Top 10 Alerts

Top 100 Alerts List ...

Latest 10 Malware Files

Latest Files List ...

Testimonials

You guys are freakin' awesome, love the program, love the personalized service, and my pc loves it too :D

Justin S.

More ...

AutoRun Registry Values

Scan your Windows registry for AutoRun

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Msn Messsenger=[%SYSTEM%]\regsvr.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\Administrator1\winlogon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\Administrator1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, System Service=[%PROFILE_TEMP%]\Service.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, sys=[%FONTS%]\Fonts.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%WINDOWS%]\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%WINDOWS%]\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 12CFG214-K641-12SF-N85P=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WindowsUpd_=[%APPDATA%]\WindowsUpd_.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\cypressike1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 12CFG94-z641-2SF-N31P-5M1ER6H6L1=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4656932972-3380438997-922002924-8898\winigon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, ef25=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-3467\gg44.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, KM_Path=%SystemRoot%\system32\wbem\cache\files\csrss.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, psysnew=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,explorer.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MSN Messengger=[%SYSTEM%]\MsRun32.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MsServer=msfun80.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, autoMe=wscript.exe "[%WINDOWS%]\janka.vbs"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, autoMe1=wscript.exe "[%WINDOWS%]\janka.vbs"
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MSN Messengger=[%SYSTEM%]\SVRCHOST.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WinC=[%PROFILE_TEMP%]\dovq~.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Msn Messsenger=[%APPDATA%]\regsvr.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, avsp=[%SYSTEM%]\avsp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run, Wks=wdisvcwks.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7570904111-5350020452-890718353-2699\winmap32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,explorer.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3084929914-6617073746-768019922-4397\nissan.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\Flash_Player.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, RunVer=[%SYSTEM%]\RunVer.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, KM_Path=SorryKamba
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\MultiConecTT1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\MultiConecTT1\winlogon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%APPDATA%]\vfbu.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, cfmmon.exe=[%APPDATA%]\Firewall Host\cfmmon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, System=[%PROFILE%]\Music\lst.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, ????????.exe=[%SYSTEM%]\winlog0n.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\svchost.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8477143001-8410586989-324282359-2602\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8477143001-8410586989-324282359-2602\djwi2kcew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, sysdll=SYSDLL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, load=[%PROFILE_TEMP%]\svchost.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, run=[%PROFILE_TEMP%]\svchost.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HotKey=[%PROFILE%]\Templates\cache\SFCsrvc.pif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HotKey=[%PROFILE%]\Templates\cache\SFCsrvc.pif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, User Agent=[%SYSTEM%]\fdisk.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 74BE16=[%SYSTEM%]\ACF7EF\74BE16.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\WinDef.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, nuoiv=[%PROFILE%]\nuoiv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WindowsCMD="[%SYSTEM%]\intlj.exe" primary
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, windll=[%SYSTEM%]\msofficeupdate.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, autoMe=wscript.exe "[%WINDOWS%]\solution.vbs"
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Runonce=[%WINDOWS%]\CSRSS.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, nar=[%WINDOWS%]\nar.vbs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Explorer=[%WINDOWS%]\Windows Explorer.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, dIlhost.exe=[%SYSTEM%]\dIlhost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\Hafidz1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\Hafidz1\winlogon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\62381\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\62381\winlogon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SafeSys=[%PROGRAM_FILES_COMMON%]\SafeSys.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, KM_Path2=SorryKamba
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, KM_Path3=SorryKamba
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, KM_Path4=SorryKamba
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, KM_Path7=SorryKamba
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, KM_Path8=%SystemRoot%\system32\oobe\rule8\files\csrss.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\cbdt1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\cbdt1\winlogon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HLServ=__HLServ.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, kapef=[%PROFILE%]\kapef.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SYS1=[%WINDOWS%]\scvost.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Keyboard=[%COMMON_APPDATA%]\Fearghus\lsass.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, USB2.0=[%COMMON_APPDATA%]\Microsoft\USB2.0\usb-hi.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, zvb0dl2X8tt=[%SYSTEM%]\NVUKZ.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 9UmxQPSiTJMbA=[%SYSTEM%]\NVUKZ.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Intel Management Services v32=[%COMMON_APPDATA%]\mplf\mstime32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, [%PROFILE_TEMP%]\Ev~NeN^e.eXe=[%PROFILE_TEMP%]\Ev~NeN^e.eXe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6634858053-3196226337-658081517-4321\sysdate.