Top 10 Alerts

Top 100 Alerts List ...

Latest 10 Malware Files

Latest Files List ...

Testimonials

You guys are freakin' awesome, love the program, love the personalized service, and my pc loves it too :D

Justin S.

More ...

AutoRun Registry Values

Scan your Windows registry for AutoRun

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7570774438-1206233721-681877579-4550\nissan.exe,explorer.exe,[%APPDATA%]\oreaw.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5839512611-0086317403-693320286-0096\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4728478834-7037514011-469655930-5767\winmap.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1738541321-4273844013-057853322-0626\winmap.exe,explorer.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5480861545-6044711988-744220964-1461\winmap32.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\gpp3g.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\mmdg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1915945118-1659106144-121753482-7161\winmap.exe,explorer.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2190535044-5715404191-093851903-8166\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\byvttv.exe,[%APPDATA%]\acyril.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fredg.exe,[%APPDATA%]\kyrnmy.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2406562408-3278050153-817337895-8818\nissan.exe,explorer.exe,[%APPDATA%]\cift.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\ctfmon.exe,[%APPDATA%]\cift.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0584655387-1260105088-215811697-5183\yv8g67.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0552703726-9132167591-028796816-5303\nissan.exe,explorer.exe,[%APPDATA%]\vgdoqo.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, rundll.exe="[%APPDATA%]\rundll.exe "
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\gpp3g.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\rosa1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9604959283-4771407418-700446632-4200\winmap.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\lina1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\lina1\winlogon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\KATALINA1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\KATALINA1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0884678141-9860080259-631266281-7143\nissan.exe,explorer.exe,[%APPDATA%]\ahrg.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\prentis1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\prentis1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\Gladys1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0904732498-9847287442-274107609-1093\nissan.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1974405107-4934816371-493512636-5880\wnzip32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\s1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\s1\winlogon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\a.x.chakraborty1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\a.x.chakraborty1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\mrpky.exe,[%PROFILE%]\csrss.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9400364090-0106050638-891268941-3294\nissan.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5412486852-3271879570-611206497-6352\nissan.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5687787048-1603068170-354162176-2376\nissan.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6107810105-9353419416-431116522-9269\nissan.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2261998463-9919406152-304171097-2494\nissan.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7628197394-1289538793-455242155-8216\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3072690230-2848172379-120019102-7886\nissan.exe,[%APPDATA%]\oreaw.exe,explorer.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Windows Defender=[%APPDATA%]\Winconfigsys.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5444945652-0619325397-675133058-3423\winmap32.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4930886255-8181366195-884802190-1612\nissan.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\shails1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\shails1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew3.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\mpp2g.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\11\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\11\winlogon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\303592321\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\303592321\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyu44.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6780304857-2851867715-504883265-1060\syscr.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MicroNAC=[%SYSTEM_DRIVE%]\NTDR.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew3.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4371056929-1328190302-476202916-9878\nissan.exe,[%APPDATA%]\irvlna.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9910106116-1483779619-910471215-0416\nissan.exe,[%APPDATA%]\pard.exe,[%APPDATA%]\zwog.exe,explorer.exe,[%APPDATA%]\nisgw.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6270466347-7943513749-095713458-3955\nissan.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\SHARMA1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, cfmmon.exe=[%APPDATA%]\Firewall SysScan\cfmmon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\gpp3g.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5907821647-1607569696-268053711-1522\winmap.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,Explorer.exen
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\gpp3g.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7214219807-0114617758-285902514-4678\winmap.exe,explorer.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\prabhu1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\prabhu1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3354644115-1985231685-441790015-1152\nissan.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\Ishleen1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\Ishleen1\winlogon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\XPPRESP31\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\XPPRESP31\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5393774723-4235365201-528637901-2973\winmap32.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7951822611-2329434983-605283234-1770\nissan.exe,explorer.exe,[%APPDATA%]\cift.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6166975029-8713820056-914860826-6630\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4461282418-8204244878-669667625-4538\nissan.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\Sandeep Singh1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\Sandeep Singh1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1377060592-0628388101-646699203-4401\winmap.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\mpp1g.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fjidg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo32.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyj3.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\zwog.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1022936789-6475364941-562852116-2820\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 12CFG914-K641-26SF-N31P=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0850\vsse32.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6178730849-0574994541-262347071-7475\nissan.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4850364891-9235704494-762205516-8486\nissan.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6641032307-6623293853-640607925-1716\nissan.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9387854769-9415122171-845691760-8477\nissan.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7628015452-6287810877-399276466-0236\nissan.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3556199778-0923565537-872187912-6396\nissan.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\c1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\c1\winlogon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\HP1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9145511745-2151697674-725023147-3098\nissan.exe,explorer.exe,[%APPDATA%]\irvlna.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\kpnet1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\kpnet1\winlogon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\dcarrera1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\dcarrera1\winlogon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\ESUPOL1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\ESUPOL1\winlogon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\AnaLy1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\AnaLy1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\Stella1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2865974526-1579678222-094825781-4048\winmap32.