Exterminate It! Antimalware

malpedia

Known threats:700,085 Last Update:March 01, 12:55

Testimonials

WOW!

Real people who answer queries within an hour!

Please don't get bought out by some large, impersonal company. Your customer service is amazing.

I am recommending your product to everyone I meet.

Ainsley

Matcash- Registry Values List

This is a complete list of Matcash registry values collected by Exterminate It!. If you find any of these registry values on your PC, your computer is very likely to be infected with the Matcash - trojan,adware,downloader.

IMPORTANT: Because the registry is a core component of your Windows system, it is strongly recommended that you back up the registry before you begin deleting keys and values. For information about backing up the Windows registry, refer to the Registry Editor online help.
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A284662E901F3D29332016DC76C5C01F37D84BBFD566D55F8540B30A647BA9CC625102CCE7003
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C88332017491394661A64DB7C8F0287E55E246220D9E728F9FC17D446BC57D5375FB0FB68AD6
  • [HKEY_CURRENT_USER\software\microsoft\internet explorer\new windows\allow]*.starsdoor.com=(EMPTY)
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]ipwins=[%PROGRAM_FILES%]\Ipwindows\ipwins.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]words=[%APPDATA%]\words\words.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\faceback.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]winpop=[%PROGRAM_FILES%]\WinPop\winpop.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]wintouch=[%APPDATA%]\WinTouch\WinTouch.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\faceback.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E70CE7C0726B954E2C2832213329D26033AAC
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]winable=[%PROGRAM_FILES%]\WinAble\winable.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]insider=[%PROGRAM_FILES%]\Insider\Insider.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Twain=[%APPDATA%]\Twain\Twain.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JavaCore=[%PROGRAM_FILES%]\JavaCore\JavaCore.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\retadpu11.exe 61A847B5BBF72813338B2B27128065E9C084320161C4661227A755E9C2933154389A
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu1535.exe 61A847B5BBF7281337983D466188719AB689201522886B092CBD44BD8689220221DD3257
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\retadpu2000373.exe 61A847B5BBF72810329B385575FA01F0B3E35B66389E394661AA4EBD86D67C5638C37C1232F30EFC9FD6764B63857F0734AC53B684D67C5767856B092FE642BC9CC7774C76846E132CA758BE9DC57B477184690536A057B286D63C526ADB284534F310FFC29F220E318B2B092EAD1B90C8EF456B4CEF4731119553B686D276527799385672FA16E0DCD66A47
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SpeedRunner=[%APPDATA%]\SpeedRunner\SpeedRunner.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Svconr=[%PROGRAM_FILES%]\Svconr\Svconr.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]svconr=[%PROGRAM_FILES%]\Svconr\Svconr.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\retadpu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A28452DA545E9B1894E754BE54C29159A7DA197C7734672DE3F546CAC59B6
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\faceback.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C88332017491394661A64DB7C8F0287E55E246220D9E728F9FC17D446BC57D5375FB0FB68AD6
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C88332017491394662E902BC9ED7286138F75F2F0C8D6E84A1EF7F506DCD610837FC16E1DCD66A47
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\retadpu32.exe 61A847B5BBF72811308B2B27128065E9C084320161C4661227A755E9C2933154389A
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]getmodule31=[%PROGRAM_FILES%]\GetModule\GetModule31.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A284662E901F3D293314D6ECF32257895769ABCF75D7551F765142DAF48BD8784200C67D36D
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu333.exe 61A847B5BBF728113198284503996897C881250221C8670836AC4FA7C8833201749139
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]sfkg6w=[%APPDATA%]\Microsoft\Windows\scjwaru.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu1423.exe 61A847B5BBF7281336993B466188719AB689201522886B092CBD44BD8689220221DD325762EA4EBF968951185EFC412806867680AEDE604D64C2661373FD13E0DCD66A47
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu2000206.exe 61A847B5BBF72810329B385472FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A284661A64DB7C8F0287E55E246220D9E728F9FC17D446BC57D5170E744AB97