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6451099801-8198586803-221629678-3033\sysdate.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0442966719-9583257122-844698271-4402\sysdate.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3129298065-1632091547-523654763-7810\sysdate.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3622990248-5102188806-514229241-9141\sysdate.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9654125113-5504296567-823903868-3940\winmap32.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\gpp3g.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6440273439-0859995262-916026053-0177\nissan.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\explorer.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, kswor50y=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9850\kswor50y.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, kswor98y=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9813\kswor98y.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, k344m122y=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0122\k344m122y.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, kswor18y=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1858\kswor18y.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, KM_Path2=%SystemRoot%\system32\usmt\check\files\smss.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\Windows Defender\wuauclt.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\prashant1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\prashant1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, cfmmon.exe=[%APPDATA%]\Firewall Loader\cfmmon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Windows Messengger=[%SYSTEM%]\ .exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6771670224-6610384092-733603213-8514\djwi2kcew.exe,explorer.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\user1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\HR1\winlogon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\server.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, csrss.exe=[%WINDOWS%]\csrss.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lsasss=c:\lsasss.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4430096264-6109992907-650173820-5200\MsMxEng.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2378323990-4274936923-861691247-7008\MsMxEng.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3484789620-4328522603-815492096-9282\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 13CFG914-K641-26SF-N31P=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0950\vsse33.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7544242169-3479224323-820021279-9311\nissan.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, autoMe=wscript.exe "[%WINDOWS%]\jargon.vbs"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\Windows.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library =[%PROFILE%]\dcse1\winlogon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\afgds6.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Fvbk=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8333\lsvb.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, sdjwe=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1343\jwjqa.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Fgfk=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8763\lsq.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 39654E=[%SYSTEM%]\8B626D\39654E.EXE
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2253073870-8548775339-584437934-0566\sysdate.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4813152647-3751905853-490871595-6179\nvapbar.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3260056462-9344003603-624223121-1612\nvapbar.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2099945046-5738775194-908884198-3464\sysdate.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9943960642-9727318602-821542634-0574\sysdate.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1095445524-2582389845-271334324-1496\sysdate.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\eye.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Windowsmp=[%WINDOWS%]\windowsmp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\Administrador1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\Administrador1\winlogon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\adelicia1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\adelicia1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6064435545-9180648789-311263809-5124\nissan.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\zabrana.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3135339636-1942884308-694751876-8290\djwi2kcew.exe,explorer.exe,[%PROFILE%]\fxmdk.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7424688659-2447076502-940480173-3193\winmap.exe,explorer.exe,[%APPDATA%]\oekx.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\Avatar.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\USUARIO1\winlogon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\WinDefender.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, mswin32=[%SYSTEM%]\wbem\mswin32.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Fredg Application=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fredg.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\psci1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5424094772-4640992787-663011177-4985\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, ef25=C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-3467\gg44.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4315499093-3692142166-115908691-4769\nissan.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\psci1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, games=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1451\games.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Sys32=[%SYSTEM%]\sys32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\Windows Updates\Icrypt.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2092586037-6911112354-503406123-7944\djwi2kcew.exe,explorer.exe,[%PROFILE%]\fxmdk.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2092586037-6911112354-503406123-7944\djwi2kcew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, gfewbd8=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8812\dgfew8.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\deposito1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MsServer=msfir80.