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\lsabroso1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\lsabroso1\winlogon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Windowsmp=[%PROFILE%]\WINDOWS\windowsmp.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6072427816-6520825634-182360878-4797\nissan.exe,[%PROFILE_TEMP%]\812.exe,[%PROFILE_TEMP%]\343.exe,[%PROFILE_TEMP%]\842.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1520272069-7911652194-443484227-0147\nissan.exe,explorer.exe,[%APPDATA%]\cift.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\Alan Yoong Yong1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\Alan Yoong Yong1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1048974495-3450874061-124189715-2679\yv8g67.exe,[%PROFILE_TEMP%]\598.exe,[%APPDATA%]\cift.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0812277277-4859441644-953693411-4472\nissan.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2435780696-7931022162-506214227-6588\wnzip32.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\gpp3g.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2411958561-7867620832-696484222-0663\winmap.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1626331855-6392614198-377740922-9154\yv8g67.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2088058492-5968667624-238702177-1116\yv8g67.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0656493720-6696621146-022001551-4780\nissan.exe,explorer.exe,[%APPDATA%]\oabws.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\cift.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6183239805-0305194743-850398740-7605\nissan.exe,explorer.exe,[%APPDATA%]\vgdoqo.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\IZONE1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\IZONE1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\gpp3g.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6649577860-3247929630-439853282-9547\winmap32.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\mac1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\mac1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6636238760-1958751950-822037055-1631\winmap.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7793089764-2085826532-368629221-8615\winmap.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1521760517-4426126366-042572143-3735\winmap.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7178700934-3217480933-790791946-0028\winmap32.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\ctfmon.exe,[%PROFILE%]\csrss.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7245075636-5389579324-107592351-9044\wnzip32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4855074264-7010982603-034939255-8999\nissan.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2387120102-9769748882-744165966-9301\wnzip32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9790192896-0361163317-593705152-1219\sysdate.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9481581719-8615408832-892445457-8213\wnzip32.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2799552826-5911797605-701788200-4689\winmap32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8819986765-5659765006-047038127-7869\winmap32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,explorer.exe "[%PROFILE%]\bpp.exe"
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\RUTH1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, load=[%PROFILE%]\svchost.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, run=[%PROFILE%]\svchost.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\DAVINET1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\DAVINET1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\gpp3g.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0089129052-2880405971-501558787-1216\winmap32.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 32NFG94-H61-2SF-N1P-5M1ERH6L6=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0703850777-3047497145-735126261-3536\winIgn.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0830043194-9091874747-587114644-2585\winmap32.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9654125113-5504296567-823903868-3940\winmap32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4143070844-1489535679-787938979-9405\winmap32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7464601823-0058363610-709952195-1348\winmap32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\gpp3g.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3895385425-4247534693-683328141-6905\winmap32.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8109911773-9629885978-183897519-2914\winmap.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\gpp3g.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\Sandy1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\Sandy1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1000679874-2000177087-164404573-3636\nissan.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3259788225-5439133996-177731918-5958\sysdate.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\gpp3g.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4850014319-7357967172-273218380-7474\winmap.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\mpp2g.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3157289152-3081938805-577312552-8563\sysdrv.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyu44.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2650942159-6357076704-402463456-6445\nissan.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\ENSEСANZA1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\ENSEСANZA1\winlogon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\Giovanny1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\Giovanny1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9161621841-4755515341-672801721-8171\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5697155694-3498233892-241378940-2530\yv8g67.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9936199716-3552246099-935406221-9591\nissan.exe,explorer.exe,[%APPDATA%]\lwtwfl.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5852381194-7711638067-001110703-7699\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2060417135-5729200990-004635175-2573\yv8g67.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2760231831-3649112224-153997081-1362\nissan.exe,explorer.exe,[%APPDATA%]\lwtwfl.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7950207888-4298373392-690997544-2615\yv8g67.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3215971854-0416280864-924976867-9569\nissan.exe,explorer.exe,[%APPDATA%]\lwtwfl.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe,explorer.exe,[%APPDATA%]\kyrnmy.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\gpp3g.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7065375453-1727252136-329576090-4211\winmap32.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8129369155-7580899296-853573574-8193\nissan.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6895916071-3244079685-320594137-6397\nissan.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3612369823-5413984014-253037763-2996\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3183648989-4367068153-037568772-4239\wnzip32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\mpp2g.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyu44.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fjidg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyj3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\mpp1g.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1291159505-7935899685-100922232-9016\wnzip32.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\mmdg.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyu44.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew3.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\mmdg.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 32NFG94-H61-2SF-N1P-5M1ERH6L6=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0426303679-3190956210-940155859-5867\winIgn.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3936210922-4184877872-490832688-3658\yv8g67.exe,[%APPDATA%]\oabws.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1528414422-0923314115-478383235-0904\nissan.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1451\games.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3427754677-4358809482-227775709-6251\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1204407283-2367518543-779455431-5636\winmap.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,Explorer.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 12CFG214-K641-12SF-N55P=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243936033-3052116371-385863508-1815\vsrah.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyu44.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew2.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo32.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew3.