Detected by McAfee as RDN/Generic.dx and by Malwarebytes as Trojan.Agent.AI. Note - this is not the legitimate Acer eRecovery file of the same name which is normally located in %Windir%. This one is located in %AppData%\LaunchApp

Detected by Symantec as W32.Kwbot.R.Worm. Note that the first "l" is a lower case "L" and not an upper case "i"

Detected by McAfee as RDN/Generic.bfr!hp and by Malwarebytes as Backdoor.Agent.E. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "aply4.exe" (which is located in %AppData%\play3) and also adds an illegal HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" entry pointing to the same file

Detected by Malwarebytes as Trojan.Agent. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "app.exe" (which is located in %AppData%)

Detected by Malwarebytes as Backdoor.Agent. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "aqs.exe" (which is located in %Windir%\web, see here)

Detected by Dr.Web as Trojan.DownLoader9.49791 and by Malwarebytes as Trojan.Agent.E

Detected by Malwarebytes as Backdoor.Agent.AF. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "ApplicationFrameHost.exe" (which is located in %AppData%\ApplicationFrameHost)

Detected by Malwarebytes as Trojan.Injector.E. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "appzzh.exe" (which is located in %AppData%)

Detected by Symantec as Backdoor.Cabro. Not to be confused with the valid LoadPowerProfile entry where the command is Rundll32.exe powrprof.dll

Detected by Malwarebytes as Trojan.Injector.MSIL. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "asdf.exe" (which is located in %Temp%\adad, see here)

Detected by Malwarebytes as Trojan.Agent. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "arbt.exe" (which is located in %CommonAppData%\Temp)

Detected by Malwarebytes as Trojan.Injector.E. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "AudoDriver.exe" (which is located in %AppData%\AudioDriver)

Detected by Malwarebytes as Backdoor.Agent.BDB. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "AudioDriver.exe" (which is located in %AppData%\Microsoft\Speech)

Detected by Dr.Web as Trojan.DownLoader10.25966 and by Malwarebytes as Trojan.Agent.DR

Detected by Malwarebytes as Backdoor.Agent.E. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "audiollc.exe" (which is located in %UserTemp%\audiollc)

Detected by Malwarebytes as Trojan.Injector. Note - this entry modifies the legitimate HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" value data to include the file "Audio.exe" (which is located in %AppData%\Audio)

Detected by Malwarebytes as Backdoor.Litmus. The file is located in %Windir%\litmus

Detected by Symantec as W32.Gibe@mm

Detected by McAfee as Downloader-CJD