Regshot 1.8.2
Comments:
Datetime:2012/2/17 20:19:39  ,  2012/3/1 18:50:23
Computer:METROVIV-A55292 , METROVIV-A55292
Username:Administrador , Administrador

----------------------------------
Keys deleted:3
----------------------------------
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012011620120123
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012012320120124
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012012420120125

----------------------------------
Keys added:16
----------------------------------
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{55AB1BE6-FDF1-703C-25BA-48DD3A2DD6E7}
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\hiv
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\txt
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hiv
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hiv\OpenWithList
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\PropSummary
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012030120120302
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\0\2\5
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\1\0\1
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\1\0\1\0
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\163
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\163\Shell
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\164
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\164\Shell
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\165
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\165\Shell

----------------------------------
Values deleted:16
----------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\UnableToDetectTime: "2012-02-17 20:15:14"
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012011620120123\CachePath: "%USERPROFILE%\Configuración local\Historial\History.IE5\MSHist012012011620120123"
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012011620120123\CachePrefix: ":2012011620120123: "
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012011620120123\CacheLimit: 0x00002000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012011620120123\CacheOptions: 0x0000000B
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012011620120123\CacheRepair: 0x00000000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012012320120124\CachePath: "%USERPROFILE%\Configuración local\Historial\History.IE5\MSHist012012012320120124"
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012012320120124\CachePrefix: ":2012012320120124: "
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012012320120124\CacheLimit: 0x00002000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012012320120124\CacheOptions: 0x0000000B
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012012320120124\CacheRepair: 0x00000000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012012420120125\CachePath: "%USERPROFILE%\Configuración local\Historial\History.IE5\MSHist012012012420120125"
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012012420120125\CachePrefix: ":2012012420120125: "
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012012420120125\CacheLimit: 0x00002000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012012420120125\CacheOptions: 0x0000000B
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012012420120125\CacheRepair: 0x00000000

----------------------------------
Values added:148
----------------------------------
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{55AB1BE6-FDF1-703C-25BA-48DD3A2DD6E7}\StubPath: 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 6D 69 73 79 73 2E 65 78 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\MS-DOS Emulation\DisplayParams: 6E 01 00 00 14 01 00 00 10 04 00 00 0F 03 00 00 60 00 00 00 60 00 00 00 24 00 00 00 24 00 00 00 20 00 00 00 4C 00 75 00 63 00 69 00 64 00 61 00 20 00 43 00 6F 00 6E 00 73 00 6F 00 6C 00 65 00 00 00 76 02 10 D8 6B 7E A0 F8 AD 03 2E 79 DA 77 94 F8 AD 03 36 9E 39 7E 08 C9 3A 7E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C4 F8 AD 03 06 F1 75 7E 01 00 00 80 10 D8 6B 7E 00 00 00 00 19 00 02 00 C0 F8 AD 03 A4 03 00 00 00 00 00 00 D8 F8 AD 03 80 F1 75 7E 01 00 00 80 B0 63 8B 7E D0 63 8B 7E
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\f: 72 00 65 00 67 00 73 00 68 00 6F 00 74 00 2E 00 65 00 78 00 65 00 00 00 43 00 3A 00 5C 00 44 00 6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 73 00 20 00 61 00 6E 00 64 00 20 00 53 00 65 00 74 00 74 00 69 00 6E 00 67 00 73 00 5C 00 41 00 64 00 6D 00 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 64 00 6F 00 72 00 5C 00 45 00 73 00 63 00 72 00 69 00 74 00 6F 00 72 00 69 00 6F 00 00 00
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\g: 77 00 69 00 72 00 65 00 73 00 68 00 61 00 72 00 6B 00 2E 00 65 00 78 00 65 00 00 00 43 00 3A 00 5C 00 44 00 6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 6F 00 73 00 5C 00 6E 00 65 00 74 00 77 00 6F 00 72 00 6B 00 00 00
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\a: "C:\Documentos\network\Poison"
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\MRUList: "a"
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\j: "C:\Documents and Settings\Administrador\Escritorio\ORIGINAL.hiv"
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\hiv\a: "C:\Documents and Settings\Administrador\Escritorio\ORIGINAL.hiv"
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\hiv\MRUList: "a"
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\txt\a: "C:\Documents and Settings\Administrador\Escritorio\test.txt"
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\txt\MRUList: "a"
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hiv\OpenWithList\a: "regshot.exe"
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hiv\OpenWithList\MRUList: "a"
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\20: 74 00 65 00 73 00 74 00 2E 00 74 00 78 00 74 00 00 00 40 00 32 00 00 00 00 00 00 00 00 00 00 00 74 65 73 74 2E 6C 6E 6B 00 00 28 00 03 00 04 00 EF BE 00 00 00 00 00 00 00 00 14 00 00 00 74 00 65 00 73 00 74 00 2E 00 6C 00 6E 00 6B 00 00 00 18 00 00 00
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt\3: 74 00 65 00 73 00 74 00 2E 00 74 00 78 00 74 00 00 00 40 00 32 00 00 00 00 00 00 00 00 00 00 00 74 65 73 74 2E 6C 6E 6B 00 00 28 00 03 00 04 00 EF BE 00 00 00 00 00 00 00 00 14 00 00 00 74 00 65 00 73 00 74 00 2E 00 6C 00 6E 00 6B 00 00 00 18 00 00 00
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:Jverfunex.yax: 0A 00 00 00 06 00 00 00 70 45 35 29 DA F7 CC 01
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Nepuvibf qr cebtenzn\Jverfunex\jverfunex.rkr: 0A 00 00 00 06 00 00 00 D0 38 73 29 DA F7 CC 01
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Qbphzragbf\argjbex\qjayqe\2pp1o2ppn8q07o55144141625nrn3r61s2rpn182.rkr: 0A 00 00 00 06 00 00 00 70 4F A8 5B DA F7 CC 01
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprfbevbf\Oybp qr abgnf.yax: 0A 00 00 00 06 00 00 00 10 F3 44 AD DA F7 CC 01
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\PropSummary\Advanced: 0x00000000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012030120120302\CachePath: "%USERPROFILE%\Configuración local\Historial\History.IE5\MSHist012012030120120302"
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012030120120302\CachePrefix: ":2012030120120302: "
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012030120120302\CacheLimit: 0x00002000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012030120120302\CacheOptions: 0x0000000B
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012030120120302\CacheRepair: 0x00000000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{7BD29E01-76C1-11CF-9DD0-00A0C9034933} {55272A00-42CB-11CE-8135-00AA004BB851} 0x401: 00 00 00 00 32 00 30 00 18 3F 3B 1D DA F7 CC 01
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{FF393560-C2A7-11CF-BFF4-444553540000} {55272A00-42CB-11CE-8135-00AA004BB851} 0x401: 00 00 00 00 32 00 30 00 A6 FC DA 1D DA F7 CC 01
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} {000214E8-0000-0000-C000-000000000046} 0x401: 01 00 00 00 32 00 30 00 7A 8D FC 7D DA F7 CC 01
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{7444C719-39BF-11D1-8CD9-00C04FC29D45} {000214E8-0000-0000-C000-000000000046} 0x401: 01 00 00 00 32 00 30 00 EE 33 E6 7E DA F7 CC 01
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{3EA48300-8CF6-101B-84FB-666CCB9BCD32} {000214E8-0000-0000-C000-000000000046} 0x401: 01 00 00 00 32 00 30 00 7E 28 DE 7F DA F7 CC 01
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{883373C3-BF89-11D1-BE35-080036B11A03} {000214E8-0000-0000-C000-000000000046} 0x401: 01 00 00 00 32 00 30 00 14 95 AD 80 DA F7 CC 01
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\0\2\5: 3A 00 31 00 00 00 00 00 61 40 47 94 10 00 64 77 6E 6C 64 72 00 00 24 00 03 00 04 00 EF BE 61 40 45 94 61 40 47 94 14 00 00 00 64 00 77 00 6E 00 6C 00 64 00 72 00 00 00 16 00 00 00
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\0\2\5\NodeSlot: 0x000000A3
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\0\2\5\MRUListEx: FF FF FF FF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\1\0\1: 56 00 31 00 00 00 00 00 81 3E 56 B0 12 00 43 4F 4E 46 49 47 7E 31 00 00 3E 00 03 00 04 00 EF BE 53 3C CD 92 61 40 42 94 14 00 00 00 43 00 6F 00 6E 00 66 00 69 00 67 00 75 00 72 00 61 00 63 00 69 00 F3 00 6E 00 20 00 6C 00 6F 00 63 00 61 00 6C 00 00 00 18 00 00 00
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\1\0\1\0\NodeSlot: 0x000000A5
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\1\0\1\0\MRUListEx: FF FF FF FF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\1\0\1\NodeSlot: 0x000000A4
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\1\0\1\MRUListEx: 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\1\0\1\0: 34 00 31 00 00 00 00 00 51 40 50 A3 10 00 54 65 6D 70 00 00 20 00 03 00 04 00 EF BE 53 3C CD 92 61 40 72 94 14 00 00 00 54 00 65 00 6D 00 70 00 00 00 14 00 00 00
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\10\Shell\MinPos1040x783(1).x: 0xFFFFFFFF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\10\Shell\MinPos1040x783(1).y: 0xFFFFFFFF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\10\Shell\MaxPos1040x783(1).x: 0xFFFFFFFF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\10\Shell\MaxPos1040x783(1).y: 0xFFFFFFFF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\10\Shell\WinPos1040x783(1).left: 0x00000022