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fjidg.exe,explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 32NFG94-H61-2SF-N1P-5M1ERH6L6=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1225654603-3381045638-958320318-6339\winIgn.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyu44.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew2.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fjidg.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 32NFG94-H61-2SF-N1P-5M1ERH6L6=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4457092049-5895986955-589401257-5287\winIgn.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 32NFG94-H61-2SF-N1P-5M1ERH6L6=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9997473219-9231584427-412930027-9733\winIgn.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe,explorer.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\scddf.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4512367016-4310377504-485007543-6555\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1451\games.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3034147227-3404912939-861278975-8240\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 32NFG94-H61-2SF-N1P-5M1ERH6L6=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5965220336-8645930070-765901824-0327\winIgn.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fjidg.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0297369572-6545372581-851724900-5708\nissan.exe,[%APPDATA%]\scddf.exe,explorer.exe,[%APPDATA%]\yxdqln.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5919465396-3084714020-706900861-4582\vhg32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4859223509-6248621100-367250433-4390\vhg32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8846536358-9034941606-198921529-7097\vhg32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8960325949-1023741868-053456435-7145\vhg32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9395901909-5710932077-147600015-6229\vhg32.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4050524919-9028417637-466006588-2344\vhg32.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6956295561-5814096306-140257365-4565\nissan.exe,[%APPDATA%]\scddf.exe,explorer.exe,[%APPDATA%]\yxdqln.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\gpp3g.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2277495822-3453123056-393455777-5431\winmap.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2888971782-1860747451-604654892-9951\nissan.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9259040253-7424686827-224828316-3121\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1976844476-6399545862-114531213-5803\syscr.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyu44.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3424244579-7699731410-635845162-0629\syscr.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyu44.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6907645684-8538492222-711618075-3073\nissan.exe,[%APPDATA%]\kvmm.exe,explorer.exe,[%APPDATA%]\aagx.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1706173619-2607469525-305137571-8448\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2717577544-1967869565-827956813-2290\winmap32.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2202299343-7954655270-883161319-2417\winmap.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo32.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew3.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3272519544-3093944504-603036128-8032\winmap.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7918122704-9928977322-584874163-1872\winmap.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0524386795-2105277173-018832483-5904\winmap.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew3.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo32.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Windows Video Drivers=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8614506648-3287923380-538950755-4171\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4041740571-9113975926-853108595-4834\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3698259526-0544887337-006935278-1849\nissan.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1218592615-0864903378-094069543-6753\MsMxEng.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7317068231-2157673276-259018229-3975\winmap.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7396321540-5554110596-819063443-7840\wmfcgr.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\zwog.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7237615979-3769808846-113402412-6832\nissan.exe,[%APPDATA%]\irvlna.exe,explorer.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4531727301-1499254283-287378996-6521\syscr.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyu44.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4196251530-0739271724-259686608-9588\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5556303988-0236541487-522866479-0891\mgrls32.exe,explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyu44.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1451\games.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyu44.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1065100334-4665018520-232131241-3101\syscr.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\csrss.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3999749997-2381215096-908385752-3541\mwau.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7531683086-9612910522-006691122-2118\wmfcgr.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1940729209-6484340302-971322220-6477\winmap32.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5952692512-2409168658-222684347-8299\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0578565918-4338971913-682499570-1335\vhg32.exe,[%APPDATA%]\rthdti.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1221172332-6166624239-452421345-2366\vhg32.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6197418053-2680242199-819283788-8966\winmap.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyj3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew3.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fjidg.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\pard.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4053191308-6003336558-910008347-0955\nissan.exe,explorer.exe,[%APPDATA%]\zwog.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe,explorer.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\Edwin1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\Edwin1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\zwog.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8525812947-0831875548-438037213-7434\sysdate.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8903054665-8441770100-137401916-0688\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyu44.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4536983077-7139014661-467731005-6342\syscr.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyu44.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7833844777-7572399096-775405003-2519\winmap.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9902378531-2091945503-483670809-5364\winmap.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6522614876-2156407963-184438010-1372\winmap.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8451273414-1618194890-541140212-0327\winmap.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2509433177-1380680160-434142141-3867\winmap.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4816934680-5343421623-212788395-4037\winmap.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9032807015-9548389395-819023776-1724\syscr.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyu44.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0902107200-1509589767-805171998-1310\winmap32.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2581305226-3204929868-402225023-8590\mgrls32.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyu44.exe,[%APPDATA%]\APManager\apmanager.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyu44.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8627806050-4217918060-584358714-1000\syscr.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyu44.exe,[%PROFILE%]\csrss.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6984239151-6255105494-906055536-7571\mgrls32.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyu44.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1065100334-4665018520-232131241-3101\syscr.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1451\games.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyu44.exe,[%PROFILE%]\csrss.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5681812955-6438291154-135484712-6149\mgrls32.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\gpp3g.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7817712326-7266595916-447155431-8627\winmap32.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,Explorer.