe Edition (2010)'JB59.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Fleet Foxes - Helplessness Blues [mp3-320-2011][trfkad].mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Lady Gaga - The Edge Of Glory.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Wiz Khalifa - Black and Yellow [2010-Single@320][TJ].mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Rihanna - Only Girl (In The World) [2010-Single][MJN].mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Katy Perry-Teenage Dream mp3.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Diddy & Dirty Money - I'm Coming Home (feat. Skylar Grey).mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\LMFAO ft. Lauren Bennett & Goon Rock - Party Rock Anthem.mp3.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\100 Dance Club_Hits_Vol.2-2011-.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Nicki Minaj - Super Bass [Single Mp3 2011].mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Adele - 19 (Deluxe Edition).mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Drake-Thank.Me.Later-(Retail)-2010-[NoFS].mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Nicole Scherzinger ft. 50 Cent - Right There @320kbps [PRIME].mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Maroon_5-Hands_All_Over_ (Deluxe_Edition)-2010-DOH.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\The Rolling Stones - Greatest Hits (2008) 320 vtwin88cube.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\ ft. Eric Turner.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Lady Gaga-Born This Way (Special Edition) 2CD 2011-pLAN9.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Alexandra Stan - Mr. Saxobeat 320kbps.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Bruno Mars-Doo Wops And Hooligans-2010-H3X.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Black Eyed Peas - Just Can't Get Enough [2011-Single][SW].mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\500 Oldies Superhits[mp3].mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Katy Perry - Last Friday Night (T.G.I.F.).mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Eminem-Recovery-(Retail)-2010-[NoFS].mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Bruno Mars - The Lazy Song(Radio Edit)[320kbps].mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Kelly Rowland - Motivation (feat. Lil Wayne) [2011-Single][MJN].mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\David Guetta - The Best Of 2010.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Tinie Tempah - Written in the Stars.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Big Sean - Finally Famous (Full Album) [Silver RG] - PR!M3.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Katy Perry & Kanye West - E.T [2011] - Mp3ViLLe.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\Enrique Iglesias - Dirty Dancer Ft Usher & Lil Wayne 2011 (YOUSE.mp3.pif
  • %TEMP%\647970497E82693F73\MUSICA\The Lonely Island - Turtleneck And Chain 2011-FNT.mp3.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Hereafter (2010) DVDRip XviD-MAX.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Faster DVDRip XviD-ARROW.avi.pif
  • %TEMP%\647970497E82693F73\PROGRAMAS\DriverPack Solution 11 (x32-x64) [ Victory].exe
  • %TEMP%\647970497E82693F73\PELICULAS\Robin Hood (2010) UNRATED DVDRip XviD-MAX.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Just Go With It[2011]R5 XviD-ExtraTorrentRG.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Deiva Thirumagal(Tamil 2011)HQ DVDSCR Rip(New)@mastitorrents.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Iron Man 2 (2010) DVDRip XviD-MAX.avi.pif
  • %TEMP%\647970497E82693F73\PROGRAMAS\ADOBE PHOTOSHOP CS5.1 EXTENDED EDITION [thethingy].exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\MICROSOFT OFFICE WORD 2007 [thethingy].exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Nero Burning ROM 10.5.10300 +Serial [UT].exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Nero 10.0 + Serials - DivXNL-Team.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Microsoft Office 2007 Enterprise + Serial Key - {RedDragon}.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Windows 7 Ultimate - 32 Bit (Auto Activation) - Cracked.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\MICROSOFT OFFICE 2010 PERMANENT ACTIVATOR [thethingy].exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Adobe Photoshop CS5 Extended (Crack + Instructions).exe
  • %TEMP%\647970497E82693F73\PELICULAS\The Hit List 2011 BRRip XviD AC3-ELiTE.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Three Kings [malayalam 2011] x264 AAC PDVDRiP@mastitorrents.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Source Code 2011 TS XViD - IMAGiNE.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Transformers.Dark.of.the.Moon.2011.TS.x264.Feel-Free.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Tangled 2010 PPVRip LiNE XviD-TiMPE.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\The.Veteran.2011.SWESUB.DVDRip.XviD-[www.Shareitall.se].avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Jumping.the.Broom.2011.BRRip Xvid AC3 UnKnOwN.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Paul.2011.DVDRip.XviD-ALLiANCE.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Red.Riding.Hood.DVDRip.XviD-DEFACED.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Soul Surfer[2011]BRRip XviD-ExtraTorrentRG.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Jackass 3D UNRATED DVDRip XviD-DEFACED.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\The Hangover (2009) DVDSCR-MAXSPEED.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Due Date BDRip XviD-ARROW.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Fast.Five.2011.SWESUB.PPVRip.XviD-[www.Shareitall.se].avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\How Do You Know 2010 DVDRip XviD-Original.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\The Roommate BDRip XviD-ARROW.avi.pif