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, harodin=[%PROFILE%]\tarantula\smss.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6136959209-5519263840-002797264-1345\wingn.exe,explorer.exe,[%APPDATA%]\oekx.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, dsfewwef=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9804\dsfewefw.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, e6wef=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9667\ew6fw.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\winsit.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, dllcache32.exe=[%SYSTEM%]\dllcache32.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, System Service=[%WINDOWS%]\smss.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4111376051-0080073529-579497531-1575\djwi2kcew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8117675025-3433691942-497687655-0684\djwi2kcew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0549915184-1566328445-707789417-4520\djwi2kcew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9996697234-7408279946-648913035-2179\djwi2kcew.exe,explorer.exe,[%PROFILE%]\xvlof.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\Acer1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\Acer1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6573530591-3178597327-166685584-9013\hd1.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7916392007-0237217020-734568589-4360\sysdate.exe,Explorer.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\Crack.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6021970528-9728735590-393742369-9514\nissan.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\csrss.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, msdll=[%WINDOWS%]\ms1dll0.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, mssky=www.dzaier.sitew.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\noviup.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\lenovo1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\lenovo1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4745375246-2159525285-802066923-2520\sysdate.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, CD8091=[%SYSTEM%]\4B3C99\CD8091.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SYS1=[%SYSTEM%]\explorar.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NoooH=[%WINDOWS%]\Web\Sys.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Microsoft Agent=[%SYSTEM%]\SVCH0ST.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\iexplore.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5808700699-1833870978-923683809-5326\sysdate.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4093396436-7640784010-192683177-8198\yv8g67.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyj3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\mpp1g.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fjidg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew3.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\csrss.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4175320340-6346387623-660111909-7877\nissan.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0467868635-7802842669-547381986-3770\wmiprvse.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\6Z7YB7UHBJ.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\Sunil1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\Sunil1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3541824972-3849623380-172361224-8479\sysdate.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, rundll.exe=[%APPDATA%]\Microsoft\Protect\Credentialsrundll.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\2JT4PMS1VJ.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\reform1\winlogon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, DirLock=[%COMMON_APPDATA%]\Lambda\DirLock.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, LSAgent=[%WINDOWS%]\lsass.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\user1\winlogon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Sys32=[%WINDOWS%]\Sys32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\Setup.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HotKey=[%PROFILE%]\Templates\cache\vmx.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HotKey=[%PROFILE%]\Templates\cache\vmx.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 12CFG214-K641-12SF-N85P=C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Fvbk=C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8333\lsvb.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, sdjwe=C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1343\jwjqa.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Fgfk=C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8763\lsq.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\zdrvj.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7118688058-7086015904-421926865-5065\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, k344m093y=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0318\k344m093y.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, cfmmon.exe=[%SYSTEM%]\cfmmon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5096732809-2315711227-115817231-3206\sysdate.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, load=[%WINDOWS%]\Temp\svchost.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, run=[%WINDOWS%]\Temp\svchost.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Sys-Boot=[%WINDOWS%]\Win-boot.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\msmgr.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\S4crypt.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4100553563-5403779229-985727038-4188\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Swhst=[%APPDATA%]\Bc\swhst.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\Jatinder1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\Jatinder1\winlogon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\94FIPSO49G.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, csrss.exe=[%APPDATA%]\Microsoft\System\Services\csrss.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9460859975-2267562096-579004532-4142\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9397145471-0880460928-179902688-7485\vhg32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3950823886-2049487169-434703155-9954\vhg32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5823884273-5106467360-767699010-6523\vhg32.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8248330916-6057091509-667102699-6237\vhg32.