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\zwog.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0823480559-8893301102-494901648-6437\nissan.exe,[%APPDATA%]\mnryv.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7945015424-8180205946-317832882-8467\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\kyrnmy.exe,explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1433533746-2583423084-578466226-5365\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\mmdg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fjidg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyj3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyu44.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\mpp1g.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe,[%APPDATA%]\kyrnmy.exe,[%APPDATA%]\goyk.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9272614061-1327309523-180845474-7990\mgrls32.exe,Explorer.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,Explorer.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6122325493-8438558000-596008749-0427\nissan.exe,explorer.exe,[%APPDATA%]\nisgw.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE_TEMP%]\bohvby.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6356075032-6068444193-801935270-8745\mgrls32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5034033545-4368423617-752796863-6242\mgrls32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8796935749-4631704847-101175128-9234\mgrls32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8725345123-9167463954-500135049-3924\mgrls32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6806439592-9241857860-316772514-7848\mgrls32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5172966909-3048548891-798819614-2790\mgrls32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3377385345-4057936791-189857462-6287\mgrls32.exe,[%APPDATA%]\kyrnmy.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4654229379-5144669181-134116180-7509\syscr.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3299274789-8940970505-406245951-3325\wmfcgr.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5455276728-2888179021-907274295-8623\syscr.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8103979267-9216893592-765795968-4073\wmfcgr.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3300613087-4087978620-904239748-5798\nissan.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8475795805-4186872108-994362486-5402\nissan.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7090249285-9692220195-276121681-8038\nissan.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0229481408-1754538821-874193470-4118\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0397547299-3130884027-929853073-0462\nissan.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4354954928-9330660487-250706777-0621\sysdate.exe,explorer.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NVIDIA Media Center Library=[%PROFILE%]\Naman1\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4816934680-5343421623-212788395-4037\winmap.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9942724060-4470388133-158777638-8458\upcssc.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8069587809-7337521201-951480328-2946\upcssc.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo32.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 12CFG94-z641-2SF-N31P-5M1ER6H6L1=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3677754073-7111967352-699201509-7915\winigon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 12CFG914-K641-26SF-N32P=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0851\visd32.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7287053301-9305103952-058888296-4618\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0675219507-8059218385-326652490-0686\upcssc.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo32.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8212626408-6220915932-953483443-6437\syscr.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4559422944-9220879621-631332038-9715\syscr.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\fxembk.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3129910127-6249904852-311568268-3167\nissan.exe,explorer.exe,[%APPDATA%]\vuout.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6446461206-8390225658-626846347-2760\nissan.exe,explorer.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1874411502-1444759231-020239329-1669\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1763301893-5062609207-992949376-4125\wmfcgr.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Text Tray Service=tstray.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5064219987-2445315298-356650561-6520\syscr.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8577157881-4735842991-591020440-8792\syscr.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6710725310-3471530119-200654572-2990\wmfcgr.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, winprocsm=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2344348871-565435639-736567348-2995\azmit32.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, waultc=[%APPDATA%]\waultc.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4986554621-0272115771-064435355-9124\winmap32.exe,explorer.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3027662450-5268960647-997323203-1409\nissan.exe,explorer.exe,[%APPDATA%]\gkewzr.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5857518007-8321699829-366817524-5233\winmap32.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2591446757-4254848842-981812208-0527\winmap.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0112320303-8638778291-177383313-9459\nissan.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8325512769-7029724068-122967660-9017\nissan.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, User Agent=[%WINDOWS%]\SysWOW64\fdisk.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1885023834-0672199929-016671656-5728\winmap32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,explorer.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5250011988-4527220925-115979423-1098\winmap.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Update.exe=[%APPDATA%]\Microsoft\update.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2920133834-7036403556-119299060-7549\syscr.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9039172751-9165872556-348270688-7272\wmfcgr.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4489613944-2895903608-880324024-7721\wnzip32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7469085512-7604135843-204956737-6469\wmfcgr.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1725205751-6754394961-533709627-5140\mwau.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2566631882-6791449834-538728225-0736\wnzip32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, llajyn_df=[%WINDOWS%]\system\lljyn090402.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fjidg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew2.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5787128798-6090661522-141419701-5416\winmap88.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\mpp1g.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\mmdg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2230330897-2475698998-486274398-5416\winvnd.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyj3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyu44.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fjidg.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo32.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7665957780-6479835363-741699895-9240\syscr.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1694963895-0866963917-121285281-9942\winmap32.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4943920164-7615600921-823645543-5827\syscr.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0259930274-6938805061-175517721-1570\winmap.exe,explorer.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7665957780-6479835363-741699895-9240\syscr.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0197146414-1691775001-480581301-7626\wmfcgr.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0037943005-6207092478-101319720-4592\winmap32.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0331551093-4114946141-922313820-0196\wmfcgr.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8842701377-0505312634-880992742-2809\syscr.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9459641758-1394838601-395548672-7199\winmap.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0070603516-2142581992-762765117-2928\wmfcgr.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8027330670-0940680215-153691753-1397\msdrive.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyu44.exe,Explorer.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Windows Video Drivers=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1694337030-8372822700-364562204-5906\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1862199874-0395138165-501358127-3000\winmap.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6735258933-5791467295-131060791-6773\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2110338440-9249453954-906306325-4205\winmap.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,Explorer.exen