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\10\Shell\WinPos1040x783(1).top: 0x00000000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\10\Shell\WinPos1040x783(1).right: 0x00000342
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\10\Shell\WinPos1040x783(1).bottom: 0x00000258
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\10\Shell\ScrollPos1040x783(1).x: 0x00000000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\10\Shell\ScrollPos1040x783(1).y: 0x00000000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\9\Shell\MinPos1040x783(1).x: 0xFFFFFFFF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\9\Shell\MinPos1040x783(1).y: 0xFFFFFFFF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\9\Shell\MaxPos1040x783(1).x: 0xFFFFFFFF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\9\Shell\MaxPos1040x783(1).y: 0xFFFFFFFF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\9\Shell\WinPos1040x783(1).left: 0x00000022
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\9\Shell\WinPos1040x783(1).top: 0x00000000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\9\Shell\WinPos1040x783(1).right: 0x00000342
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\9\Shell\WinPos1040x783(1).bottom: 0x00000258
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\9\Shell\ScrollPos1040x783(1).x: 0x00000000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\9\Shell\ScrollPos1040x783(1).y: 0x00000000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\163\Shell\FolderType: "Documents"
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\163\Shell\MinPos1040x783(1).x: 0xFFFF8300
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\163\Shell\MinPos1040x783(1).y: 0xFFFF8300
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\163\Shell\MaxPos1040x783(1).x: 0xFFFFFFFF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\163\Shell\MaxPos1040x783(1).y: 0xFFFFFFFF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\163\Shell\WinPos1040x783(1).left: 0x00000009
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\163\Shell\WinPos1040x783(1).top: 0x00000011
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\163\Shell\WinPos1040x783(1).right: 0x00000329
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\163\Shell\WinPos1040x783(1).bottom: 0x00000269
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\163\Shell\Rev: 0x00000000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\163\Shell\WFlags: 0x00000000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\163\Shell\ShowCmd: 0x00000001
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\163\Shell\FFlags: 0x00000001
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\163\Shell\HotKey: 0x00000000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\163\Shell\Buttons: 0xFFFFFFFF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\163\Shell\Links: 0x00000000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\163\Shell\Address: 0xFFFFFFFF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\163\Shell\Vid: "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}"
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\163\Shell\Mode: 0x00000006
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\163\Shell\ScrollPos1040x783(1).x: 0x00000000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\163\Shell\ScrollPos1040x783(1).y: 0x00000000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\163\Shell\Sort: 0x00000000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\163\Shell\SortDir: 0x00000001
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\163\Shell\Col: 0xFFFFFFFF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\163\Shell\ColInfo: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FD DF DF FD 0F 00 04 00 20 00 10 00 28 00 3C 00 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 B4 00 60 00 78 00 78 00 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\164\Shell\FolderType: "Documents"
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\164\Shell\MinPos1040x783(1).x: 0xFFFFFFFF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\164\Shell\MinPos1040x783(1).y: 0xFFFFFFFF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\164\Shell\MaxPos1040x783(1).x: 0xFFFFFFFF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\164\Shell\MaxPos1040x783(1).y: 0xFFFFFFFF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\164\Shell\WinPos1040x783(1).left: 0x00000022
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\164\Shell\WinPos1040x783(1).top: 0x00000000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\164\Shell\WinPos1040x783(1).right: 0x00000342
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\164\Shell\WinPos1040x783(1).bottom: 0x00000258
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\164\Shell\Rev: 0x00000000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\164\Shell\WFlags: 0x00000000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\164\Shell\ShowCmd: 0x00000001
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\164\Shell\FFlags: 0x00000001
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\164\Shell\HotKey: 0x00000000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\164\Shell\Buttons: 0xFFFFFFFF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\164\Shell\Links: 0x00000000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\164\Shell\Address: 0xFFFFFFFF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\164\Shell\Vid: "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}"
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\164\Shell\Mode: 0x00000006
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\164\Shell\ScrollPos1040x783(1).x: 0x00000000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\164\Shell\ScrollPos1040x783(1).y: 0x00000000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\164\Shell\Sort: 0x00000000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\164\Shell\SortDir: 0x00000001
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\164\Shell\Col: 0xFFFFFFFF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\164\Shell\ColInfo: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FD DF DF FD 0F 00 04 00 20 00 10 00 28 00 3C 00 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 B4 00 60 00 78 00 78 00 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\165\Shell\FolderType: "Documents"
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\165\Shell\MinPos1040x783(1).x: 0xFFFF8300
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\165\Shell\MinPos1040x783(1).y: 0xFFFF8300
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\165\Shell\MaxPos1040x783(1).x: 0xFFFFFFFF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\165\Shell\MaxPos1040x783(1).y: 0xFFFFFFFF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\165\Shell\WinPos1040x783(1).left: 0x000000E5
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\165\Shell\WinPos1040x783(1).top: 0x0000001E
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\165\Shell\WinPos1040x783(1).right: 0x00000405
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\165\Shell\WinPos1040x783(1).bottom: 0x00000276
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\165\Shell\Rev: 0x00000000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\165\Shell\WFlags: 0x00000000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\165\Shell\ShowCmd: 0x00000001
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\165\Shell\FFlags: 0x00000001
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\165\Shell\HotKey: 0x00000000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\165\Shell\Buttons: 0xFFFFFFFF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\165\Shell\Links: 0x00000000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\165\Shell\Address: 0xFFFFFFFF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\165\Shell\Vid: "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}"
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\165\Shell\Mode: 0x00000006
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\165\Shell\ScrollPos1040x783(1).x: 0x00000000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\165\Shell\ScrollPos1040x783(1).y: 0x00000000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\165\Shell\Sort: 0x00000000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\165\Shell\SortDir: 0x00000001
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\165\Shell\Col: 0xFFFFFFFF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\165\Shell\ColInfo: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FD DF DF FD 0F 00 07 00 2C 00 10 00 3A 00 4E 00 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 04 00 00 00 05 00 00 00 06 00 00 00 B4 00 60 00 78 00 78 00 B4 00 B4 00 78 00 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\Explorer.EXE: "Explorador de Windows"
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\system32\zipfldr.dll: "Carpetas comprimidas (en zip) "
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\SHELL32.dll,-8503: "&Buscar..."
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\mycomput.dll,-400: "Administ&rar"
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\SHELL32.dll,-22923: "Programa tareas del equipo para que se ejecuten automáticamente."
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-21765: "Datos de programa"
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-12693: "Favoritos"
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-21786: "Menú Inicio"
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Archivos de programa\Wireshark\wireshark.exe: "Wireshark"
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documentos\network\dwnldr\2cc1b2cca8d07b55144141625aea3e61f2eca182.exe: "2cc1b2cca8d07b55144141625aea3e61f2eca182"
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\@%SystemRoot%\system32\shell32.dll,-22563: "Crea y modifica archivos de texto usando formato de texto básico."
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-31326: "Oculta los elementos almacenados en esta carpeta para protegerlos de ser cambiados o eliminados."