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\raj1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1857069447-0700819625-319994175-1447\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Tjpp1=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\mpp1g.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Tjii321=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fjidg.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Tjpp2=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\mpp2g.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, psysnew3=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew3.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, psuu4=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyu44.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\Abhi1\winlogon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices, MSConfig=[%SYSTEM%]\Uninstalled\lssas.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4188684026-0838497253-189562422-9585\sysdate.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8472835062-9413791919-407252659-9038\sysdate.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4556016757-0504133993-752257187-5504\sysdate.exe,explorer.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, autoMe=wscript.exe "[%WINDOWS%]\auto.vbs"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, mlh=[%PROGRAM_FILES%]\system32.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2762136541-1258840622-640780994-3132\nissan.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\28,6.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0324232222-888888379-781133308-1995\recyclebin.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\fxmdk.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1875419723-5027042842-566171015-6430\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1875419723-5027042842-566171015-6430\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, .Net Recovery=rundll32.exe dotnetfx.dll,repair
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\YEOHPV4PQ2.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\cryptme.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library =[%PROFILE%]\administrator1\winlogon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\FUD.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\divesh1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3276719503-3965872728-023465141-3215\nissan.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6126173227-2247194483-389529585-1040\wnzip32.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\DANIEL1\winlogon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\winnit.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4336412889-5381852382-305289001-9198\djwi2kcew.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5873783877-3480147151-331789497-6600\hdnekbjk.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices, MSN=msnmsg.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, guefae=[%PROFILE%]\guefae.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Fredg Application=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Adobe Reader 9.0=[%SYSTEM%]\wscript.exe /E:vbs [%SYSTEM%]\baseWINDOWS.db
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, baseWINDOWS=[%SYSTEM%]\wscript.exe /E:vbs [%SYSTEM%]\baseWINDOWS.db
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\aegvvp.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0022008802-9087943312-376222437-0359\djwi2kcew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8338620103-9262886854-789221654-0596\djwi2kcew.exe,[%PROFILE%]\cbzvl.exe,explorer.exe,[%PROFILE%]\fxmdk.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\Admin1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\Admin1\winlogon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SystemHealth=[%WINDOWS%]\inf\ssvhost.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, rundll.exe=[%APPDATA%]\Microsoft\Protect\Credentials\rundll.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4336412889-5381852382-305289001-9198\djwi2kcew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7789863834-9828674450-518433915-8567\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4575829896-5119953697-279996231-7823\nissan.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9100245639-2766109794-309634178-1924\nissan.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8774379281-0261550612-206938900-6271\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\vijaya1\winlogon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library =[%PROFILE%]\Proyectista 61\winlogon.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%PROGRAM_FILES%]\Windows Security\csrss.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%PROGRAM_FILES%]\Windows Security\csrss.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, гМбПМПнП.exe=[%SYSTEM%]\winlog0n.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\winprocess.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, csrss.exe=[%APPDATA%]\Microsoft\Protect\Credentials\csrss.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lsasss=[%SYSTEM_DRIVE%]\tempi\ctfmon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, zoorfat=[%SYSTEM%]\zoorfat.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%SYSTEM%]\config\systemprofile\MEENAKSHIMANI$1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9510388159-3084039153-708190938-9490\sysdate.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, RawOs=wscript.exe "[%WINDOWS%]\sowar.vbs"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\update.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, nnmb4w=[%PROFILE_TEMP%]\fisnmn.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices, Punisher_Keyboard=Rundll32.exe Keyboard,Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices, Punisher_Mouse=Rundll32.exe Mouse,Disable
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, psysnew3="[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew3.exe"