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6008021513-0678557273-872690187-4236\wmfcgr.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6638033316-7033516093-237768689-9367\syscr.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1271470508-0159931025-685325089-8997\msdrive.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyu44.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2897232763-1176345786-838780606-8301\winmap.exe,explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3659306901-2111840227-202750807-0661\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, csrss.exe=[%WINDOWS%]\csrss.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6841264220-1896098288-639152252-5840\winmap.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, System.web=[%WINDOWS%]\usb.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2390328678-6518493103-110359278-9072\nissan.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4651873546-5040373488-157619104-5996\wnzip32.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3328831852-3865577330-932696451-5690\wnzip32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyu44.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyj3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fjidg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2556123903-9379314877-975525931-1741\wnzip32.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo32.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0197295422-0086287141-375001256-4926\vhg32.exe,explorer.exe,[%PROFILE%]\csrss.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4052347830-7514427269-997901247-8673\wnzip32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\mpp1g.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyj3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fjidg.exe,explorer.exe "[%PROFILE%]\rhm.exe"
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM%]\qazbrnn.exe,[%SYSTEM%]\lsprcxs.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8060422612-9695067781-383128116-9930\yv8g67.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4047191064-0153751275-029203879-8482\wnzip32.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4974641050-6054511893-027340692-3526\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Windows Video Drivers=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9935040755-7612670986-563857507-1957\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0672469127-7521838319-430267942-7740\nissan.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2695967744-1534490336-849785148-4183\wnzip32.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5707731842-4375455870-645775293-8243\wnzip32.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1214307710-2450103258-083580410-5113\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2047124594-1711787412-033973542-3154\winmap.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo32.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew3.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0375440233-9852660181-974660020-6307\wmfcgr.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7426289521-1735880914-851903104-6474\winmap32.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3289311889-8806367575-307480007-2899\syscr.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6346168220-2759721193-728393016-0747\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7204482437-8923666779-344866465-2115\sysdate.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1163171060-7079839678-402793350-8039\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3348795499-7465848793-754063479-9568\wmfcgr.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3289311889-8806367575-307480007-2899\syscr.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6687141216-8993519213-641243396-1842\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3348795499-7465848793-754063479-9568\wmfcgr.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3289311889-8806367575-307480007-2899\syscr.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1955665760-2580964772-492308791-5952\syscr.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3608313852-0231993449-264141574-2180\wmfcgr.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2232482481-6817488335-181518207-1549\nissan.exe,explorer.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1856953392-2681927387-097206440-4811\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fddg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9773065827-8021535245-045290342-9182\winmap32.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4373307850-6808104338-741986814-8651\wnzip32.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4425910766-7599582522-048911049-5653\wnzip32.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7312677549-5560760659-740841376-7777\wmfcgr.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,Explorer.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, ctfmon=[%PROFILE_TEMP%]\ctfmon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2271593534-8665953487-263818023-8350\winmap.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fjidg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8726228604-8940255966-047171158-0104\syscr.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew3.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4359092837-1791575666-993952483-0452\nissan.exe,explorer.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3330947596-9176812310-203524871-8378\wnzip32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9841997202-3533417163-174134701-6995\wnzip32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6440729490-8139261530-382105526-4684\wnzip32.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9369165487-1593771906-807723186-5930\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3266905945-3940358728-683562404-8847\winmap.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, RMedit=[%SYSTEM%]\CSDLL27.doc.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\kvmm.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6907645684-8538492222-711618075-3073\nissan.exe,explorer.exe,[%APPDATA%]\aagx.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, psysnew3=C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew3.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2897232763-1176345786-838780606-8301\winmap.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1216036010-1099703837-532323493-4913\winmap.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4978610288-0886549563-108891535-2791\winmap.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyj3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0319307670-4824765159-076082962-4200\winmap.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5979123814-5498263633-837300706-9194\winmap.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0733422235-4367874052-135773234-9747\winmap.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1467266912-6824266310-555711204-9848\winmap.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6340152952-6726922110-540822159-5353\winmap.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8644944552-5668382612-099738174-0408\winmap.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo32.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew3.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe,C:\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7360123141-5242193912-700105708-6232\nissan.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5441816087-8784651865-682032756-7055\winncr.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5739348500-1549289162-910174914-2072\nissan.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1827958063-6636272942-030573410-0730\msdrive.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1895771178-2464631625-075928157-2127\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8667964413-1178064109-618483254-2922\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\xldhy.exe,[%APPDATA%]\kvmm.exe,[%APPDATA%]\aagx.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0483206413-6209478280-280943034-4548\wnzip32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5525712034-5968843089-436751663-2875\nissan.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1151652003-0997733742-606738059-6096\wnzip32.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5610843837-2428198020-168179998-8148\wnzip32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7094285127-5748723204-963856562-9934\wnzip32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5290793682-4312737314-949586831-8741\winsystem.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1664084034-0142142055-202044519-1010\winsystem.