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunDisabled]SpeedRunner=[%APPDATA%]\SpeedRunner\SpeedRunner.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu904.exe 61A847B5BBF7281B329F284503996897C881250221C8670836AC4FA7C8833201749139
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\retadpu1000520.exe 61A847B5BBF72813329B385370F901F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D29332022288670A26F362E9AEE45B6C46E45F351EBB44A793D76257339B385677FB11FD97CB77
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]sfkg6w=[%APPDATA%]\Microsoft\Windows\nepoflqj.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu11.exe 61A847B5BBF72813338B2B27128065E9C084320161C4661227A755E9C2933154389A284662E901F3D2933202228B284662E902BC9ED7286138F75F2F0C8D6E84A1EF7F506DCD610837F810FD97CB77
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu27.exe 61A847B5BBF72810358B2B27128065E9C084320161C4661227A755E9C2933154389A
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]words=[%PROGRAM_FILES%]\Words\Words.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]sfkg6w=[%APPDATA%]\Microsoft\Windows\wvwhpc.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu1535.exe 61A847B5BBF7281337983D466188719AB689201522886B092CBD44BD8689220221DD325762E901F09DDF7618419154310B87659CA5E04E4F70C46E0F2CBC10E6C1863C477ACE
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-]Twain=[%APPDATA%]\Twain\Twain.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu911.exe 61A847B5BBF7281B339A284503996897C881250221C8670836AC4FA7C88332017491394661A64DB7C8F0287E55E24628169510E4A2FB7D4E6FCE7B5F73F80FB68AD6
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\retadpu.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu1148.exe 61A847B5BBF72813339F30466188719AB689201522886B092CBD44BD8689220221DD3257
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]SpeedRunner=[%APPDATA%]\SpeedRunner\SpeedRunner.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D293314D6ECF32257895769ABCF75D7551F765142DAF48BD87822212329A38506CAC59B6
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\faceback.exe 61A847B5BBF72810339D38466188719AB689201522886B092CBD44BD8689220221DD3257
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SpeedRunner=[%SVC_SYS_APPDATA%]\SpeedRunner\SpeedRunner.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\faceback.exe 61A847B5BBF7281337983D466188719AB689201522886B092CBD44BD8689220221DD3257
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu1864.exe 61A847B5BBF728133A9D3C466188719AB689201522886B092CBD44BD8689220221DD3257
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A284662E901F3D2933202228B284662E901F09DDF76184191542B079A7286A2EF7F506DCD610837FE13FD97CB77
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\faceback.exe 61A847B5BBF728133B9C3C466188719AB689201522886B092CBD44BD8689220221DD3257
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD325762EA4EBF968951185EFC412806867680AEDE604D64C2661373F819EBDCD66A47
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\faceback.exe 61A847B5BBF72813329C3C466188719AB689201522886B092CBD44BD8689220221DD3257
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Twain=[%SVC_SYS_APPDATA%]\Twain\Twain.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]MapEDC=[%PROGRAM_FILES%]\MapEDC\MapEDC.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\retadpu2000386.exe 61A847B5BBF72810329B38557AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E77DB6C0736AC53FD97CB770221C46402788A1B8FA5FA5C664DFC5B3A30AC55B296C36710329B38557AFF0FB68AD6
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu1589.exe 61A847B5BBF72813379331466188719AB689201522886B092CBD44BD8689220221DD3257
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\faceback.exe 61A847B5BBF72813349330466188719AB689201522886B092CBD44BD8689220221DD3257
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]sfkg6w=[%APPDATA%]\Microsoft\Windows\rayiou.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\retadpu1000627.exe 61A847B5BBF72813329B385070FE01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E70CE7C0726B954E2C2832214309C26033AAC
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\tsitra420.exe 61A847B5BBF72816309B284503996897C881250221C8670836AC4FA7C88332017491394662E901F3D29332022288670A26F362E9AEE45B6C46E45F351EBB44A793D762573699384827B144
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\faceback.exe 61A847B5BBF7281331993C466188719AB689201522886B092CBD44BD8689220221DD3257
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\tsitra11.exe 61A847B5BBF72813338B2B27128065E9C084320161C4661227A755E9C2933154389A284662E901F3D2933202228B28452DA545E9B1894E754BE54C29159A7DA781DA6650639A394827B144