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\system32\taskmgr.exe: "Administrador de tareas de Windows"

----------------------------------
Values modified:99
----------------------------------
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: BC A0 D6 D3 FC 1E 1C 31 36 15 A2 63 D0 38 E1 95 7C 8F 72 4F 91 70 1F 79 36 68 DF D1 46 A3 65 FE FD 6F AD 05 BC 48 18 4A AF 0C 7B 97 45 D4 7B 7E F2 CD 13 F3 E8 8B 04 97 D4 BB 20 7A A9 17 FD 49 A7 71 E0 78 A0 E9 B5 3A 51 14 2F 65 F0 E3 C0 D7
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: C6 B0 B3 5B 45 40 B1 EE 8C 22 0F E1 F0 F3 4E DC D3 C7 95 8D F5 91 59 99 80 2E E0 ED 16 30 61 49 DA AD F9 D7 70 DF 51 7D 24 C2 96 7E 53 73 27 86 58 B3 E5 A3 C2 69 BF 2E B2 D9 01 B7 09 A7 AC 33 E1 56 2E 5B 14 F8 7D 5E CF A1 E3 8B 73 37 31 1D
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\NextDetectionTime: "2012-02-18 01:15:14"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\NextDetectionTime: "2012-03-02 15:25:47"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Detect\LastSuccessTime: "2012-01-29 19:32:20"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Detect\LastSuccessTime: "2012-03-01 18:33:28"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Detect\LastError: 0x80072EE2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Detect\LastError: 0x00000000
HKLM\SYSTEM\ControlSet001\Services\Dhcp\Parameters\{2572D52C-3E88-4EC2-9E36-2DD4F95FD063}: 2C 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 88 BB 3E 4F C0 A8 C5 02 06 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 88 BB 3E 4F C0 A8 C5 02 03 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 88 BB 3E 4F C0 A8 C5 02 0F 00 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 88 BB 3E 4F 6C 6F 63 61 6C 64 6F 6D 61 69 6E 00 01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 88 BB 3E 4F FF FF FF 00 36 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 88 BB 3E 4F C0 A8 C5 FE 35 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 88 BB 3E 4F 05 00 00 00 FC 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D8 B4 3E 4F 33 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 88 BB 3E 4F 00 00 07 08
HKLM\SYSTEM\ControlSet001\Services\Dhcp\Parameters\{2572D52C-3E88-4EC2-9E36-2DD4F95FD063}: 2C 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 CC CA 4F 4F C0 A8 C5 02 06 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 CC CA 4F 4F C0 A8 C5 02 03 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 CC CA 4F 4F C0 A8 C5 02 0F 00 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 CC CA 4F 4F 6C 6F 63 61 6C 64 6F 6D 61 69 6E 00 01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 CC CA 4F 4F FF FF FF 00 33 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 CC CA 4F 4F 00 00 07 08 36 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 CC CA 4F 4F C0 A8 C5 FE 35 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 CC CA 4F 4F 05 00 00 00
HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Epoch\Epoch: 0x00000849
HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Epoch\Epoch: 0x0000084D
HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2572D52C-3E88-4EC2-9E36-2DD4F95FD063}\LeaseObtainedTime: 0x4F3EB480
HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2572D52C-3E88-4EC2-9E36-2DD4F95FD063}\LeaseObtainedTime: 0x4F4FC3C4
HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2572D52C-3E88-4EC2-9E36-2DD4F95FD063}\T1: 0x4F3EB804
HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2572D52C-3E88-4EC2-9E36-2DD4F95FD063}\T1: 0x4F4FC748
HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2572D52C-3E88-4EC2-9E36-2DD4F95FD063}\T2: 0x4F3EBAA7
HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2572D52C-3E88-4EC2-9E36-2DD4F95FD063}\T2: 0x4F4FC9EB
HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2572D52C-3E88-4EC2-9E36-2DD4F95FD063}\LeaseTerminatesTime: 0x4F3EBB88
HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2572D52C-3E88-4EC2-9E36-2DD4F95FD063}\LeaseTerminatesTime: 0x4F4FCACC
HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2572D52C-3E88-4EC2-9E36-2DD4F95FD063}\DhcpRetryTime: 0x0000037F
HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2572D52C-3E88-4EC2-9E36-2DD4F95FD063}\DhcpRetryTime: 0x00000384
HKLM\SYSTEM\ControlSet001\Services\{2572D52C-3E88-4EC2-9E36-2DD4F95FD063}\Parameters\Tcpip\LeaseObtainedTime: 0x4F3EB480
HKLM\SYSTEM\ControlSet001\Services\{2572D52C-3E88-4EC2-9E36-2DD4F95FD063}\Parameters\Tcpip\LeaseObtainedTime: 0x4F4FC3C4
HKLM\SYSTEM\ControlSet001\Services\{2572D52C-3E88-4EC2-9E36-2DD4F95FD063}\Parameters\Tcpip\T1: 0x4F3EB804
HKLM\SYSTEM\ControlSet001\Services\{2572D52C-3E88-4EC2-9E36-2DD4F95FD063}\Parameters\Tcpip\T1: 0x4F4FC748
HKLM\SYSTEM\ControlSet001\Services\{2572D52C-3E88-4EC2-9E36-2DD4F95FD063}\Parameters\Tcpip\T2: 0x4F3EBAA7
HKLM\SYSTEM\ControlSet001\Services\{2572D52C-3E88-4EC2-9E36-2DD4F95FD063}\Parameters\Tcpip\T2: 0x4F4FC9EB
HKLM\SYSTEM\ControlSet001\Services\{2572D52C-3E88-4EC2-9E36-2DD4F95FD063}\Parameters\Tcpip\LeaseTerminatesTime: 0x4F3EBB88
HKLM\SYSTEM\ControlSet001\Services\{2572D52C-3E88-4EC2-9E36-2DD4F95FD063}\Parameters\Tcpip\LeaseTerminatesTime: 0x4F4FCACC
HKLM\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\{2572D52C-3E88-4EC2-9E36-2DD4F95FD063}: 2C 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 88 BB 3E 4F C0 A8 C5 02 06 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 88 BB 3E 4F C0 A8 C5 02 03 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 88 BB 3E 4F C0 A8 C5 02 0F 00 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 88 BB 3E 4F 6C 6F 63 61 6C 64 6F 6D 61 69 6E 00 01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 88 BB 3E 4F FF FF FF 00 36 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 88 BB 3E 4F C0 A8 C5 FE 35 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 88 BB 3E 4F 05 00 00 00 FC 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D8 B4 3E 4F 33 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 88 BB 3E 4F 00 00 07 08
HKLM\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\{2572D52C-3E88-4EC2-9E36-2DD4F95FD063}: 2C 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 CC CA 4F 4F C0 A8 C5 02 06 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 CC CA 4F 4F C0 A8 C5 02 03 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 CC CA 4F 4F C0 A8 C5 02 0F 00 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 CC CA 4F 4F 6C 6F 63 61 6C 64 6F 6D 61 69 6E 00 01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 CC CA 4F 4F FF FF FF 00 33 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 CC CA 4F 4F 00 00 07 08 36 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 CC CA 4F 4F C0 A8 C5 FE 35 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 CC CA 4F 4F 05 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\Epoch: 0x00000849
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\Epoch: 0x0000084D
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2572D52C-3E88-4EC2-9E36-2DD4F95FD063}\LeaseObtainedTime: 0x4F3EB480
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2572D52C-3E88-4EC2-9E36-2DD4F95FD063}\LeaseObtainedTime: 0x4F4FC3C4
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2572D52C-3E88-4EC2-9E36-2DD4F95FD063}\T1: 0x4F3EB804
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2572D52C-3E88-4EC2-9E36-2DD4F95FD063}\T1: 0x4F4FC748
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2572D52C-3E88-4EC2-9E36-2DD4F95FD063}\T2: 0x4F3EBAA7
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2572D52C-3E88-4EC2-9E36-2DD4F95FD063}\T2: 0x4F4FC9EB