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0879549160-7867296814-817583687-1327\winsystem.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0864141441-5949981458-298151774-4754\nissan.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Windows.exe=[%SYSTEM_DRIVE%]\WINDOWS:Update.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, csrss.exe=[%APPDATA%]\csrss.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 12ZFG94-F641-2SF-K31P-5N1ER6H6L2=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6166287844-5282398860-655859684-6429\service.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2432590084-1068328416-492379094-9249\nissan.exe,[%APPDATA%]\tnzbrg.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8283621398-7895973195-982049032-8889\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyu44.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\mmdg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fjidg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6446836326-4869283121-260474863-7787\winmap.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0875384597-1396975132-426084882-7061\winmap.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew3.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo32.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0483206413-6209478280-280943034-4548\wnzip32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5525712034-5968843089-436751663-2875\nissan.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1151652003-0997733742-606738059-6096\wnzip32.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7863394554-9670278021-852544743-2725\nissan.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3369395566-0477812716-379508452-8913\sysdate.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6804181946-0753422870-186699225-4183\wnzip32.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fjidg.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4765390735-2771941416-105898602-5196\nissan.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8948078492-0480885566-909382329-7646\winsystem.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1142983914-5327374434-434550211-8033\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9181702636-0245488656-859781837-0006\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6024061782-4539925520-616547384-9798\nissan.exe,explorer.exe,[%APPDATA%]\pfrbde.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8150521737-3029359305-456783144-2532\winsystem.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8899043813-8771663553-424338468-2546\winsystem.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1555829574-7231895208-050198400-6445\winsystem.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4416260613-2523466788-796409751-8785\winsystem.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7632069080-6813052563-626170172-9157\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5907794156-9984759636-654725195-3008\wnzip32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6418817940-9641980169-233871451-8416\wnzip32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8644094822-2362154933-390776267-1281\wnzip32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6456993381-8890017039-382422075-0523\wnzip32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0229394984-0205222249-685442619-0297\wnzip32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6500833213-5682558375-788985537-8494\wnzip32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6480199817-5786453111-343134783-1557\wnzip32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4578781675-6748486933-164213301-9900\wnzip32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5080362597-1212819416-308665370-6403\wnzip32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3933233216-4100268045-536847407-7571\wnzip32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1901422031-3052921289-425288367-2783\wnzip32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2541367584-6340140800-641051557-9246\wnzip32.exe,[%SYSTEM_DRIVE%]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5989740307-0318481768-134816438-2991\wnzip32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5907794156-9984759636-654725195-3008\wnzip32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6418817940-9641980169-233871451-8416\wnzip32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8644094822-2362154933-390776267-1281\wnzip32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6456993381-8890017039-382422075-0523\wnzip32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0229394984-0205222249-685442619-0297\wnzip32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6500833213-5682558375-788985537-8494\wnzip32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6480199817-5786453111-343134783-1557\wnzip32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4578781675-6748486933-164213301-9900\wnzip32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5080362597-1212819416-308665370-6403\wnzip32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3933233216-4100268045-536847407-7571\wnzip32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1901422031-3052921289-425288367-2783\wnzip32.exe,[%SYSTEM_DRIVE%]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7907690666-0735227576-588379190-2485\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1530449325-0102152977-662727120-5485\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3689862725-9959267064-241232134-8990\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6013887365-8876092376-631614484-0349\wnzip32.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1689068699-3442579467-188560989-9680\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2673026475-1461434079-670823620-2576\wnzip32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6291489740-6748805310-982971420-8263\wnzip32.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6563975935-2214537196-627116331-3299\nissan.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0894941711-3784203606-654403332-4049\winsystem.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyu44.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4617223245-2314183699-563412924-6952\sysdrv.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1826695740-8395954119-346594417-6577\msdrive.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4877051020-7146311967-431625652-3000\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1044588407-3761062861-221698879-2532\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9820623211-4887914723-435465282-2703\nissan.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9693372255-4824965277-405190025-4575\winsystem.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SafeMass="[%WINDOWS%]\SafeMass.exe"
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8440560342-8716497848-264929805-9399\nissan.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4436992605-4830057373-417323083-1806\wnzip32.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Windows.exe=[%APPDATA%]\Microsoft\windows.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5057468296-2904545816-667727994-6048\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1456\budau44.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyj3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyu44.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6145339372-6074418833-603240245-7932\wnzip32.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6442337931-6676122076-914858945-7246\vesita.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2223459544-3514609624-761113775-3076\wnzip32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8329285496-4859021361-077988516-9140\nissan.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0985381834-3378154958-677102946-5530\vesita.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9396467346-9436390048-190648589-1694\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, csrss.exe=[%PROFILE_TEMP%]\csrss.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5543200454-9909454036-795710037-6126\nissan.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4814659152-9576267638-877022339-5792\winsystem.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1067667852-7538349931-270901961-9953\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2115865623-1361011978-497777070-3148\nissan.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6347976292-7125246699-250047657-4033\wnzip32.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4312928998-0317405710-771542411-2416\nissan.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5953041696-6632283509-843483846-4183\windll.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1542629302-7830534252-843462273-6296\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9858428793-4807668819-988424046-3127\nissan.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9314812520-8769367170-087912639-5219\nissan.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6572385131-2620644269-147483581-4364\nissan.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0574543413-5084189186-135545449-3639\nissan.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6269022910-8724679619-054049140-4062\nissan.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5644846540-9019529522-267664703-0234\winsystem.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2540323151-5532478043-198697632-1054\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1277485827-3615673314-874275292-3201\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6185903738-5604288455-335560190-5688\nissan.exe,explorer.exe,[%APPDATA%]\tnzbrg.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1456\budau44.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyj3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\mmdg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyu44.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6081772607-4327529743-629329446-3066\winmap.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HotKey=[%SYSTEM%]\config\systemprofile\Templates\cache\SFCsrvc.pif
