Regshot 1.8.3-beta1V5
Comments:
Datetime:2012/8/23 18:40:04  ,  2012/8/23 19:37:51
Computer:UHA-68F2DDBE516 , UHA-68F2DDBE516
Username:Administrador , Administrador

----------------------------------
Keys deleted:248
----------------------------------
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\AppMgmt
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Base
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Boot Bus Extender
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Boot file system
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CryptSvc
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\DcomLaunch
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\dmadmin
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\dmboot.sys
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\dmio.sys
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\dmload.sys
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\dmserver
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\EventLog
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\File system
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Filter
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\HelpSvc
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Netlogon
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\PCI Configuration
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\PlugPlay
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\PNP Filter
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Primary disk
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\RpcSs
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SCSI Class
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\sermouse.sys
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\sr.sys
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SRService
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\System Bus Extender
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\vga.sys
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\vgasave.sys
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\WinMgmt
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\AFD
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\AppMgmt
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\Base
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\Boot Bus Extender
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\Boot file system
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\Browser
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\CryptSvc
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\DcomLaunch
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\Dhcp
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\dmadmin
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\dmboot.sys
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\dmio.sys
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\dmload.sys
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\dmserver
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\DnsCache
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\EventLog
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\File system
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\Filter
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\HelpSvc
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\ip6fw.sys
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\ipnat.sys
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\LanmanServer
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\LanmanWorkstation
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\LmHosts
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\Messenger
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\NDIS
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\NDIS Wrapper
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\Ndisuio
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\NetBIOS
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\NetBIOSGroup
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\NetBT
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\NetDDEGroup
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\Netlogon
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\NetMan
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\Network
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\NetworkProvider
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\NtLmSsp
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\PCI Configuration
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\PlugPlay
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\PNP Filter
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\PNP_TDI
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\Primary disk
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\rdpcdd.sys
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\rdpdd.sys
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\rdpwd.sys
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\rdsessmgr
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\RpcSs
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\SCSI Class
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\sermouse.sys
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\SharedAccess
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\sr.sys
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\SRService
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\Streams Drivers
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\System Bus Extender
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\Tcpip
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\TDI
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\tdpipe.sys
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\tdtcp.sys
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\termservice
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\vga.sys
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\vgasave.sys
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\WinMgmt
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\WZCSVC
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmadmin
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmio.sys
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmload.sys
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmserver
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sr.sys
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SRService
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\termservice
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WZCSVC
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

----------------------------------
Keys added:23
----------------------------------
HKLM\SOFTWARE\Microsoft\RFC1156Agent
HKLM\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion
HKLM\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\0000
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\0000\Control
HKLM\SYSTEM\ControlSet001\Services\Micorsoft Windows Service
HKLM\SYSTEM\ControlSet001\Services\Micorsoft Windows Service\Security
HKLM\SYSTEM\ControlSet001\Services\Micorsoft Windows Service\Enum
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\0000\Control
HKLM\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service
HKLM\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service\Security
HKLM\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service\Enum
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\3
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\0\0\1
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\42
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\42\Shell
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\43
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\43\Shell
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\DUIBags\ShellFolders\{7007ACC7-3202-11D1-AAD2-00805FC1270E}
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\RAS Phonebook

----------------------------------
Values deleted:246
----------------------------------
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\AlternateShell: "cmd.exe"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}\: "Human Interface Devices"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}\: "Volume"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}\: "Floppy disk drive"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}\: "System"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}\: "SCSIAdapter"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}\: "PCMCIA Adapters"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}\: "Mouse"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}\: "Keyboard"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}\: "Hdc"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}\: "Standard floppy disk controller"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}\: "DiskDrive"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}\: "CD-ROM Drive"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}\: "Universal Serial Bus controllers"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\WinMgmt\: "Service"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\vgasave.sys\: "Driver"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\vga.sys\: "Driver"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\System Bus Extender\: "Driver Group"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SRService\: "Service"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\sr.sys\: "FSFilter System