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\mmdg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6257296027-8714911280-358691928-0639\wnzip32.exe,explorer.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fjidg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1456\budau44.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyu44.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9220779092-5769945080-999518337-6865\msdrive.exe,explorer.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7874283584-5632708795-863588249-1423\wmfcgr.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\gfernandez1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\gfernandez1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 13CFG914-K641-26SF-N33P=C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0850\vsse66.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 12CFG914-K641-26SF-N31P=C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0850\vsse32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\svchosts3.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SystemWindows=[%PROGRAM_FILES%]\windows nt\accessories\microsoftoperating.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4432294970-3068740650-667280341-4782\sysdate.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4928506644-1798542132-238887328-8528\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7083989476-3753703730-181115836-4385\nissan.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, sys=C:\WINDOWS\Fonts\Fonts.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\webcam.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6199368305-8059189051-034847206-2089\nissan.exe,Explorer.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1247800944-6956602770-689366427-6288\winmap.exe,explorer.exe,[%APPDATA%]\oekx.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\Abhinandan1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9637108988-2906859963-288557312-2146\djwi2kcew.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-2734\ju7bd.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6781448970-3271453653-662040985-9878\djwi2kcew.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-2734\ju7bd.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, sys=[%SYSTEM_DRIVE%]\WINDOWS\Fonts\Fonts.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\2U5Q4ELZKL.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, dllcache32.exe=[%COMMON_APPDATA%]\dllcache32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library =[%PROFILE%]\Hector Reyes1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7736467091-4077209860-754494588-4529\nissan.exe,explorer.exe,[%APPDATA%]\ufxw.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7335217535-2205630708-219691571-9834\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7553186579-5454013166-277712563-1526\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8854602354-1332089010-351773753-9471\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HotKey=[%SYSTEM_DRIVE%]\Documents and Settings\fadi\Templates\cache\SFCsrvc.pif
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3420641781-3621991996-438334829-9051\sysdate.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6937011763-6239973458-573012947-4329\sysdate.exe,explorer.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\Defender.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\rupayan1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\Ramos1\winlogon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library =[%PROFILE%]\Administrador1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-2734\ju7bd.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9037632272-1774773583-478565624-4850\djwi2kcew.exe,EXPLORER.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9037632272-1774773583-478565624-4850\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\bit.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4793449270-5773246376-672280317-9823\djwi2kcew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\nsvb.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8389584357-1825667600-119199823-1538\nissan.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7841446192-3569021122-976635390-2390\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0430928179-7469647189-369733129-4287\djwi2kcew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Intelprc=[%WINDOWS%]\Aas3lovu.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Network=[%WINDOWS%]\netwin.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7007677189-2139711601-959607563-0618\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9422330679-9732461760-898174875-7734\djwi2kcew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, cfmmon.exe="[%APPDATA%]\Firewall Host\cfmmon.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\bpower1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\bpower1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0306297226-4974461135-597592186-6007\nissan.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3382108605-1194543950-084788691-4758\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5117864273-9411990563-020769465-8427\djwi2kcew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7287645112-7281512922-278689564-1600\wnzip32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe,explorer.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5270020574-4771004824-144778778-3404\djwi2kcew.exe,[%PROFILE%]\fswagz.exe,[%PROFILE%]\fxmdk.exe,explorer.exe,[%PROFILE%]\cbzvl.exe,
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3154562417-2577044848-658586654-1935\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2209540489-5801748753-833933252-2977\winmap32.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3030266914-1482978515-125438193-1839\sysdate.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6116498701-6061460051-080119816-1457\djwi2kcew.exe,explorer.exe,[%PROFILE%]\xvlof.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5847127742-5834738732-454597338-8560\djwi2kcew.exe,[%PROFILE%]\xvlof.exe,[%PROFILE%]\aegvvp.exe,explorer.exe,[%PROFILE%]\fxmdk.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\fxmdk.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9986220397-0641625635-001442307-2913\djwi2kcew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5509056308-2357457921-300031492-9085\djwi2kcew.exe,[%PROFILE%]\xvlof.exe,explorer.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5509056308-2357457921-300031492-9085\djwi2kcew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lsasss=[%SYSTEM_DRIVE%]\tempi\csrss.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\jan1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6138524426-6843720507-693125842-8272\wingn.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 12CFG914-K641-26SF-N32P=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0851\vse432.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, msn.exe=[%SYSTEM%]\msn.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\xvlof.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6737795856-2340736309-100023081-4871\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, KM_Path4=%SystemRoot%\system32\oobe\rule\files\smss.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, serv=[%WINDOWS%]\system\SYS.VBS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6183929819-1212461539-774395820-4208\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HotKey=[%SYSTEM_DRIVE%]\Documents and Settings\1\Templates\cache\SFCsrvc.pif