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\faceback.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\faceback.exe 61A847B5BBF72813349330466188719AB689201522886B092CBD44BD8689220221DD325762E901F3D2933202228B284662E902BC9ED7286738F75F2F0C8D6E84A1EF7F506DCD610837F817EBCA9D775A67
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Sakora=[%PROGRAM_FILES%]\Sakora\Sakora.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=kl
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]sfkg6w=[%APPDATA%]\Microsoft\Windows\gecslr.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\bogus
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]sfkg6w=[%APPDATA%]\Microsoft\Windows\bbwwfivl.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu2000351.exe 61A847B5BBF72810329B385577F801F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\faceback.exe 61A847B5BBF72816379B284503996897C881250221C8670836AC4FA7C8833201749139
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\faceback.exe 61A847B5BBF7281337923F466188719AB689201522886B092CBD44BD8689220221DD3257
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\faceback.exe 61A847B5BBF7281033923C466188719AB689201522886B092CBD44BD8689220221DD3257
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]sfkg6w=[%APPDATA%]\Microsoft\umhsiwp.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\faceback.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\faceback.exe 61A847B5BBF72810309E39466188719AB689201522886B092CBD44BD8689220221DD3257
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\faceback1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D293320221C46402788A1B8FA5DA7C466DDC7B3A2FBB4EB59BDD6713329B385772FF0FB68AD6
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]sfkg6w=[%APPDATA%]\Microsoft\Windows\lkbomtt.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\faceback1044.exe 61A847B5BBF72813329F3C466188719AB689201522886B092CBD44BD8689220221DD3257
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]nvcoi=[%PROGRAM_FILES%]\nvcoi\nvcoi.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\faceback.exe 61A847B5BBF72813329F3C466188719AB689201522886B092CBD44BD8689220221DD3257
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\faceback.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD325762E901F3D1DC7E4638E8323A15806F97BDE4417E6FD967002BA754E2C38B2A0C67D36D
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu1688.exe 61A847B5BBF72813349330466188719AB689201522886B092CBD44BD8689220221DD3257
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\retadpu420.exe 61A847B5BBF72816309B284503996897C881250221C8670836AC4FA7C88332017491394662E901F3D29332016DC76C5C01F37D84BBFD566D55F8541427BD40B782C6261032856D1E27
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\faceback.exe 61A847B5BBF72810319F3C466188719AB689201522886B092CBD44BD8689220221DD3257
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\faceback.exe 61A847B5BBF728113399284503996897C881250221C8670836AC4FA7C8833201749139
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\faceback1974.exe 61A847B5BBF728133B9C3C466188719AB689201522886B092CBD44BD8689220221DD3257
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\faceback1688.exe 61a847b5bbf72813349330466188719ab689201522886b092cbd44bd8689220221dd3257
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\faceback1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\faceback1535.exe 61A847B5BBF7281337983D466188719AB689201522886B092CBD44BD8689220221DD3257
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\faceback2000351.exe 61A847B5BBF72810329B385577F801F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu1000344.exe 61A847B5BBF72813329B385576FD01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E6FD967002BA754E2C28323133A9D26033AAC
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu1688.exe 61A847B5BBF72813349330466188719AB689201522886B092CBD44BD8689220221DD325762EA4EBF96895A185EFC412806867680AEDE604D64C2661373FF19EBDCD66A47
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu922.exe 61A847B5BBF7281B3099284503996897C881250221C8670836AC4FA7C8833201749139
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu27.exe 61A847B5BBF72810358B2B27128065E9C084320161C4661227A755E9C2933154389A28452DA545E9B1894E754BE54C29159A7DBE80DC744B6CDE3A516CAC59B6
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu1535.exe 61A847B5BBF7281337983D466188719AB689201522886B092CBD44BD8689220221DD325762EA4EBF968951185EFC412806867680AEDE604D64C2661373FC12E6DCD66A47