  • %TEMP%\647970497E82693F73\PROGRAMAS\ADOBE PREMIERE PRO CS5.5 [thethingy].exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Virtual DJ Pro 7 & Serieal.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\AVS Video Converter V7.1.2.480 + Crack {blaze69}.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Adobe After Effects CS5 [Win][CyberPiraten].exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Windows.7.ULTIMATE.SP1.ALL.EDITIONS.32-64.bit-MAFIAA.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\AVG Internet Security 2011 v10.0.1120 Build 3152 Multi + Serials.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\ADOBE PHOTOSHOP LIGHTROOM 3.4 [thethingy].exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Pinnacle Studio 15 HD Ultimate - by Mick (Full Version).exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Sony Vegas Pro 10 x86-x64 Cracked-TL.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Windows XP Activation Crack.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\MICROSOFT OFFICE 2010 COMBINED EDITION X86 [thethingy].exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\ESET NOD32 Anti-Virus 4.0.468.0-For Life.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Alcohol 120 7 + serial -TrT.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\VLC Media Player.1.1.5.final.updated(windows all).aaaevilacharya.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\PowerISO v4.7 + Serials [ChattChitto RG].exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\WinZip PRO FINAL v15.0 + Serials [ChattChitto RG].exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Virtual DJ v7.0 PRO + Crack [ChattChitto RG].exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Microsoft Office 2010 Professional [CRACKED].exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\WinRAR 3.93 Final 32Bit And 64Bit Full {blaze69}.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Microsoft Office 2010 Professionaus.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Microsoft OFFICE 2010 Pro Plus PRECRACKED.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Adobe.Photoshop.CS5.Extended.v12.Keygen.Only.EMBRACE-Deantjah.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Adobe After Effects CS4 (Final) + Crack [RH].exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Microsoft Windows 7 Ultimate Retail(Final) x86 and x64.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Windows 7 Loader eXtreme Edition v3.503-NAPALUM~DiBYA.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\FRUITY LOOPS Studio Producer Edition 9-cracks incl.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\ADOBE DREAMWEAVER CS5.5 [thethingy].exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\KMS Activator for Microsoft Office 2010 Applications x86 x64 Mul.exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\MICROSOFT OFFICE 2010 WORD X64 [thethingy].exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\ADOBE ILLUSTRATOR CS5.1 [thethingy].exe
  • %TEMP%\647970497E82693F73\PROGRAMAS\Corel Draw X5 with keygen.exe
  • %TEMP%\647970497E82693F73\PELICULAS\Season of the Witch (2011) DVDRip XviD-MAX.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Horrible_Bosses_2011_XViD_CAM_DTRG.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\The Next Three Days (2010) DVDRip XviD-MAX.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Limitless 2011 R5 LiNE XViD - IMAGiNE [NO RAR].avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Inception (2010) DVDRip XviD-MAX.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Delhi Belly 2011 Hindi Pre-DVDRip XviD E-SuB xRG.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Drive Angry (2011) DVDRip XviD-MAX.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Limitless 2011 UNRATED 480p BRRip XviD AC3-AsA.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\The Fighter (2010) DVDRip XviD-MAX.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Bad Teacher (2011) TS XViD - IMAGiNE.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Harry Potter and the Deathly Hallows Part 2 2011 TS X264-ExtraTo.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Gnomeo and Juliet (2011) DVDRip XviD-MAX.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Priest 2011 R5 LiNE AC3 XViD-EP1C.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Zookeeper 2011 CAM Xvid UnKnOwN.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\True Grit (2010) DVDRip XviD-MAX.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\The Way Back (2010) DVDRip XviD-MAX.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Take Me Home Tonight 2011 DVDRip XViD-EP1C.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\The Mountie[2011]DVDRip XviD-ExtraTorrentRG.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Kung Fu Panda 2 2011 TS AC3 XViD-EP1C.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\The Lincoln Lawyer 2011 480p BRRip XviD AC3-AsA.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\The.Hangover.Part.II.2011.TS.XViD-EP1C.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Arthur 2011 DVDRip XviD-TARGET.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Rio (2011) R5 XviD-MAX.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Rango (2011) DVDSCR XviD-MAX.