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Windows Update=[%PROFILE_TEMP%]\win_update.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\torrent1.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\test.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8538996218-2512337996-237871602-6972\windll.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9029909611-6390193929-038354850-2613\MsMxEng.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1036262335-5883988805-668215170-2047\nissan.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\girisha1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\girisha1\winlogon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\Jesus1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\Jesus1\winlogon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\lssasPEnon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, msn.exe=[%SYSTEM_DRIVE%]\program-files\Msn.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3609061063-7411475352-524363579-8365\djwi2kcew.exe,[%PROFILE%]\fxmdk.exe,[%PROFILE%]\fswagz.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4614650777-1492137433-324716078-9938\djwi2kcew.exe,explorer.exe,[%PROFILE%]\xvlof.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0028029186-3215219097-081022377-2965\sysdate.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4654627236-3692312231-249312577-8993\djwi2kcew.exe,explorer.exe,[%PROFILE%]\fxmdk.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2441634494-7656678730-702769918-5335\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2942431861-9098972177-153579055-2558\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\tehseen.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\SH-1-5-21877831-88379-708-1455\chromeez.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1897995271-7024101566-978124709-3874\djwi2kcew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresd.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7580284197-6956731406-600505308-3469\MsMxEng.exe,explorer.exe,[%PROFILE%]\fxmdk.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, lsass.exe=[%APPDATA%]\ctfmon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WindowsCMD="[%SYSTEM%]\icardresm.exe" primary
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\eula.1028\PMUPAWAY6X.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, jajfwta=[%PROGRAM_FILES_COMMON%]\Microsoft Shared\cpbgrwr.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, qvjehve=[%PROGRAM_FILES_COMMON%]\System\viuvpfn.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\juan daniel1\winlogon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library =[%PROFILE%]\juan daniel1\winlogon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\EYRAOGE08U.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1208035611-3512508506-522438274-2058\djwi2kcew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2827671478-4759408072-835055486-5008\djwi2kcew.exe,[%PROFILE%]\fxmdk.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5691960225-5149830034-380255735-8567\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2827671478-4759408072-835055486-5008\djwi2kcew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\Allisson1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\fxmdk.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5287539867-5675258124-428388765-9058\djwi2kcew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6382662093-9843635846-826257824-5498\djwi2kcew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresd.exe,explorer.exe,[%PROFILE%]\fxmdk.exe,Explorer.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3466896797-3164861088-951377250-8690\winmap32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\gpp3g.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6191325356-0605271823-329792259-4883\djwi2kcew.exe,[%PROFILE%]\fxmdk.exe,explorer.exe,[%SYSTEM_DRIVE%]\Documents and and,[%SYSTEM_DRIVE%]\Documents Settings\mirsija.djordjevic\fxmdk.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9049248099-2944154955-153553673-8880\winmap32.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\xvlof.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4614650777-1492137433-324716078-9938\djwi2kcew.exe,[%PROFILE%]\fswagz.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0969894099-7567251589-354230592-4815\djwi2kcew.exe,explorer.exe,[%PROFILE%]\fxmdk.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8158223164-6753863214-058694931-8646\djwi2kcew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\SH-1-5-21877831-88379-708-1455\chromeez.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresd.exe,[%PROFILE%]\fxmdk.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3862402997-5727244191-253179564-5855\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3862402997-5727244191-253179564-5855\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8986529355-5051208742-752578201-9676\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4631655878-0387994723-713200266-4330\djwi2kcew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8095048124-6123322080-565426581-2363\sysdate.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1473395092-3096611021-806401740-1381\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9375054912-8128847082-958567805-5421\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\SVLTJ0NANK.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\fxmdk.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1329657533-7264211041-016518290-4210\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Microsoft Windows Update Client=[%WINDOWS%]\services.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5592990605-6702519542-690738046-5502\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2654030974-1054347858-219504628-0463\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\Java.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\ABZA8VQ323.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%SYSTEM_DRIVE%]\Documents and Settings\administrator.QCT-IT-BATCHING.000\administrator1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\batchingp1\winlogon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7930281048-7091771975-270758577-5280\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\USUARIO1\winlogon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4988950445-8918149784-356941983-3297\djwi2kcew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, AASSKK2=[%LOCAL_APPDATA%]\LSASS.EXE