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638EE323A15806F97BDE4417E6FD967002BA754E2C28323133A9D26033AAC
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A284662E901F09DDF7618419154310B87659CA5E04E4F70C46E0F2CBC16E1DCD66A47
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E6FD967002BA754E2C2832213329D26033AAC
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD325762EA4EBF968951185EFC610826A656A0AEDE604D64C2661373F819EBDCD66A47
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu11.exe 61A847B5BBF72813338B2B27128065E9C084320161C4661227A755E9C2933154389A284662E901F3D2933202228B28452DA545E9B1894E754BE54C29159A7DBE80DC744B6CDE39576CAC59B6
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu1868.exe 61A847B5BBF728133A9D30466188719AB689201522886B092CBD44BD8689220221DD3257
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\retadpu1002397.exe 61A847B5BBF72813329B3A557BFE01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu1974.exe 61A847B5BBF728133B9C3C466188719AB689201522886B092CBD44BD8689220221DD3257
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A28452DA545E9B1894E754BE54C29159A7DBE80DC744B6CDE3F546CAC59B6
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C88332017491394661A64DB7C8F0287E55E246220D9E728FC384426A4DE7452311FC16E1DCF64A67
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]sfkg6w=[%APPDATA%]\Microsoft\Windows\obacott.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu1002397.exe 61A847B5BBF72813329B3A557BFE01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]sfkg6w=[%APPDATA%]\Microsoft\Windows\olkyqi.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu2000352.exe 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD325762E902BC9ED7286138F75F2F0C8D6E84A1EF7F506DCD610837F810EBCA9D775A67
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]sfkg6w=[%APPDATA%]\Microsoft\Windows\mnsmkqn.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu1044.exe 61A847B5BBF72813329F3C466188719AB689201522886B092CBD44BD8689220221DD3257
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D2907D4E66914B5C1E9E689DB6FC45715EC67A0924A04FA6C3832212339B3E4827B144
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D2907D4E66914B5C1E9E689DB6FC45715EC67A0924A04FA6C383221333933E4827B144
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu1921.exe 61A847B5BBF728133B9939466188719AB689201522886B092CBD44BD8689220221DD3257
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu1895.exe 61A847B5BBF728133A923D466188719AB689201522886B092CBD44BD8689220221DD325762EA4EBF968951185EFC412806867680AEDE604D64C2661373F118E6DCD66A47
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu1554.exe 61A847B5BBF72813379E3C466188719AB689201522886B092CBD44BD8689220221DD3257
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu1000344.exe 61A847B5BBF72813329B385576FD01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E6FD967002BA754E2C2832211369F26033AAC
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu801.exe 61A847B5BBF7281A329A284503996897C881250221C8670836AC4FA7C8833201749139
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C88332017491394662EA4EBF968951185EFC412806867680AEDE604D64C2661377FE13FD97CB77
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu1423.exe 61A847B5BBF7281336993B466188719AB689201522886B092CBD44BD8689220221DD325762E901F3D29332022288670A26F362E9AEE45B6C46E45F351EA453BC94DA7C57339F3A556CAC59B6
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]sfkg6w=[%APPDATA%]\Microsoft\Windows\nsnyf.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\retadpu77.exe 61A847B5BBF72815358B2B27128065E9C084320161C4661227A755E9C2933154389A284662E902BC9ED7286138F75F2F0C8D6E84A1EF604776CA6C1637FE16FD97CB77
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu1000137.exe 61A847B5BBF72813329B385771FE01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E6FD967002BA754E2C2832213319C26033AAC
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu1645.exe 61A847B5BBF72813349F3D466188719AB689201522886B092CBD44BD8689220221DD325700E902BC9ED7286138F75F0F2CAD4EA481EF7F506DCD610837F817E7C79D775A67
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu1000137.exe 61A847B5BBF72813329B385771FE01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D293314D6ECF32257895769ABCF75D7551F765142DAF48BD87822212329A3B516CAC59B6
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu11.exe 61A847B5BBF72813338B2B27128065E9C084320161C4661227A755E9C2933154389A284662EA4EBF968951185EFC412806867680AEDE604D64C2661373F80FB68AD6