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2572D52C-3E88-4EC2-9E36-2DD4F95FD063}\LeaseTerminatesTime: 0x4F3EBB88
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2572D52C-3E88-4EC2-9E36-2DD4F95FD063}\LeaseTerminatesTime: 0x4F4FCACC
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2572D52C-3E88-4EC2-9E36-2DD4F95FD063}\DhcpRetryTime: 0x0000037F
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2572D52C-3E88-4EC2-9E36-2DD4F95FD063}\DhcpRetryTime: 0x00000384
HKLM\SYSTEM\CurrentControlSet\Services\{2572D52C-3E88-4EC2-9E36-2DD4F95FD063}\Parameters\Tcpip\LeaseObtainedTime: 0x4F3EB480
HKLM\SYSTEM\CurrentControlSet\Services\{2572D52C-3E88-4EC2-9E36-2DD4F95FD063}\Parameters\Tcpip\LeaseObtainedTime: 0x4F4FC3C4
HKLM\SYSTEM\CurrentControlSet\Services\{2572D52C-3E88-4EC2-9E36-2DD4F95FD063}\Parameters\Tcpip\T1: 0x4F3EB804
HKLM\SYSTEM\CurrentControlSet\Services\{2572D52C-3E88-4EC2-9E36-2DD4F95FD063}\Parameters\Tcpip\T1: 0x4F4FC748
HKLM\SYSTEM\CurrentControlSet\Services\{2572D52C-3E88-4EC2-9E36-2DD4F95FD063}\Parameters\Tcpip\T2: 0x4F3EBAA7
HKLM\SYSTEM\CurrentControlSet\Services\{2572D52C-3E88-4EC2-9E36-2DD4F95FD063}\Parameters\Tcpip\T2: 0x4F4FC9EB
HKLM\SYSTEM\CurrentControlSet\Services\{2572D52C-3E88-4EC2-9E36-2DD4F95FD063}\Parameters\Tcpip\LeaseTerminatesTime: 0x4F3EBB88
HKLM\SYSTEM\CurrentControlSet\Services\{2572D52C-3E88-4EC2-9E36-2DD4F95FD063}\Parameters\Tcpip\LeaseTerminatesTime: 0x4F4FCACC
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\MRUList: "edcba"
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\MRUList: "fgbedca"
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\b: 6E 00 6F 00 74 00 65 00 70 00 61 00 64 00 2E 00 65 00 78 00 65 00 00 00 43 00 3A 00 5C 00 41 00 72 00 63 00 68 00 69 00 76 00 6F 00 73 00 20 00 64 00 65 00 20 00 70 00 72 00 6F 00 67 00 72 00 61 00 6D 00 61 00 5C 00 41 00 70 00 61 00 63 00 68 00 65 00 20 00 53 00 6F 00 66 00 74 00 77 00 61 00 72 00 65 00 20 00 46 00 6F 00 75 00 6E 00 64 00 61 00 74 00 69 00 6F 00 6E 00 5C 00 54 00 6F 00 6D 00 63 00 61 00 74 00 20 00 35 00 2E 00 35 00 5C 00 63 00 6F 00 6E 00 66 00 5C 00 43 00 61 00 74 00 61 00 6C 00 69 00 6E 00 61 00 5C 00 6C 00 6F 00 63 00 61 00 6C 00 68 00 6F 00 73 00 74 00 00 00
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\b: 6E 00 6F 00 74 00 65 00 70 00 61 00 64 00 2E 00 65 00 78 00 65 00 00 00 43 00 3A 00 5C 00 44 00 6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 73 00 20 00 61 00 6E 00 64 00 20 00 53 00 65 00 74 00 74 00 69 00 6E 00 67 00 73 00 5C 00 41 00 64 00 6D 00 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 64 00 6F 00 72 00 5C 00 45 00 73 00 63 00 72 00 69 00 74 00 6F 00 72 00 69 00 6F 00 00 00
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\a: "C:\Documents and Settings\Administrador\Escritorio\Firefox Setup 3.6.exe"
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\a: "C:\Documents and Settings\Administrador\Escritorio\test.txt"
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\MRUList: "ihgfedcba"
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\MRUList: "jbaihgfedc"
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\b: "C:\Documents and Settings\Administrador\Escritorio\install_flash_player_ax.exe"
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\b: "C:\Documentos\network\Poison"
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\MRUListEx: 13 00 00 00 11 00 00 00 12 00 00 00 10 00 00 00 0F 00 00 00 0E 00 00 00 0D 00 00 00 01 00 00 00 0C 00 00 00 0A 00 00 00 0B 00 00 00 09 00 00 00 08 00 00 00 07 00 00 00 06 00 00 00 05 00 00 00 04 00 00 00 03 00 00 00 02 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\MRUListEx: 14 00 00 00 13 00 00 00 11 00 00 00 12 00 00 00 10 00 00 00 0F 00 00 00 0E 00 00 00 0D 00 00 00 01 00 00 00 0C 00 00 00 0A 00 00 00 0B 00 00 00 09 00 00 00 08 00 00 00 07 00 00 00 06 00 00 00 05 00 00 00 04 00 00 00 03 00 00 00 02 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt\MRUListEx: 04 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt\MRUListEx: 03 00 00 00 04 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count\HRZR_PGYFRFFVBA: 51 EB 66 0E 12 00 00 00
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count\HRZR_PGYFRFFVBA: CF BE 67 0E 13 00 00 00
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU: 0A 00 00 00 AF 00 00 00 00 E4 B6 33 B1 ED CC 01
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU: 0A 00 00 00 B8 00 00 00 10 E7 6A 1E DC F7 CC 01
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY: 07 00 00 00 31 00 00 00 F0 F8 85 42 AF DA CC 01
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY: 0A 00 00 00 34 00 00 00 80 00 84 04 DB F7 CC 01
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_HVFPHG: 0A 00 00 00 17 00 00 00 60 FD CA 32 B1 ED CC 01
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_HVFPHG: 0A 00 00 00 19 00 00 00 70 00 7F 1D DC F7 CC 01
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\abgrcnq.rkr: 06 00 00 00 0E 00 00 00 E0 F3 EC DE E9 D9 CC 01
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\abgrcnq.rkr: 0A 00 00 00 0E 00 00 00 20 A9 42 AD DA F7 CC 01
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\pzq.rkr: 06 00 00 00 17 00 00 00 A0 8C C8 69 E9 D9 CC 01
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\pzq.rkr: 0A 00 00 00 19 00 00 00 80 00 84 04 DB F7 CC 01
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprfbevbf\Fízobyb qry fvfgrzn.yax: 07 00 00 00 19 00 00 00 F0 87 83 42 AF DA CC 01
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprfbevbf\Fízobyb qry fvfgrzn.yax: 0A 00 00 00 1B 00 00 00 80 00 84 04 DB F7 CC 01
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:Npprfb qverpgb n ertfubg.yax: 0A 00 00 00 07 00 00 00 60 FD CA 32 B1 ED CC 01
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:Npprfb qverpgb n ertfubg.yax: 0A 00 00 00 08 00 00 00 70 00 7F 1D DC F7 CC 01
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Qbphzragbf\Qbjaybnqf\ertfubg_1.8.2_fep_ova\ertfubg.rkr: 0A 00 00 00 06 00 00 00 00 E4 B6 33 B1 ED CC 01
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Qbphzragbf\Qbjaybnqf\ertfubg_1.8.2_fep_ova\ertfubg.rkr: 0A 00 00 00 07 00 00 00 10 E7 6A 1E DC F7 CC 01
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E88DCCE0-B7B3-11D1-A9F0-00AA0060FA31} {0000013A-0000-0000-C000-000000000046} 0x401: 00 00 00 00 32 00 30 00 4C 25 36 99 47 D1 CC 01
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E88DCCE0-B7B3-11D1-A9F0-00AA0060FA31} {0000013A-0000-0000-C000-000000000046} 0x401: 00 00 00 00 32 00 30 00 EE 0D B2 E8 D9 F7 CC 01