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\TRON Legacy (2010) DVDRip XviD-MAX.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Transformers Dark of the Moon 2011 TS XViD - IMAGiNE.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\No Strings Attached 2011 BDRip XviD-AMIABLE.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Harry Potter and the Deathly Hallows Part 1 DVDRip XviD-MAX.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Paul (2011) DVDRip XviD-MAX.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Zindagi Na Milegi Dobara - DVDScr - XviD - 1CDRip - [DDR].avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Pirates of the Caribbean On Stranger Tides 2011 TS XviD AC3 HQ H.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Transformers 3 Dark Of The Moon TS AC3 CUSTOM DVDR - IMAGiNE.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Unstoppable (2010) DVDRip.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Harry Potter And The Deathly Hallows Part 1 TS XViD - IMAGiNE.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\2012 Ice Age 2011 DVDRip Xvid AC3-Freebee.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Zindagi Na Milegi Dobara 2011 Hindi Pre-DVDRip XviD E-SuB xRG.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Fast Five 2011 PPVRIP IFLIX.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Murder 2 2011 Hindi Pre-DVDRip XviD E-SuB xRG.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\The Chronicles of Narnia 3 (2010) DVDRip XviD-MAX.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Chillar Party - DVDRip - XviD - 1CDRip - [DDR].avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\The Kings.Speech.2010.DVDSCR.XviD.AC3-NYDIC.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Transformers 2 Revenge Of The Fallen DVDRip XviD-MAX.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Fast.and.Furious.5.Rio.Heist.2011.NEW.HQ.VIDEO.TS.XviD.AC3.Hive-.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Horrible Bosses 2011 CAM READNFO XViD - IMAGiNE.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Little Fockers DVDRip XviD-DEFACED.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Green.Lantern.2011.TS.XViD-IMAGiNE.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Kill the Irishman 2011 DVDRip AC3 XviD-CM8.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\YellowBrickRoad.2010.DVDRiP.XviD-UNVEiL.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Thor 2011 TS READNFO XViD - IMAGiNE [NO RAR].avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Beastly 2011 DVDRip XviD AC3-BeFRee.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Battle Los Angeles 2011 R5 XViD-IMAGiNE.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Rango 2011 EXTENDED DVDRip XviD-EXViD.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\The Orgasm Diaries 2010 DVDRip Xvid UnKnOwN.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Jackass 3.5 (2011) DVDRip XviD-EXViD.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Green Lantern 2011 TS XViD-IMAGiNE.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\The.Rite.DVDRip.XviD-ARROW.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\5 Days of War 2011 DVDRip AC3 XViD-EP1C.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\The Mechanic DVDRip XviD-ARROW.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Hanna 2011 R5 LiNE AC3 XViD-EP1C.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\The Mechanic (2011) XVid.AC3.avi English.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\X-Men.First.Class.2011.TS.V2.XViD-EP1C.avi.pif
  • %TEMP%\647970497E82693F73\PELICULAS\Pirates of the Caribbean 4 2011 XViD- MEM [ENG AUDIO].avi.pif
Sets the 'hidden' attribute to the following files:
  • <Drive name for removable media>:\4E6EA4113245613F6F41\5C664F493D7A993F79.exe
  • <Drive name for removable media>:\autorun.inf
  • <Drive name for removable media>:\4E6EA4113245613F6F41\S-1-3-01-4631041401--255085063-464015834-1505\27263F61283F656E3F.exe
  • <Drive name for removable media>:\4E6EA4113245613F6F41\Desktop.ini
  • <Drive name for removable media>:\4E6EA4113245613F6F41\S-1-3-01-4631041401--255085063-464015834-1505\Desktop.ini
Deletes the following files:
  • %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\buscaid[1]
  • %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\okaysearch[1]
  • %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\buscaid[1]
  • <DRIVERS>\etc\hosts
  • <SYSTEM32>\Restore\MachineGuid.txt
Substitutes the HOSTS file.
Network activity:
Connects to:
  • 'www.bu##aid.com':80
  • 'www.ok###earch.com':80
  • 'cl###.#s1.dnsdynnet.com':80
  • 'localhost':1043
TCP:
HTTP GET requests:
  • www.bu##aid.com/?sm#
  • www.bu##aid.com/?af#
  • www.bu##aid.com/?cl#
  • www.bu##aid.com/?xt##
  • www.ok###earch.com/?ad####
  • www.bu##aid.com/?pu#
  • www.bu##aid.com/?ds#
  • www.bu##aid.com/?mt#
  • www.bu##aid.com/?ad#
  • cl###.#s1.dnsdynnet.com/
  • www.bu##aid.com/?xt#
  • www.bu##aid.com/?ms#
  • www.bu##aid.com/?hm#
  • www.bu##aid.com/?co#
UDP:
  • DNS ASK www.bu##aid.com
  • DNS ASK www.ok###earch.com
  • DNS ASK cl###.#s1.dnsdynnet.com
  • DNS ASK wh##.amung.us
Miscellaneous:
Searches for the following windows:
  • ClassName: '(null)' WindowName: '(null)'
  • ClassName: 'IMWindowClass' WindowName: '(null)'
  • ClassName: 'CConvWndBase' WindowName: '(null)'
  • ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
  • ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
  • ClassName: 'Shell_TrayWnd' WindowName: '(null)'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play