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu860.exe 61A847B5BBF7281A349B284503996897C881250221C8670836AC4FA7C88332017491394662E901F3D293314D6ECF32257895769ABCF75D7551F765142DAF48BD878B24122CCE7003
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]sfkg6w=[%APPDATA%]\Microsoft\Windows\hiorgyj.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]runner1=[%WINDOWS%]\mrofinu1423.exe 61A847B5BBF7281336993B466188719AB689201522886B092CBD44BD8689220221DD3257
  • [HKEY_CURRENT_USER\software\microsoft\internet explorer\new windows\allow] *.starsdoor.com=(EMPTY)
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] insider=[%PROGRAM_FILES%]\Insider\Insider.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] IpWins=[%PROGRAM_FILES%]\Ipwindows\ipwins.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] winable=[%PROGRAM_FILES%]\WinAble\winable.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] winpop=[%PROGRAM_FILES%]\WinPop\winpop.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] winpop=\WinPop\winpop.exe
  • [HKEY_CURRENT_USER\software\winable] remove=ok
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\mrofinu.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\mrofinu1000137.exe 61A847B5BBF72813329B385771FE01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\mrofinu1000140.exe 61A847B5BBF72813329B385776F901F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\mrofinu1044.exe 61A847B5BBF72813329F3C466188719AB689201522886B092CBD44BD8689220221DD325762EA4EBF968951185EFC412806867680AEC1775663CF781373F915E7DCD66A47
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\mrofinu1044.exe 61A847B5BBF72813329F3C466188719AB689201522886B092CBD44BD8689220221DD325762EA4EBF968951185EFC412806867680AEDE604D64C2661373F915E7DCD66A47
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD325762EA4EBF968951185EFC412806867680AEDE604D64C2661373F819EBDCD66A47
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\mrofinu27.exe 61A847B5BBF72810358B2B27128065E9C084320161C4661227A755E9C2933154389A
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\mrofinu450.exe 61A847B5BBF72816379B284503996897C881250221C8670836AC4FA7C88332017491394662E901F3D1DC7E4638E8323A15806F97BDE4417E6FD967002BA754E7C7833C477ACE
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C88332017491394661A64DB7C8F0287E55E246220D9E728F9FC17D446BC57D5375FB0FB68AD6
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C88332017491394662E901F09DDF7618419154310B87659CA5E04E4F70C46E0F2CBC14E4C09D775A67
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A28452DA545E9B1894E754BE54C29159A7DBE80DC744B6CDE3F546CAC59B6
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\mrofinu77.exe 61A847B5BBF72815358B2B27128065E9C084320161C4661227A755E9C2933154389A
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\mrofinu77.exe 61A847B5BBF72815358B2B27128065E9C084320161C4661227A755E9C2933154389A28452DA545E9B1894E754BE54C29159A7DA781DA6650639C3F4827B144
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\mrofinu801.exe 61A847B5BBF7281A329A284503996897C881250221C8670836AC4FA7C8833201749139
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\mrofinu922.exe 61A847B5BBF7281B3099284503996897C881250221C8670836AC4FA7C8833201749139
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E70CE7C0726B954E2C2832213329D26033AAC
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] runner1=[%WINDOWS%]\retadpu1000140.exe 61A847B5BBF72813329B385776F901F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E50EE5C27069974E2C2832210359926231A8C
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\retadpu1000627.exe 61A847B5BBF72813329B385070FE01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D2907D4E66914B5C1E9E689DB6FC45715ED96D1223AD51A6C383221234993F4827B144
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\retadpu11.exe 61A847B5BBF72813338B2B27128065E9C084320161C4661227A755E9C2933154389A
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\retadpu11.exe 61A847B5BBF72813338B2B27128065E9C084320161C4661227A755E9C2933154389A284661A64DB7C8F0287E55E246220D9E728F80D6664366DB7D5773E744AB97
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\retadpu11.exe 61A847B5BBF72813338B2B27128065E9C084320161C4661227A755E9C2933154389A284662E901F09DDF7618419154310B87659CA5E04E5067DF690232BC10E2DCD66A47
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\retadpu11.exe 61A847B5BBF72813338B2B27128065E9C084320161C4661227A755E9C2933154389A284662E901F3D2907D4E66914B5C1E9E689DB6FC45715ED96D1223AD51A6C3823C477ACE