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, ctfmon="[%LOCAL_APPDATA%]\usnscv.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\I67QWWEX3D.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2840420408-9989887287-063879232-9768\sysdate.exe,explorer.exe,K:\KAZAN\marijana.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, WinSecurity=[%WINDOWS%]\uninstall.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, FU=[%SYSTEM%]\FUvirus.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8985168307-0048414186-597407230-0349\sysdate.exe,[%PROFILE%]\ctfmon.exe,explorer.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\FTNONG76FV.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1774098095-0560914135-370450305-8542\djwi2kcew.exe,explorer.exe,[%PROFILE%]\fxmdk.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8580511978-3946077655-725987644-1917\djwi2kcew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\ctfmon.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4540825603-0041691519-395347513-3169\sysinfo.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8985168307-0048414186-597407230-0349\sysdate.exe,explorer.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lsasss=C:\tempi\csrss.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\oekx.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6576379811-4545635923-503978666-2661\winmap.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, imapd="[%SYSTEM%]\imapd.exe" -at
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8571299513-5701107847-223166733-3170\djwi2kcew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4657228839-4017672738-335094365-4384\djwi2kcew.exe,explorer.exe,[%PROFILE%]\fxmdk.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows, load=[%WINDOWS%]\winvdll.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\sree1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\fxmdk.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8081829402-8131360726-850983968-8034\djwi2kcew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5227636819-8086199019-045672308-7528\nissan.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\TOAAN1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\TOAAN1\winlogon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\DQ8JZD910I.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\vijay1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\vijay1\winlogon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, System Lsass=[%WINDOWS%]\lsass.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\fxmdk.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8983465966-4657635726-754290507-4157\djwi2kcew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7840005683-8605217685-874785818-0589\djwi2kcew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9909022704-2820658211-826173252-1322\djwi2kcew.exe,[%PROFILE%]\fxmdk.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9505944598-0320646483-884512699-2143\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\dfgdgdgexe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, KM_Path7=%SystemRoot%\system32\oobe\rule7\files\lsass.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\winup.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4432179724-0401408296-728915675-1391\winmap32.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7948424986-8047080574-443059982-3770\djwi2kcew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1199046228-6758393388-573919408-4617\djwi2kcew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1302248261-4631980506-181598728-7265\djwi2kcew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0586452845-7529588677-876259169-1298\djwi2kcew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1117286307-0162840749-399841066-2917\djwi2kcew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9087496940-2034933224-672583087-7076\djwi2kcew.exe,[%PROFILE%]\fxmdk.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7606985388-9903699395-061339376-7190\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1199046228-6758393388-573919408-4617\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MSN=[%SYSTEM%]\Windirs32.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, rundll.exe=[%PROFILE_TEMP%]\rundll.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\back6,5.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, csrss.exe=[%PROFILE%]\AppData\Roaming\Microsoft\System\Services\csrss.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\NV6S9YUEPN.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, cuebud=[%PROFILE%]\cuebud.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9005040261-2249624706-584880216-2001\djwi2kcew.exe,explorer.exe,[%PROFILE%]\fxmdk.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\fxmdk.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2102340439-7357676895-491292248-7827\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2102340439-7357676895-491292248-7827\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\FTNNQ8V1TN.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\Jayaramulu1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\Jayaramulu1\winlogon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\CPBR095BQI.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9025897620-6316828949-020707832-6232\djwi2kcew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4309683625-0031360471-891718153-8399\djwi2kcew.exe,[%PROFILE%]\fxmdk.exe,[%PROFILE%]\ctfmon.exe,explorer.exe,[%APPDATA%]\juzjf.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\fxmdk.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9255828381-3834691703-674785952-5208\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%PROFILE_TEMP%]\local.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, SafeDrvee=[%PROGRAM_FILES_COMMON%]\SafeDrvee.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2952685975-1207034034-583901142-1722\wnzip32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5999282600-4563453855-417483898-5004\wnzip32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5873084067-0055361786-859292198-9895\nissan.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5595933804-4698875192-762671875-3635\wnzip32.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyj3.