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7139315154-6292740960-871249842-3002\wnzip32.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4340632970-1129167719-210477854-1148\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2821884295-5722835707-630692252-7788\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyu44.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyj3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5967160126-6697089249-961766738-4162\vesita.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fddg.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7088658105-7320435295-214499102-0800\nissan.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4838959937-5798664771-807963167-7892\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6103498076-4412350819-808680147-3489\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4908782323-2046890714-849783504-5753\wnzip32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyj3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5374033989-9427821144-087975934-4238\wnzip32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3655984527-6552522413-730093916-6089\dllhost.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1382983365-2231916813-965449397-5847\vesita.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3046325173-3314442416-830127602-4201\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7593084089-0974848755-477994660-5967\nissan.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6743509777-8565422751-435537194-0846\wnzip32.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyu44.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fjidg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew2.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9350333268-8474953368-524519601-8861\winvnd.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4905319278-2928363484-579806496-7539\nissan.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4598004483-3107485872-888436345-4972\windll.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1774607452-7553169763-066061587-2725\winncr.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9941665584-9760229344-979517262-1814\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 32NFG94-H61-2SF-N1P-5M1ERH6L6=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7721570917-3301097155-522647526-5216\winIgn.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyu44.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew2.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fjidg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe,explorer.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0886291834-7147946541-742955836-5216\wnzip32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1163376648-8256891120-591057900-1260\wnzip32.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1821095419-7996744366-774813688-9389\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8255214096-6946135498-132532839-5578\nissan.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0901922869-3155789204-630387731-8581\sysdate.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4348775050-4311792044-101265270-2195\windll.exe,explorer.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, ming9bstart=[%WINDOWS%]\system\ming9b090423.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 12CFG94-z641-2SF-N31P-5M1ER6H6L1=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8877562361-3627765504-728454376-9827\winigon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew2.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyu44.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fjidg.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1671908359-7392371468-825148409-9390\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4621968881-5454283159-620371628-7513\nissan.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9499970994-8717071572-338188279-3076\wnzip32.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fjidg.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, RMedit=C:\WINDOWS\system32\CSDLL27.doc.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 12CFG94-z641-2SF-N31P-5M1ER6H6L1=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2732659834-6083043361-301199745-3651\winigon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\tnzbrg.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0885362577-4999397943-275150725-7655\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9464465527-5211627277-304897909-1766\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, sysdll=
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, load=[%PROFILE_TEMP%]\1\svchost.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, run=[%PROFILE_TEMP%]\1\svchost.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4175625720-6093160139-481292010-1715\winmap.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,[%SYSTEM_DRIVE%]\recycler\s-1-5-21-4175625720-6093160139-481292010-1715\winmap.exe,[%SYSTEM_DRIVE%]\recycler\s-1-5-21-0243556031-888888379-781863308-1455\psysnew3.exe,[%SYSTEM_DRIVE%]\recycler\s-1-5-21-0243556031-888888379-781863308-1455\psyjo32.exe,[%SYSTEM_DRIVE%]\recycler\s-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe,[%SYSTEM_DRIVE%]\recycler\s-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe,explorer.exe,[%SYSTEM_DRIVE%]\recycler\s-1-5-21-1188969558-3000064090-234538088-2437\winmap.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo32.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2598480351-3101409239-700739804-9247\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Windows Workstation=[%PROFILE_TEMP%]\scvhost.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8206937797-3618484835-073248424-9580\nissan.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3893304293-2470317025-322286634-1978\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2034266862-3565999536-759475158-3458\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2895453899-4373864792-084305293-6782\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 12CFG94-z641-2SF-N31P-5M1ER6H6L1=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5346088376-0187697955-228497653-4163\winigon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew2.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fjidg.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1409811706-2648858589-986105956-1423\nissan.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5307357460-1390154812-471201460-6671\wnzip32.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7531236066-3068873484-874946930-0137\nissan.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2961314333-2236673244-031107196-8821\wnzip32.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8026686096-5565366831-751271343-5913\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 12CFG94-z641-2SF-N31P-5M1ER6H6L1=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6740781315-3199097964-354929863-0789\winigon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew2.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fjidg.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3673161893-7922797436-337471492-3317\winncr.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0713039729-4902785693-783663789-5650\winmap.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2231400727-1689414386-382121313-6204\winncr.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew2.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2740169355-7398854136-451282399-5122\winncr.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6678355961-7316242644-630449373-1359\winmap.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3110298413-3118697513-854451131-2158\winmap.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3530475530-1313768439-835497914-6801\winmap.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7415503367-7080011756-391080660-0578\winmap.