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\NodeSlots: 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\NodeSlots: 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\MRUListEx: 09 00 00 00 08 00 00 00 05 00 00 00 02 00 00 00 01 00 00 00 07 00 00 00 06 00 00 00 00 00 00 00 04 00 00 00 03 00 00 00 FF FF FF FF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\MRUListEx: 00 00 00 00 04 00 00 00 01 00 00 00 02 00 00 00 09 00 00 00 08 00 00 00 05 00 00 00 07 00 00 00 06 00 00 00 03 00 00 00 FF FF FF FF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\0\MRUListEx: 03 00 00 00 02 00 00 00 00 00 00 00 01 00 00 00 FF FF FF FF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\0\MRUListEx: 02 00 00 00 03 00 00 00 00 00 00 00 01 00 00 00 FF FF FF FF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\0\2\MRUListEx: 03 00 00 00 04 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\0\2\MRUListEx: 05 00 00 00 03 00 00 00 04 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\1\0\MRUListEx: 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\1\0\MRUListEx: 01 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\2\MRUListEx: 02 00 00 00 01 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\2\MRUListEx: 00 00 00 00 02 00 00 00 01 00 00 00 FF FF FF FF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\4\MRUListEx: 00 00 00 00 01 00 00 00 FF FF FF FF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\4\MRUListEx: 01 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\2\MRUListEx: 04 00 00 00 02 00 00 00 01 00 00 00 03 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\2\MRUListEx: 02 00 00 00 04 00 00 00 01 00 00 00 03 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\10\Shell\ColInfo: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FD DF DF FD 0F 00 04 00 20 00 10 00 00 00 28 00 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 B4 00 60 00 78 00 78 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\10\Shell\ColInfo: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FD DF DF FD 0F 00 04 00 20 00 10 00 28 00 3C 00 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 B4 00 60 00 78 00 78 00 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\3\Shell\WFlags: 0x00000002
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\3\Shell\WFlags: 0x00000000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\3\Shell\MinPos1040x783(1).x: 0xFFFF8300
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\3\Shell\MinPos1040x783(1).x: 0xFFFFFFFF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\3\Shell\MinPos1040x783(1).y: 0xFFFF8300
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\3\Shell\MinPos1040x783(1).y: 0xFFFFFFFF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\3\Shell\ItemPos1040x783(1): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 42 00 31 00 00 00 00 00 76 3E 25 A4 10 00 44 4F 57 4E 4C 4F 7E 31 00 00 2A 00 03 00 04 00 EF BE 53 3C 62 96 34 40 53 73 14 00 00 00 44 00 6F 00 77 00 6E 00 6C 00 6F 00 61 00 64 00 73 00 00 00 18 00 DC 00 00 00 02 00 00 00 3C 00 31 00 00 00 00 00 55 3C 96 A6 10 00 65 63 6C 69 70 73 65 00 26 00 03 00 04 00 EF BE 55 3C 82 8D 34 40 53 73 14 00 00 00 65 00 63 00 6C 00 69 00 70 00 73 00 65 00 00 00 16 00 02 00 00 00 3A 00 00 00 34 00 31 00 00 00 00 00 55 3C 7C 90 10 00 4A 61 76 61 00 00 20 00 03 00 04 00 EF BE 53 3C 48 AD 34 40 53 73 14 00 00 00 4A 00 61 00 76 00 61 00 00 00 14 00 DC 00 00 00 3A 00 00 00 68 00 31 00 00 00 00 00 55 3C 2A 88 11 00 4D 49 4D 53 49 43 7E 31 00 00 2A 00 03 00 04 00 EF BE 53 3C D2 92 34 40 53 73 14 00 00 00 4D 00 69 00 20 00 6D 00 FA 00 73 00 69 00 63 00 61 00 00 00 18 00 26 00 0D 00 06 00 EF BE 41 00 64 00 6D 00 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 64 00 6F 00 72 00 00 00 18 00 02 00 00 00 72 00 00 00 6E 00 31 00 00 00 00 00 55 3C 2A 88 11 00 4D 49 53 49 4D 47 7E 31 00 00 30 00 03 00 04 00 EF BE 53 3C D0 92 34 40 53 73 14 00 00 00 4D 00 69 00 73 00 20 00 69 00 6D 00 E1 00 67 00 65 00 6E 00 65 00 73 00 00 00 18 00 26 00 27 00 06 00 EF BE 41 00 64 00 6D 00 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 64 00 6F 00 72 00 00 00 18 00 DC 00 00 00 72 00 00 00 3C 00 31 00 00 00 00 00 33 40 15 88 10 00 6E 65 74 77 6F 72 6B 00 26 00 03 00 04 00 EF BE 76 3E 28 A2 34 40 53 73 14 00 00 00 6E 00 65 00 74 00 77 00 6F 00 72 00 6B 00 00 00 16 00 02 00 00 00 E2 00 00 00 48 00 31 00 00 00 00 00 2C 40 8B 83 10 00 53 49 4D 4D 56 53 7E 31 00 00 30 00 03 00 04 00 EF BE 2C 40 82 83 37 40 D8 79 14 00 00 00 53 00 49 00 4D 00 4D 00 56 00 20 00 53 00 65 00 72 00 76 00 65 00 72 00 00 00 18 00 02 00 00 00 AA 00 00 00 48 00 32 00 56 00 00 00 55 3C 2A 88 26 00 64 65 73 6B 74 6F 70 2E 69 6E 69 00 2E 00 03 00 04 00 EF BE 53 3C 5A 97 37 40 13 81 14 00 00 00 64 00 65 00 73 00 6B 00 74 00 6F 00 70 00 2E 00 69 00 6E 00 69 00 00 00 1A 00 DC 00 00 00 E2 00 00 00 68 00 32 00 88 0F 4D 00 33 40 18 88 20 00 53 45 54 55 50 2D 7E 31 2E 4D 53 49 00 00 4C 00 03 00 04 00 EF BE 33 40 0C 88 34 40 04 7A 14 00 00 00 53 00 65 00 74 00 75 00 70 00 2D 00 53 00 75 00 62 00 76 00 65 00 72 00 73 00 69 00 6F 00 6E 00 2D 00 31 00 2E 00 37 00 2E 00 32 00 2E 00 6D 00 73 00 69 00 00 00 1C 00 02 00 00 00 1A 01 00 00 8A 00 32 00 00 00 D1 00 34 40 97 7A 20 00 54 4F 52 54 4F 49 7E 31 2E 4D 53 49 00 00 6E 00 03 00 04 00 EF BE 34 40 83 7A 34 40 01 7A 14 00 00 00 54 00 6F 00 72 00 74 00 6F 00 69 00 73 00 65 00 53 00 56 00 4E 00 2D 00 31 00 2E 00 37 00 2E 00 34 00 2E 00 32 00 32 00 34 00 35 00 39 00 2D 00 77 00 69 00 6E 00 33 00 32 00 2D 00 73 00 76 00 6E 00 2D 00 31 00 2E 00 37 00 2E 00 32 00 2E 00 6D 00 73 00 69 00 00 00 1C 00 DC 00 00 00 AA 00 00 00 40 00 32 00 AB BE 03 00 77 3E 01 03 20 00 77 75 64 70 2E 74 78 74 00 00 28 00 03 00 04 00 EF BE 77 3E B1 02 77 3E 01 03 14 00 00 00 77 00 75 00 64 00 70 00 2E 00 74 00 78 00 74 00 00 00 18 00 DC 00 00 00 AA 00 00 00 00 00 00 00
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\3\Shell\ItemPos1040x783(1): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 42 00 31 00 00 00 00 00 76 3E 25 A4 10 00 44 4F 57 4E 4C 4F 7E 31 00 00 2A 00 03 00 04 00 EF BE 53 3C 62 96 50 40 39 93 14 00 00 00 44 00 6F 00 77 00 6E 00 6C 00 6F 00 61 00 64 00 73 00 00 00 18 00 DC 00 00 00 02 00 00 00 3C 00 31 00 00 00 00 00 55 3C 96 A6 10 00 65 63 6C 69 70 73 65 00 26 00 03 00 04 00 EF BE 55 3C 82 8D 50 40 39 93 14 00 00 00 65 00 63 00 6C 00 69 00 70 00 73 00 65 00 00 00 16 00 02 00 00 00 3A 00 00 00 34 00 31 00 00 00 00 00 55 3C 7C 90 10 00 4A 61 76 61 00 00 20 00 03 00 04 00 EF BE 53 3C 48 AD 51 40 72 A1 14 00 00 00 4A 00 61 00 76 00 61 00 00 00 14 00 DC 00 00 00 3A 00 00 00 68 00 31 00 00 00 00 00 55 3C 2A 88 11 00 4D 49 4D 53 49 43 7E 31 00 00 2A 00 03 00 04 00 EF BE 53 3C D2 92 50 40 39 93 14 00 00 00 4D 00 69 00 20 00 6D 00 FA 00 73 00 69 00 63 00 61 00 00 00 18 00 26 00 0D 00 06 00 EF BE 41 00 64 00 6D 00 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 64 00 6F 00 72 00 00 00 18 00 02 00 00 00 72 00 00 00 6E 00 31 00 00 00 00 00 55 3C 2A 88 11 00 4D 49 53 49 4D 47 7E 31 00 00 30 00 03 00 04 00 EF BE 53 3C D0 92 50 40 39 93 14 00 00 00 4D 00 69 00 73 00 20 00 69 00 6D 00 E1 00 67 00 65 00 6E 00 65 00 73 00 00 00 18 00 26 00 27 00 06 00 EF BE 41 00 64 00 6D 00 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 64 00 6F 00 72 00 00 00 18 00 DC 00 00 00 72 00 00 00 3C 00 31 00 00 00 00 00 61 40 37 94 10 00 6E 65 74 77 6F 72 6B 00 26 00 03 00 04 00 EF BE 76 3E 28 A2 61 40 37 94 14 00 00 00 6E 00 65 00 74 00 77 00 6F 00 72 00 6B 00 00 00 16 00 02 00 00 00 E2 00 00 00 48 00 31 00 00 00 00 00 2C 40 8B 83 10 00 53 49 4D 4D 56 53 7E 31 00 00 30 00 03 00 04 00 EF BE 2C 40 82 83 38 40 AA 7A 14 00 00 00 53 00 49 00 4D 00 4D 00 56 00 20 00 53 00 65 00 72 00 76 00 65 00 72 00 00 00 18 00 02 00 00 00 AA 00 00 00 48 00 32 00 56 00 00 00 55 3C 2A 88 26 00 64 65 73 6B 74 6F 70 2E 69 6E 69 00 2E 00 03 00 04 00 EF BE 53 3C 5A 97 51 40 39 A2 14 00 00 00 64 00 65 00 73 00 6B 00 74 00 6F 00 70 00 2E 00 69 00 6E 00 69 00 00 00 1A 00 DC 00 00 00 E2 00 00 00 68 00 32 00 88 0F 4D 00 33 40 18 88 20 00 53 45 54 55 50 2D 7E 31 2E 4D 53 49 00 00 4C 00 03 00 04 00 EF BE 33 40 0C 88 34 40 04 7A 14 00 00 00 53 00 65 00 74 00 75 00 70 00 2D 00 53 00 75 00 62 00 76 00 65 00 72 00 73 00 69 00 6F 00 6E 00 2D 00 31 00 2E 00 37 00 2E 00 32 00 2E 00 6D 00 73 00 69 00 00 00 1C 00 02 00 00 00 1A 01 00 00 8A 00 32 00 00 00 D1 00 34 40 97 7A 20 00 54 4F 52 54 4F 49 7E 31 2E 4D 53 49 00 00 6E 00 03 00 04 00 EF BE 34 40 83 7A 34 40 01 7A 14 00 00 00 54 00 6F 00 72 00 74 00 6F 00 69 00 73 00 65 00 53 00 56 00 4E 00 2D 00 31 00 2E 00 37 00 2E 00 34 00 2E 00 32 00 32 00 34 00 35 00 39 00 2D 00 77 00 69 00 6E 00 33 00 32 00 2D 00 73 00 76 00 6E 00 2D 00 31 00 2E 00 37 00 2E 00 32 00 2E 00 6D 00 73 00 69 00 00 00 1C 00 DC 00 00 00 AA 00 00 00 40 00 32 00 AB BE 03 00 77 3E 01 03 20 00 77 75 64 70 2E 74 78 74 00 00 28 00 03 00 04 00 EF BE 77 3E B1 02 77 3E 01 03 14 00 00 00 77 00 75 00 64 00 70 00 2E 00 74 00 78 00 74 00 00 00 18 00 DC 00 00 00 AA 00 00 00 00 00 00 00
