HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "TOY5KNQ8OC" = C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Hm1.exe

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSHNAS\Parameters "ServiceDll" = [REG_EXPAND_SZ, value: C:\WINDOWS\system32\sshnas21.dll]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.cpp ""

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.cpp "ContentType"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.cpp "TemplateUrl"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Desktop Search\Previewers\Extension\.cpp "ScriptOk"

HKEY_CURRENT_USER\Software\TOY5KNQ8OC "Hr0" = tSLPLpWL7R22spR48AI743bz2Kge8sERw0qmuz25hgohx8cxtNMwr8rBWqitGUb/zraVBDDj5hLpEwYXNxEcPXZ9sJFaDKKtXmxIvCsKfL3BUK2YmKdwy0wP+mREmBu3qeV4TyHp6lc/8xIj6ehCR1T2ygeXbopFSi+wcuZzVX7WEc60vs/gvM40+JErmIzaB2QhZba725R1sr2kOfmVOMnMlPUv0JruzRQ9mA==

\Device\Tcp

\Device\Ip

\Device\Ip

\Device\Tcp6

\Device\RasAcd

C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

Open File: \\.\SICE (OPEN_EXISTING)

Open File: \\.\NTICE (OPEN_EXISTING)

Open File: \\.\SIWVIDSTART (OPEN_EXISTING)

Open File: \\.\VMDRV (OPEN_EXISTING)

Open File: \\.\PIPE\ROUTER (OPEN_EXISTING)

http://66.199.229.230/bbgfvdfv.php?data=v26MmjSySdemXz907AUYROBra+ftI9M9b4xfTXYnLRkHCVTSihWLzGqhA0jEdVaN1M6V6shGcAiBMF4QEH bzbYSRtufQpaX/NPttvu7rkw== (workartsstudio.com) 

http://64.20.38.251/logos/2aac1e812a13a04cf10ec85187f31ca7b22154fc7b77b63fec5e37e6648b5f8a317d04508db39388c/64d84457f3e/logo.gif (homeartscenter.com) 

http://94.75.228.24/werber/34f8b457d37/217.gif (multiartshouse.com) 

http://69.10.35.253/perce/9acc6e112a53a02cf1fef83147c3fc073291b47c8b77c66ffccea7e6e42baf7ae11d94007d4333783/24a874f7a37/qwerce.gif (tangoartsshow.com)

http://208.43.125.180/oms.php (yourgot.com)

http://66.197.161.246/resolution.php (motorolam.com) 

http://66.197.161.247/borders.php (easyaw.com)