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3016238773-7857842580-683502819-2765\winmap.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1812279790-4023661079-520237101-3411\winmap.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3507467053-1237239123-907339842-9139\winmap.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8411202925-6550417849-727215514-4322\winmap.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0743577803-7951758579-025346750-1139\winmap.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1176315350-0122780477-349849632-0115\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0540388566-7171978764-567857060-6304\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 32NFG94-H61-2SF-N1P-5M1ERH6L6=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5781215773-7916067391-868245839-1489\winIgn.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8418983225-6376482227-614957520-9490\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8333335562-1356185278-999685721-2597\winmap.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6773535920-0922890568-151072777-1639\winmap.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3311743224-2130757033-065462414-0079\winmap.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7689796672-4172577988-822090708-7471\winmap.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4182750641-2090139093-169475382-6386\nissan.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0768093043-4494424362-879821858-0185\nissan.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0787418775-3719092545-617433207-0863\msdrive.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\mmdg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fjidg.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 12ZFG94-F641-2SF-K31P-5N1ER6H6L2=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4810668376-1301438003-668078796-0994\service.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0992934375-7969187164-419246343-7809\winvnd.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7774412641-8522101315-894715381-2904\winvnd.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fjidg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\mpp2g.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0898389871-2530187239-974834340-3393\winvnd.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\mpp1g.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 12CFG94-z641-2SF-N31P-5M1ER6H6L1=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9576052629-0146551232-814995432-6097\winigon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Yahoo! Messenger Pager=[%WINDOWS%]\SysWow64\1033\Microsoft\Drivers\Home Video.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Services=[%WINDOWS%]\SysWow64\1033\Microsoft\Drivers\CSRSS.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Windows Idle Process=[%WINDOWS%]\SMSS.EXE
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Windows Video Drivers=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4854165215-2404695885-841412722-1611\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3143012144-5979970129-156963088-1653\winmap88.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\p55bd.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0970194293-5472426058-246913257-9494\winmap88.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8084971344-8974132736-010576140-8707\winmap88.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6990652543-4134736442-875823000-4873\winmap88.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\mmdg.exe,explorer.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 12CFG94-z641-2SF-N31P-5M1ER6H6L1=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1093201882-4314691739-563543095-6724\winigon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fjidg.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 12CFG94-z641-2SF-N31P-5M1ER6H6L1=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4349948156-6903627640-731499948-2960\winigon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 12ZFG94-F641-2SF-K31P-5N1ER6H6L2=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5743395016-3341520652-804494773-2591\service.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 12CFG94-z641-2SF-N31P-5M1ER6H6L1=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9954851340-3574054086-571919472-7941\winigon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Windows Video Drivers=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0958014542-1245209906-773632357-2146\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 12CFG94-z641-2SF-N31P-5M1ER6H6L1=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7696526453-1732279531-068194477-9313\winigon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fddg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fjidg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8513348931-9272135216-105772320-7687\winmap.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4688652812-9646923621-499133252-2631\winmap.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Windows.exe=[%WINDOWS%]\Windows.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, FIREWALL SERVICE=[%SYSTEM_DRIVE%]\RECYCLER\k-1-3542-4232123213-7676767-8888886\xv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, System Service=servise.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, System configuration backup=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8373603172-2273911626-220407631-5310\sysdate.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 12CFG94-z641-2SF-N31P-5M1ER6H6L1=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1220320599-3885737741-179476042-7125\winigon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 74BE16=[%WINDOWS%]\SysWow64\ACF7EF\74BE16.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SystemWindows=[%SYSTEM%]\scvhost.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 32NFG94-H61-2SF-N1P-5M1ERH6L6=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6171093533-6581539958-604798638-1273\winIgn.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 32NFG94-H61-2SF-N1P-5M1ERH6L6=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2081092550-1377417417-766373683-5408\winIgn.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, System configuration backup=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4364758481-0524548229-740267878-0913\sysdate.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 12CFG214-K641-24SF-N85P=C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1859\ls888.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 12CFG613-3641-36SF-N32P=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243336031-3052616379-381863308-0851\visspepe.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Windows Video Drivers=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1875051632-4191801418-687907297-7255\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 9UmxQPSiTJMbA=
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 32NFG94-H61-2SF-N1P-5M1ERH6L6=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1788156453-2949899726-592298452-8335\winIgn.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, System=[%WINDOWS%]\system\winwkh.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MSN=[%SYSTEM%]\Fixdirs32.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Windows Video Drivers=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8095189163-3512138068-005579319-9644\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 12ZFG94-F641-2SF-K31P-5N1ER6H6L2=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0994600393-7166348536-735729996-7466\service.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, load=[%SYSTEM%]\drivers\etc\networks.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, ctfmon=[%WINDOWS%]\ctfmon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MaxBSLoad=[%SYSTEM%]\MaxBSLoad.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, networks=[%WINDOWS%]\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 12CFG94-z641-2SF-N31P-5M1ER6H6L1=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2414154777-9125785014-726010948-9054\winigon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Windows Video Drivers=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8824828104-3843066590-422605535-2762\winlogon.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Verificador do sistema=[%SYSTEM_DRIVE%]\cssrs.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 12ZFG94-F641-2SF-K31P-5N1ER6H6L2=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7571550424-1507336557-762214600-8310\service.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, dllcache32.exe=[%SYSTEM_DRIVE%]\Documents and Settings\All Users\Application Data\dllcache32.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Windows Video Drivers=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4575194009-0249740459-485694756-4301\winlogon.exe

Scan your system registry for FREE

CURIOLAB S.M.B.A., Amagertorv 15, 2, 1160 Copenhagen K, Denmark, +45.36965533