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\37\Shell\WFlags: 0x00000002
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\37\Shell\WFlags: 0x00000000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\37\Shell\ShowCmd: 0x00000003
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\37\Shell\ShowCmd: 0x00000001
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\37\Shell\WinPos1040x783(1).left: 0x0000002C
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\37\Shell\WinPos1040x783(1).left: 0x00000049
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\37\Shell\WinPos1040x783(1).top: 0x0000003A
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\37\Shell\WinPos1040x783(1).top: 0x00000057
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\37\Shell\WinPos1040x783(1).right: 0x0000034C
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\37\Shell\WinPos1040x783(1).right: 0x00000369
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\37\Shell\WinPos1040x783(1).bottom: 0x00000292
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\37\Shell\WinPos1040x783(1).bottom: 0x000002AF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\5\Shell\WFlags: 0x00000002
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\5\Shell\WFlags: 0x00000000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\5\Shell\ShowCmd: 0x00000003
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\5\Shell\ShowCmd: 0x00000001
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\5\Shell\MinPos1040x783(1).x: 0xFFFF8300
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\5\Shell\MinPos1040x783(1).x: 0xFFFFFFFF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\5\Shell\MinPos1040x783(1).y: 0xFFFF8300
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\5\Shell\MinPos1040x783(1).y: 0xFFFFFFFF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\5\Shell\WinPos1040x783(1).left: 0x0000002C
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\5\Shell\WinPos1040x783(1).left: 0x00000022
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\5\Shell\WinPos1040x783(1).top: 0x0000003A
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\5\Shell\WinPos1040x783(1).top: 0x00000000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\5\Shell\WinPos1040x783(1).right: 0x0000034C
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\5\Shell\WinPos1040x783(1).right: 0x00000342
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\5\Shell\WinPos1040x783(1).bottom: 0x00000292
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\5\Shell\WinPos1040x783(1).bottom: 0x00000258
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\5\Shell\ItemPos1040x783(1): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 52 01 00 00 3A 00 31 00 00 00 00 00 2C 40 21 85 10 00 41 70 61 63 68 65 00 00 24 00 03 00 04 00 EF BE 2C 40 21 85 34 40 4E 84 14 00 00 00 41 00 70 00 61 00 63 00 68 00 65 00 00 00 16 00 02 00 00 00 02 00 00 00 58 00 31 00 00 00 00 00 34 40 27 7A 11 00 41 52 43 48 49 56 7E 31 00 00 40 00 03 00 04 00 EF BE 53 3C 2F 61 37 40 C3 9A 14 00 00 00 41 00 72 00 63 00 68 00 69 00 76 00 6F 00 73 00 20 00 64 00 65 00 20 00 70 00 72 00 6F 00 67 00 72 00 61 00 6D 00 61 00 00 00 18 00 DC 00 00 00 02 00 00 00 6A 00 31 00 00 00 00 00 34 40 00 7A 11 00 44 4F 43 55 4D 45 7E 32 00 00 2C 00 03 00 04 00 EF BE 53 3C 51 97 37 40 00 9E 14 00 00 00 44 00 6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 6F 00 73 00 00 00 18 00 26 00 00 00 06 00 EF BE 41 00 64 00 6D 00 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 64 00 6F 00 72 00 00 00 18 00 B6 01 00 00 02 00 00 00 5C 00 31 00 00 00 00 00 53 3C CD 92 10 00 44 4F 43 55 4D 45 7E 31 00 00 44 00 03 00 04 00 EF BE 53 3C 09 61 37 40 90 9D 14 00 00 00 44 00 6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 73 00 20 00 61 00 6E 00 64 00 20 00 53 00 65 00 74 00 74 00 69 00 6E 00 67 00 73 00 00 00 18 00 02 00 00 00 3A 00 00 00 40 00 31 00 00 00 00 00 76 3E F9 A3 10 00 69 44 45 46 45 4E 53 45 00 00 28 00 03 00 04 00 EF BE 76 3E F2 A3 37 40 04 9E 14 00 00 00 69 00 44 00 45 00 46 00 45 00 4E 00 53 00 45 00 00 00 18 00 DC 00 00 00 52 01 00 00 30 00 31 00 00 00 00 00 2D 40 2A 7C 10 00 6F 70 74 00 1E 00 03 00 04 00 EF BE 2D 40 2A 7C 37 40 04 9E 14 00 00 00 6F 00 70 00 74 00 00 00 12 00 DC 00 00 00 3A 00 00 00 40 00 31 00 00 00 00 00 53 3C 12 94 16 00 52 45 43 59 43 4C 45 52 00 00 28 00 03 00 04 00 EF BE 53 3C 12 94 37 40 04 9E 14 00 00 00 52 00 45 00 43 00 59 00 43 00 4C 00 45 00 52 00 00 00 18 00 B6 01 00 00 1A 01 00 00 36 00 31 00 00 00 00 00 34 40 B3 A9 10 00 53 49 4D 4D 56 00 22 00 03 00 04 00 EF BE 2C 40 14 7F 37 40 CC 9D 14 00 00 00 53 00 49 00 4D 00 4D 00 56 00 00 00 14 00 B6 01 00 00 3A 00 00 00 62 00 31 00 00 00 00 00 53 3C C7 92 16 00 53 59 53 54 45 4D 7E 31 00 00 4A 00 03 00 04 00 EF BE 53 3C 09 61 37 40 DC 84 14 00 00 00 53 00 79 00 73 00 74 00 65 00 6D 00 20 00 56 00 6F 00 6C 00 75 00 6D 00 65 00 20 00 49 00 6E 00 66 00 6F 00 72 00 6D 00 61 00 74 00 69 00 6F 00 6E 00 00 00 18 00 02 00 00 00 72 00 00 00 3C 00 31 00 00 00 00 00 79 3E 44 A7 10 00 57 49 4E 44 4F 57 53 00 26 00 03 00 04 00 EF BE 53 3C 71 68 37 40 C3 9A 14 00 00 00 57 00 49 00 4E 00 44 00 4F 00 57 00 53 00 00 00 16 00 DC 00 00 00 72 00 00 00 4C 00 32 00 00 00 00 00 53 3C 53 92 26 00 41 55 54 4F 45 58 45 43 2E 42 41 54 00 00 30 00 03 00 04 00 EF BE 53 3C 53 92 53 3C 53 92 14 00 00 00 41 00 55 00 54 00 4F 00 45 00 58 00 45 00 43 00 2E 00 42 00 41 00 54 00 00 00 1C 00 B6 01 00 00 72 00 00 00 40 00 32 00 D3 00 00 00 53 3C 79 91 06 00 62 6F 6F 74 2E 69 6E 69 00 00 28 00 03 00 04 00 EF BE 53 3C 00 69 37 40 CE 9A 14 00 00 00 62 00 6F 00 6F 00 74 00 2E 00 69 00 6E 00 69 00 00 00 18 00 02 00 00 00 AA 00 00 00 4C 00 32 00 58 13 00 00 18 2B 00 50 27 00 42 6F 6F 74 66 6F 6E 74 2E 62 69 6E 00 00 30 00 03 00 04 00 EF BE 18 2B 00 50 53 3C B0 68 14 00 00 00 42 00 6F 00 6F 00 74 00 66 00 6F 00 6E 00 74 00 2E 00 62 00 69 00 6E 00 00 00 1C 00 DC 00 00 00 AA 00 00 00 46 00 32 00 00 00 00 00 53 3C 53 92 26 00 43 4F 4E 46 49 47 2E 53 59 53 00 00 2C 00 03 00 04 00 EF BE 53 3C 53 92 53 3C 53 92 14 00 00 00 43 00 4F 00 4E 00 46 00 49 00 47 00 2E 00 53 00 59 00 53 00 00 00 1A 00 B6 01 00 00 AA 00 00 00 3A 00 32 00 00 00 00 00 53 3C 53 92 27 00 49 4F 2E 53 59 53 00 00 24 00 03 00 04 00 EF BE 53 3C 53 92 53 3C 53 92 14 00 00 00 49 00 4F 00 2E 00 53 00 59 00 53 00 00 00 16 00 02 00 00 00 E2 00 00 00 3C 00 32 00 78 07 00 00 81 3E E4 AD 20 00 6C 6F 67 2E 74 78 74 00 26 00 03 00 04 00 EF BE 77 3E E2 00 81 3E E4 AD 14 00 00 00 6C 00 6F 00 67 00 2E 00 74 00 78 00 74 00 00 00 16 00 DC 00 00 00 E2 00 00 00 42 00 32 00 00 00 00 00 53 3C 53 92 27 00 4D 53 44 4F 53 2E 53 59 53 00 2A 00 03 00 04 00 EF BE 53 3C 53 92 53 3C 53 92 14 00 00 00 4D 00 53 00 44 00 4F 00 53 00 2E 00 53 00 59 00 53 00 00 00 18 00 B6 01 00 00 E2 00 00 00 4C 00 32 00 CC B9 00 00 04 31 D1 1C 27 00 4E 54 44 45 54 45 43 54 2E 43 4F 4D 00 00 30 00 03 00 04 00 EF BE 04 31 D1 1C 53 3C FA 68 14 00 00 00 4E 00 54 00 44 00 45 00 54 00 45 00 43 00 54 00 2E 00 43 00 4F 00 4D 00 00 00 1C 00 02 00 00 00 1A 01 00 00 36 00 32 00 20 D5 03 00 55 3C 66 8A 27 00 6E 74 6C 64 72 00 22 00 03 00 04 00 EF BE 04 31 75 1F 77 3E D0 01 14 00 00 00 6E 00 74 00 6C 00 64 00 72 00 00 00 14 00 DC 00 00 00 1A 01 00 00 4C 00 32 00 00 00 00 60 34 40 57 73 26 00 70 61 67 65 66 69 6C 65 2E 73 79 73 00 00 30 00 03 00 04 00 EF BE 53 3C 71 68 34 40 57 73 14 00 00 00 70 00 61 00 67 00 65 00 66 00 69 00 6C 00 65 00 2E 00 73 00 79 00 73 00 00 00 1C 00 B6 01 00 00 52 01 00 00 36 00 31 00 00 00 00 00 37 40 74 9E 10 00 72 65 70 6F 73 00 22 00 03 00 04 00 EF BE 37 40 74 9E 37 40 74 9E 14 00 00 00 72 00 65 00 70 00 6F 00 73 00 00 00 14 00 B6 01 00 00 52 01 00 00 00 00 00 00
