HKLM\...\Run: [] => [X]
Replace: C:\Windows\SysWOW64\explorer.exe  C:\Windows\explorer.exe
Search: explorer.exe
C:\ProgramData\ridv.pad
C:\ProgramData\UnhJWFY.pad