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\retadpu2000219.exe 61A847B5BBF72810329B385473F001F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\retadpu2000352.exe 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\retadpu2000352.exe 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E70CE7C0726B954E1C2832211379926033AAC
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\retadpu2000400.exe 61A847B5BBF72810329B385272F901F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E70CE7C0726B954E1C2832216329B26033AAC
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\retadpu27.exe 61A847B5BBF72810358B2B27128065E9C084320161C4661227A755E9C2933154389A
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\retadpu312.exe 61A847B5BBF728113399284503996897C881250221C8670836AC4FA7C8833201749139
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\retadpu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A28452DA545E9B1894E715BF85C230F957983A2EF604776CA6C1637FE13FD97CB77
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\retadpu77.exe 61A847B5BBF72815358B2B27128065E9C084320161C4661227A755E9C2933154389A
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\retadpu77.exe 61A847B5BBF72815358B2B27128065E9C084320161C4661227A755E9C2933154389A28452DA545E9B1894E754BE54C29159A7DA197C7734672DE3F516CAC59B6
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\retadpu922.exe 61A847B5BBF7281B3099284503996897C881250221C8670836AC4FA7C8833201749139
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\tsitra1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\tsitra1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E76D8611230A810E3C283231234856D1E27
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\tsitra1044.exe 61A847B5BBF72813329F3C466188719AB689201522886B092CBD44BD8689220221DD3257
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\tsitra2000382.exe 61A847B5BBF72810329B38557AFB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E76D8611230A813E3C283211A30856D1E27
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\tsitra572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\tsitra572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C88332017491394661A64DB7C8F0287E55E246220D9E728F86C07B5670CA3D5170E744AB97
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\tsitra77.exe 61A847B5BBF72815358B2B27128065E9C084320161C4661227A755E9C2933154389A
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\retadpu1002300.exe 61A847B5BBF72813329B3A5572F901F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\retadpu11.exe 61A847B5BBF72813338B2B27128065E9C084320161C4661227A755E9C2933154389A28452DA545E9B1894E754BE54C29159A7DA197C7734672DE39576CAC59B6
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\retadpu11.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\retadpu173.exe 61A847B5BBF728133598284503996897C881250221C8670836AC4FA7C8833201749139
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\retadpu2000180.exe 61A847B5BBF72810329B38577AF901F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\retadpu2000373.exe 61A847B5BBF72810329B385575FA01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\retadpu2000373.exe 61A847B5BBF72810329B385575FA01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E70CE7C0726B954E1C2832211359826033AAC
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=[%WINDOWS%]\retadpu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A28452DA545E9B1894E754BE54C29159A7DA197C7734672DE3F546CAC59B6
  • [HKEY_CURRENT_USER\software\classes\clsid\{2862b760-0af0-1033-0729-0529050001}] param1=(EMPTY)
  • [HKEY_CURRENT_USER\software\classes\clsid\{2862b760-0af0-1033-0729-0529050001}] param2=(EMPTY)
  • [HKEY_CURRENT_USER\software\classes\clsid\{2862b760-0af0-1033-0729-0529050001}] param3=(EMPTY)
  • [HKEY_CURRENT_USER\software\classes\clsid\{2862b760-0af0-1033-0729-0529050001}] param4=(EMPTY)
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run] {1862b760-0aef-1033-1203-0503050001}=(EMPTY)
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run] {1862b760-0af1-1033-1203-0503050001}=(EMPTY)
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] insider=(EMPTY)
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] ipwins=(EMPTY)
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] sfkg6w=(EMPTY)
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] winable=(EMPTY)
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] winpop=(EMPTY)
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] wintouch=(EMPTY)
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] words=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] runner1=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] {1862b760-0a21-1033-0729-0529050001}=(EMPTY)