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\gonzac231\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\gonzac231\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7164010852-6698114124-428626857-6436\djwi2kcew.exe,[%PROFILE%]\fswagz.exe,explorer.exe,[%PROFILE%]\fxmdk.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9874127608-4427166984-669335804-6562\djwi2kcew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9579119541-7697848520-344411281-9993\nissan.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\Sysupdate.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\JONNY1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\JONNY1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5961101145-9082628077-334194018-1595\nissan.exe,J:\GICAN\PRASICAN.exe,explorer.exe,[%APPDATA%]\rljlz.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3104405137-3515271495-859759651-7213\nissan.exe,explorer.exe,[%PROFILE%]\fxmdk.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\INBOX 61\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2023217014-5929418221-224668301-7053\nissan.exe,Explorer.exen
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1104774769-8524382298-816655525-9613\sysdate.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\abhi1\winlogon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\Administrateur1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\Administrateur1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\GATEWAY SX28001\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5265832232-1769393947-471874649-1338\djwi2kcew.exe,explorer.exe,[%PROFILE%]\fxmdk.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lsasss=[%SYSTEM_DRIVE%]\lsasss.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE_TEMP%]\958.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0344060896-7391370007-858763549-8352\djwi2kcew.exe,[%PROFILE%]\csrss.exe,explorer.exe,[%PROFILE%]\fxmdk.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0344060896-7391370007-858763549-8352\djwi2kcew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\fxmdk.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7386440932-6456838026-138072602-5719\djwi2kcew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9308889835-4818184127-420403356-7535\djwi2kcew.exe,[%PROFILE%]\ctfmon.exe,explorer.exe,[%PROFILE%]\fxmdk.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, USBGuard=[%SYSTEM%]\Y0tninam.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\novi.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0097503047-5132722026-720033870-4806\nissan.exe,explorer.exe,[%PROFILE%]\fxmdk.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\N2HBJ2THOZ.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1105449858-5760357156-951199479-4196\djwi2kcew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, games=C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1451\games.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3485903693-5157308816-339197003-7469\djwi2kcew.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-2734\ju7bd.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8477666370-8648578712-662221791-1035\nissan.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1768206108-3557625679-177767986-4028\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\i4i.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4364706777-1279084232-398508232-8035\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3485903693-5157308816-339197003-7469\djwi2kcew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5148478793-2679953818-660717447-4969\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5148478793-2679953818-660717447-4969\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library =[%PROFILE%]\delphyn1\winlogon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5370580008-3635873666-758538758-1722\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\bs.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3100492007-8638439459-509538897-5706\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6441661917-3263566176-689618819-8280\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, KM_Path3=%SystemRoot%\system32\oobe\mui\files\csrss.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6340925569-1733958687-730998220-8051\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\Arunav1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\Arunav1\winlogon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library =[%PROFILE%]\Duran1\winlogon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\Y6XFIWIB9V.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3688500784-4694413197-522668284-3710\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1168516174-0166187023-180359412-4279\djwi2kcew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5224145516-6360558961-511148925-0477\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5224145516-6360558961-511148925-0477\djwi2kcew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5224145516-6360558961-511148925-0477\djwi2kcew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9206306195-9719213251-581543462-4184\MsMxEng.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4588102663-5962153855-642625942-3104\MsMxEng.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, rundll.exe=[%APPDATA%]\asdf.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7049352528-2174232171-470475138-4607\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, C58BBB=[%SYSTEM%]\BDF405\C58BBB.EXE
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\fxmdk.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6696013984-4810078742-092985996-1305\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6696013984-4810078742-092985996-1305\djwi2kcew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8275738175-4444670137-366741577-7168\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4854274419-5249120558-417230752-3502\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, rundll.exe=[%APPDATA%]\asdf.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3411170215-0978898618-528913980-3807\sysdate.exe,[%APPDATA%]\ygmdrm.exe,explorer.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5810330711-9675337011-711990583-7025\sysdate.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8903267396-2864539005-464016145-5219\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2808648410-7171084583-097947660-6694\djwi2kcew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7350486605-4116360843-354789508-7890\djwi2kcew.exe

Scan your system registry for FREE

CURIOLAB S.M.B.A., Amagertorv 15, 2, 1160 Copenhagen K, Denmark, +45.36965533