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\5\Shell\ItemPos1040x783(1): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 FA 01 00 00 3A 00 31 00 00 00 00 00 2C 40 21 85 10 00 41 70 61 63 68 65 00 00 24 00 03 00 04 00 EF BE 2C 40 21 85 37 40 6A 9E 14 00 00 00 41 00 70 00 61 00 63 00 68 00 65 00 00 00 16 00 02 00 00 00 02 00 00 00 58 00 31 00 00 00 00 00 34 40 27 7A 11 00 41 52 43 48 49 56 7E 31 00 00 40 00 03 00 04 00 EF BE 53 3C 2F 61 61 40 4D 94 14 00 00 00 41 00 72 00 63 00 68 00 69 00 76 00 6F 00 73 00 20 00 64 00 65 00 20 00 70 00 72 00 6F 00 67 00 72 00 61 00 6D 00 61 00 00 00 18 00 DC 00 00 00 02 00 00 00 6A 00 31 00 00 00 00 00 34 40 00 7A 11 00 44 4F 43 55 4D 45 7E 32 00 00 2C 00 03 00 04 00 EF BE 53 3C 51 97 61 40 3D 94 14 00 00 00 44 00 6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 6F 00 73 00 00 00 18 00 26 00 00 00 06 00 EF BE 41 00 64 00 6D 00 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 64 00 6F 00 72 00 00 00 18 00 02 00 00 00 3A 00 00 00 5C 00 31 00 00 00 00 00 53 3C CD 92 10 00 44 4F 43 55 4D 45 7E 31 00 00 44 00 03 00 04 00 EF BE 53 3C 09 61 61 40 00 94 14 00 00 00 44 00 6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 73 00 20 00 61 00 6E 00 64 00 20 00 53 00 65 00 74 00 74 00 69 00 6E 00 67 00 73 00 00 00 18 00 DC 00 00 00 3A 00 00 00 40 00 31 00 00 00 00 00 76 3E F9 A3 10 00 69 44 45 46 45 4E 53 45 00 00 28 00 03 00 04 00 EF BE 76 3E F2 A3 61 40 61 94 14 00 00 00 69 00 44 00 45 00 46 00 45 00 4E 00 53 00 45 00 00 00 18 00 DC 00 00 00 FA 01 00 00 30 00 31 00 00 00 00 00 2D 40 2A 7C 10 00 6F 70 74 00 1E 00 03 00 04 00 EF BE 2D 40 2A 7C 37 40 04 9E 14 00 00 00 6F 00 70 00 74 00 00 00 12 00 02 00 00 00 72 00 00 00 40 00 31 00 00 00 00 00 53 3C 12 94 16 00 52 45 43 59 43 4C 45 52 00 00 28 00 03 00 04 00 EF BE 53 3C 12 94 61 40 61 94 14 00 00 00 52 00 45 00 43 00 59 00 43 00 4C 00 45 00 52 00 00 00 18 00 02 00 00 00 32 02 00 00 36 00 31 00 00 00 00 00 38 40 7C 7E 10 00 72 65 70 6F 73 00 22 00 03 00 04 00 EF BE 37 40 74 9E 61 40 F8 94 14 00 00 00 72 00 65 00 70 00 6F 00 73 00 00 00 14 00 DC 00 00 00 C2 01 00 00 36 00 31 00 00 00 00 00 34 40 B3 A9 10 00 53 49 4D 4D 56 00 22 00 03 00 04 00 EF BE 2C 40 14 7F 61 40 61 94 14 00 00 00 53 00 49 00 4D 00 4D 00 56 00 00 00 14 00 DC 00 00 00 72 00 00 00 62 00 31 00 00 00 00 00 53 3C C7 92 16 00 53 59 53 54 45 4D 7E 31 00 00 4A 00 03 00 04 00 EF BE 53 3C 09 61 61 40 61 94 14 00 00 00 53 00 79 00 73 00 74 00 65 00 6D 00 20 00 56 00 6F 00 6C 00 75 00 6D 00 65 00 20 00 49 00 6E 00 66 00 6F 00 72 00 6D 00 61 00 74 00 69 00 6F 00 6E 00 00 00 18 00 02 00 00 00 AA 00 00 00 3C 00 31 00 00 00 00 00 61 40 CC 94 10 00 57 49 4E 44 4F 57 53 00 26 00 03 00 04 00 EF BE 53 3C 71 68 61 40 CC 94 14 00 00 00 57 00 49 00 4E 00 44 00 4F 00 57 00 53 00 00 00 16 00 DC 00 00 00 AA 00 00 00 4C 00 32 00 00 00 00 00 53 3C 53 92 26 00 41 55 54 4F 45 58 45 43 2E 42 41 54 00 00 30 00 03 00 04 00 EF BE 53 3C 53 92 53 3C 53 92 14 00 00 00 41 00 55 00 54 00 4F 00 45 00 58 00 45 00 43 00 2E 00 42 00 41 00 54 00 00 00 1C 00 02 00 00 00 E2 00 00 00 40 00 32 00 D3 00 00 00 53 3C 79 91 06 00 62 6F 6F 74 2E 69 6E 69 00 00 28 00 03 00 04 00 EF BE 53 3C 00 69 61 40 F9 93 14 00 00 00 62 00 6F 00 6F 00 74 00 2E 00 69 00 6E 00 69 00 00 00 18 00 DC 00 00 00 E2 00 00 00 4C 00 32 00 58 13 00 00 18 2B 00 50 27 00 42 6F 6F 74 66 6F 6E 74 2E 62 69 6E 00 00 30 00 03 00 04 00 EF BE 18 2B 00 50 53 3C B0 68 14 00 00 00 42 00 6F 00 6F 00 74 00 66 00 6F 00 6E 00 74 00 2E 00 62 00 69 00 6E 00 00 00 1C 00 02 00 00 00 1A 01 00 00 46 00 32 00 00 00 00 00 53 3C 53 92 26 00 43 4F 4E 46 49 47 2E 53 59 53 00 00 2C 00 03 00 04 00 EF BE 53 3C 53 92 53 3C 53 92 14 00 00 00 43 00 4F 00 4E 00 46 00 49 00 47 00 2E 00 53 00 59 00 53 00 00 00 1A 00 DC 00 00 00 1A 01 00 00 3A 00 32 00 00 00 00 00 53 3C 53 92 27 00 49 4F 2E 53 59 53 00 00 24 00 03 00 04 00 EF BE 53 3C 53 92 53 3C 53 92 14 00 00 00 49 00 4F 00 2E 00 53 00 59 00 53 00 00 00 16 00 02 00 00 00 52 01 00 00 3C 00 32 00 78 07 00 00 81 3E E4 AD 20 00 6C 6F 67 2E 74 78 74 00 26 00 03 00 04 00 EF BE 77 3E E2 00 81 3E E4 AD 14 00 00 00 6C 00 6F 00 67 00 2E 00 74 00 78 00 74 00 00 00 16 00 DC 00 00 00 52 01 00 00 42 00 32 00 00 00 00 00 53 3C 53 92 27 00 4D 53 44 4F 53 2E 53 59 53 00 2A 00 03 00 04 00 EF BE 53 3C 53 92 53 3C 53 92 14 00 00 00 4D 00 53 00 44 00 4F 00 53 00 2E 00 53 00 59 00 53 00 00 00 18 00 02 00 00 00 8A 01 00 00 4C 00 32 00 CC B9 00 00 04 31 D1 1C 27 00 4E 54 44 45 54 45 43 54 2E 43 4F 4D 00 00 30 00 03 00 04 00 EF BE 04 31 D1 1C 53 3C FA 68 14 00 00 00 4E 00 54 00 44 00 45 00 54 00 45 00 43 00 54 00 2E 00 43 00 4F 00 4D 00 00 00 1C 00 DC 00 00 00 8A 01 00 00 36 00 32 00 20 D5 03 00 55 3C 66 8A 27 00 6E 74 6C 64 72 00 22 00 03 00 04 00 EF BE 04 31 75 1F 77 3E D0 01 14 00 00 00 6E 00 74 00 6C 00 64 00 72 00 00 00 14 00 02 00 00 00 C2 01 00 00 4C 00 32 00 00 00 00 60 50 40 40 93 26 00 70 61 67 65 66 69 6C 65 2E 73 79 73 00 00 30 00 03 00 04 00 EF BE 53 3C 71 68 50 40 40 93 14 00 00 00 70 00 61 00 67 00 65 00 66 00 69 00 6C 00 65 00 2E 00 73 00 79 00 73 00 00 00 1C 00 02 00 00 00 C2 01 00 00 00 00 00 00
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\52\Shell\WFlags: 0x00000002
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\52\Shell\WFlags: 0x00000000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\52\Shell\ShowCmd: 0x00000003
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\52\Shell\ShowCmd: 0x00000001
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\52\Shell\MinPos1040x783(1).x: 0xFFFF8300
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\52\Shell\MinPos1040x783(1).x: 0xFFFFFFFF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\52\Shell\MinPos1040x783(1).y: 0xFFFF8300
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\52\Shell\MinPos1040x783(1).y: 0xFFFFFFFF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\52\Shell\WinPos1040x783(1).left: 0x0000002C
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\52\Shell\WinPos1040x783(1).left: 0x00000022
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\52\Shell\WinPos1040x783(1).top: 0x0000003A
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\52\Shell\WinPos1040x783(1).top: 0x00000000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\52\Shell\WinPos1040x783(1).right: 0x0000034C
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\52\Shell\WinPos1040x783(1).right: 0x00000342
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\52\Shell\WinPos1040x783(1).bottom: 0x00000292
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\52\Shell\WinPos1040x783(1).bottom: 0x00000258
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\52\Shell\ScrollPos1040x783(1).y: 0x0000041D
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\52\Shell\ScrollPos1040x783(1).y: 0x00000003
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\6\Shell\WFlags: 0x00000002
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\6\Shell\WFlags: 0x00000000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\6\Shell\ShowCmd: 0x00000003
