by ?
Released in November 2007
Made in China
Dropped Files: c:\autorun.inf Size: 169 bytes c:\pyxefde.exe Size: 27,361 bytes c:\Program Files\meex.exe Size: 27,361 bytes c:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe Size: 27,361 bytes c:\Program Files\Common Files\Microsoft Shared\ghrmbva.inf Size: 169 bytes c:\Program Files\Common Files\System\dosxame.exe Size: 27,361 bytes c:\Program Files\Common Files\System\ghrmbva.inf Size: 169 bytes Added to Registry: HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache "C:\Documents and Settings\Kobayashi\Desktop\xzz.exe" Data: xzz HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "ghrmbva" Data: C:\Program Files\Common Files\System\dosxame.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "pyxefde" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArSwp.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AST.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastU3.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EGHOST.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDsty.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FYFireWall.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ghost.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\irsetup.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isPwdSvc.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KaScrScn.SCR "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSetup.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISLnchr.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMFilter.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPfwSvc.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRepair.com "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KsLoader.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVCenter.kxp "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvfwMcl.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP_1.kxp "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolself.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvReport.kxp "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVScan.kxp "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVStub.kxp "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvupload.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvwsc.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP_1.kxp "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch9x.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchX.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loaddll.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczj.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPFMntor.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QHSET.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQKav.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQSC.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ras.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegClean.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwcfg.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwmain.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safelive.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmartUp.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.EXE "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SysSafe.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UIHost.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAgent.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAttachment.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxCfg.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxFwHlp.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxPol.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upiea.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpLive.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\USBCleaner.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiClean.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zjb.exe "Debugger" Data: C:\Program Files\Common Files\Microsoft Shared\drtwpbx.exe Tested on Windows XP November 13, 2008MegaSecurity