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\6\Shell\ShowCmd: 0x00000001
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\6\Shell\ColInfo: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FD DF DF FD 0F 00 05 00 24 00 10 00 2E 00 46 00 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 04 00 00 00 78 00 96 00 60 00 60 00 78 00 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 05 00 00 00 FF FF FF FF CF F3 A8 B0 33 43 AB 4B 88 73 1C CB 1C AD A4 8B 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 04 00 00 00
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\6\Shell\ColInfo: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FD DF DF FD 0F 00 05 00 24 00 10 00 00 00 2E 00 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 04 00 00 00 78 00 96 00 60 00 60 00 78 00 CF F3 A8 B0 33 43 AB 4B 88 73 1C CB 1C AD A4 8B 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 04 00 00 00
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\6\Shell\MinPos1040x783(1).x: 0xFFFF8300
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\6\Shell\MinPos1040x783(1).x: 0xFFFFFFFF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\6\Shell\MinPos1040x783(1).y: 0xFFFF8300
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\6\Shell\MinPos1040x783(1).y: 0xFFFFFFFF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\6\Shell\WinPos1040x783(1).left: 0x00000049
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\6\Shell\WinPos1040x783(1).left: 0x00000022
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\6\Shell\WinPos1040x783(1).top: 0x00000057
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\6\Shell\WinPos1040x783(1).top: 0x00000000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\6\Shell\WinPos1040x783(1).right: 0x00000369
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\6\Shell\WinPos1040x783(1).right: 0x00000342
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\6\Shell\WinPos1040x783(1).bottom: 0x000002AF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\6\Shell\WinPos1040x783(1).bottom: 0x00000258
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\76\Shell\ScrollPos1040x783(1).y: 0x00000000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\76\Shell\ScrollPos1040x783(1).y: 0x000025F6
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\76\Shell\ColInfo: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FD DF DF FD 0F 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\76\Shell\ColInfo: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FD DF DF FD 0F 00 04 00 20 00 10 00 28 00 3C 00 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 B4 00 60 00 78 00 78 00 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\76\Shell\WinPos1040x783(1).left: 0x0000002C
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\76\Shell\WinPos1040x783(1).left: 0x00000005
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\76\Shell\WinPos1040x783(1).top: 0x0000003A
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\76\Shell\WinPos1040x783(1).top: 0x00000097
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\76\Shell\WinPos1040x783(1).right: 0x0000034C
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\76\Shell\WinPos1040x783(1).right: 0x0000032D
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\76\Shell\WinPos1040x783(1).bottom: 0x00000292
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\76\Shell\WinPos1040x783(1).bottom: 0x000002EF
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\76\Shell\WFlags: 0x00000002
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\76\Shell\WFlags: 0x00000000
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\76\Shell\ShowCmd: 0x00000003
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\76\Shell\ShowCmd: 0x00000001
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\9\Shell\ColInfo: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FD DF DF FD 0F 00 04 00 20 00 10 00 28 00 3C 00 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 B4 00 60 00 78 00 78 00 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows\ShellNoRoam\Bags\9\Shell\ColInfo: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FD DF DF FD 0F 00 04 00 20 00 10 00 00 00 28 00 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 B4 00 60 00 78 00 78 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows NT\CurrentVersion\TaskManager\Preferences: 9C 02 00 00 E8 03 00 00 02 00 00 00 01 00 00 00 01 00 00 00 0A 00 00 00 0A 00 00 00 9E 01 00 00 D1 01 00 00 00 00 00 00 00 00 00 00 02 00 00 00 03 00 00 00 04 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 01 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 04 00 00 00 06 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 93 00 00 00 6B 00 00 00 23 00 00 00 46 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 47 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKU\S-1-5-21-2000478354-839522115-725345543-500\Software\Microsoft\Windows NT\CurrentVersion\TaskManager\Preferences: 9C 02 00 00 E8 03 00 00 02 00 00 00 01 00 00 00 01 00 00 00 0A 00 00 00 0A 00 00 00 9E 01 00 00 D1 01 00 00 01 00 00 00 00 00 00 00 02 00 00 00 03 00 00 00 04 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 01 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 04 00 00 00 06 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 93 00 00 00 6B 00 00 00 23 00 00 00 46 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 47 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

----------------------------------
Files added:10
----------------------------------
C:\WINDOWS\Prefetch\2CC1B2CCA8D07B55144141625AEA3-01CBCCFC.pf
C:\WINDOWS\Prefetch\DUMPCAP.EXE-11A2530B.pf
C:\WINDOWS\Prefetch\HIEW32DEMO.EXE-11971134.pf
C:\WINDOWS\Prefetch\IEXPLORE.EXE-07A56490.pf
C:\WINDOWS\Prefetch\WIRESHARK.EXE-131E0371.pf
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb000A7.log
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb000A8.log
C:\WINDOWS\system32\CatRoot2\tmp.edb
C:\WINDOWS\system32\misys
C:\WINDOWS\system32\misys.exe

----------------------------------
Files deleted:3
----------------------------------
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb000A6.log
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb

----------------------------------
Files [attributes?] modified:24
----------------------------------
C:\WINDOWS\inf\apps.PNF
C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf
C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf
C:\WINDOWS\Prefetch\IPCONFIG.EXE-2395F30B.pf
C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf
C:\WINDOWS\Prefetch\REGSHOT.EXE-13C983B5.pf
C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf
C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf
C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf
C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf
C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.chk
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log
C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.cab
C:\WINDOWS\system.ini
C:\WINDOWS\system32\CatRoot2\edb.chk
C:\WINDOWS\system32\CatRoot2\edb.log
C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
C:\WINDOWS\system32\config\SAM.LOG
C:\WINDOWS\system32\config\software.LOG
C:\WINDOWS\system32\config\system.LOG
C:\WINDOWS\system32\wbem\Logs\wbemcore.log
C:\WINDOWS\WindowsUpdate.log

----------------------------------
Folders added:1
----------------------------------
C:\WINDOWS\PIF

----------------------------------
Total changes:320
----------------------------------