Recovery"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\sermouse.sys\: "Driver"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SCSI Class\: "Driver Group"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\RpcSs\: "Service"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Primary disk\: "Driver Group"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\PNP Filter\: "Driver Group"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\PlugPlay\: "Service"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\PCI Configuration\: "Driver Group"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Netlogon\: "Service"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\HelpSvc\: "Service"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Filter\: "Driver Group"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\File system\: "Driver Group"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\EventLog\: "Service"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\dmserver\: "Service"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\dmload.sys\: "Driver"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\dmio.sys\: "Driver"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\dmboot.sys\: "Driver"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\dmadmin\: "Service"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\DcomLaunch\: "Service"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CryptSvc\: "Service"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Boot file system\: "Driver Group"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Boot Bus Extender\: "Driver Group"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Base\: "Driver Group"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\AppMgmt\: "Service"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}\: "Human Interface Devices"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}\: "Volume"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}\: "Floppy disk drive"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}\: "System"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}\: "SCSIAdapter"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}\: "PCMCIA Adapters"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\: "NetTrans"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\: "NetService"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}\: "NetClient"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\: "Net"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}\: "Mouse"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}\: "Keyboard"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}\: "Hdc"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}\: "Standard floppy disk controller"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}\: "DiskDrive"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}\: "CD-ROM Drive"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}\: "Universal Serial Bus controllers"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\WZCSVC\: "Service"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\WinMgmt\: "Service"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\vgasave.sys\: "Driver"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\vga.sys\: "Driver"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\termservice\: "Service"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\tdtcp.sys\: "Driver"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\tdpipe.sys\: "Driver"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\TDI\: "Driver Group"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\Tcpip\: "Service"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\System Bus Extender\: "Driver Group"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\Streams Drivers\: "Driver Group"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\SRService\: "Service"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\sr.sys\: "FSFilter System Recovery"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\SharedAccess\: "Service"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\sermouse.sys\: "Driver"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\SCSI Class\: "Driver Group"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\RpcSs\: "Service"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\rdsessmgr\: "Service"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\rdpwd.sys\: "Driver"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\rdpdd.sys\: "Driver"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\rdpcdd.sys\: "Driver"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\Primary disk\: "Driver Group"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\PNP_TDI\: "Driver Group"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\PNP Filter\: "Driver Group"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\PlugPlay\: "Service"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\PCI Configuration\: "Driver Group"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\NtLmSsp\: "Service"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\NetworkProvider\: "Driver Group"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\Network\: "Driver Group"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\NetMan\: "Service"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\Netlogon\: "Service"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\NetDDEGroup\: "Driver Group"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\NetBT\: "Service"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\NetBIOSGroup\: "Driver Group"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\NetBIOS\: "Service"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\Ndisuio\: "Service"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\NDIS Wrapper\: "Driver Group"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\NDIS\: "Driver Group"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\Messenger\: "Service"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\LmHosts\: "Service"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\LanmanWorkstation\: "Service"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\LanmanServer\: "Service"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\ipnat.sys\: "Driver"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\ip6fw.sys\: "Driver"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\HelpSvc\: "Service"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\Filter\: "Driver Group"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\File system\: "Driver Group"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\EventLog\: "Service"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\DnsCache\: "Service"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\dmserver\: "Service"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\dmload.sys\: "Driver"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\dmio.sys\: "Driver"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\dmboot.sys\: "Driver"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\dmadmin\: "Service"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\Dhcp\: "Service"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\DcomLaunch\: "Service"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\CryptSvc\: "Service"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\Browser\: "Service"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\Boot file system\: "Driver Group"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\Boot Bus Extender\: "Driver Group"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\Base\: "Driver Group"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\AppMgmt\: "Service"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\AFD\: "Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\AlternateShell: "cmd.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}\: "Human Interface Devices"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}\: "Volume"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}\: "Floppy disk drive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}\: "System"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}\: "SCSIAdapter"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}\: "PCMCIA Adapters"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}\: "Mouse"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}\: "Keyboard"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}\: "Hdc"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}\: "Standard floppy disk controller"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}\: "DiskDrive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}\: "CD-ROM Drive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}\: "Universal Serial Bus controllers"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt\: "Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys\: "Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys\: "Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender\: "Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService\: "Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys\: "FSFilter System Recovery"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys\: "Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class\: "Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs\: "Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk\: "Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter\: "Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay\: "Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration\: "Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon\: "Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc\: "Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter\: "Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system\: "Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog\: "Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver\: "Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys\: "Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys\: "Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys\: "Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin\: "Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch\: "Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc\: "Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system\: "Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender\: "Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base\: "Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt\: "Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}\: "Human Interface Devices"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}\: "Volume"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}\: "Floppy disk drive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}\: "System"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}\: "SCSIAdapter"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}\: "PCMCIA Adapters"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\: "NetTrans"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\: "NetService"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}\: "NetClient"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\: "Net"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}\: "Mouse"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}\: "Keyboard"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}\: "Hdc"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}\: "Standard floppy disk controller"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}\: "DiskDrive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}\: "CD-ROM Drive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}\: "Universal Serial Bus controllers"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WZCSVC\: "Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt\: "Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys\: "Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys\: "Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\termservice\: "Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys\: "Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys\: "Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI\: "Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip\: "Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender\: "Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers\: "Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SRService\: "Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sr.sys\: "FSFilter System Recovery"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess\: "Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys\: "Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class\: "Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs\: "Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr\: "Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys\: "Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys\: "Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys\: "Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk\: "Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI\: "Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter\: "Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay\: "Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration\: "Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp\: "Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider\: "Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network\: "Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan\: "Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon\: "Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup\: "Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT\: "Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup\: "Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS\: "Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio\: "Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper\: "Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS\: "Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger\: "Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts\: "Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation\: "Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer\: "Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys\: "Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys\: "Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc\: "Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter\: "Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system\: "Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog\: "Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache\: "Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmserver\: "Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmload.sys\: "Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmio.sys\: "Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys\: "Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmadmin\: "Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp\: "Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch\: "Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc\: "Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser\: "Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system\: "Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender\: "Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base\: "Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt\: "Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD\: "Service"

----------------------------------
Values added:130
----------------------------------
HKLM\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters\TrapPollTimeMilliSecs: 0x00003A98
HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{592EF604-1449-41AA-9D00-3A1F262B0400}\Connection\ShowIcon: 0x00000000
HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{592EF604-1449-41AA-9D00-3A1F262B0400}\Connection\IpCheckingEnabled: 0x00000001
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\0000\Control\*NewlyCreated*: 0x00000000
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\0000\Control\ActiveService: "Micorsoft Windows Service"
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\0000\Service: "Micorsoft Windows Service"
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\0000\Legacy: 0x00000001
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\0000\ConfigFlags: 0x00000000
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\0000\Class: "LegacyDriver"
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\0000\ClassGUID: "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\0000\DeviceDesc: "Micorsoft Windows Service"
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\NextInstance: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\EnableICMPRedirect: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\EnableSecurityFilters: 0x00000000
HKLM\SYSTEM\ControlSet001\Services\Micorsoft Windows Service\Enum\0: "Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\0000"
HKLM\SYSTEM\ControlSet001\Services\Micorsoft Windows Service\Enum\Count: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\Micorsoft Windows Service\Enum\NextInstance: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\Micorsoft Windows Service\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\SYSTEM\ControlSet001\Services\Micorsoft Windows Service\Type: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\Micorsoft Windows Service\Start: 0x00000004
HKLM\SYSTEM\ControlSet001\Services\Micorsoft Windows Service\ErrorControl: 0x00000000
HKLM\SYSTEM\ControlSet001\Services\Micorsoft Windows Service\ImagePath: "\??\C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\epvbgppd.sys"
HKLM\SYSTEM\ControlSet001\Services\Micorsoft Windows Service\DisplayName: "Micorsoft Windows Service"
HKLM\SYSTEM\ControlSet001\Services\Micorsoft Windows Service\DeleteFlag: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{592EF604-1449-41AA-9D00-3A1F262B0400}\Connection\ShowIcon: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{592EF604-1449-41AA-9D00-3A1F262B0400}\Connection\IpCheckingEnabled: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\0000\Control\*NewlyCreated*: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\0000\Control\ActiveService: "Micorsoft Windows Service"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\0000\Service: "Micorsoft Windows Service"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\0000\Legacy: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\0000\ConfigFlags: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\0000\Class: "LegacyDriver"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\0000\ClassGUID: "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\0000\DeviceDesc: "Micorsoft Windows Service"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\NextInstance: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableICMPRedirect: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableSecurityFilters: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service\Enum\0: "Root\LEGACY_MICORSOFT_WINDOWS_SERVICE\0000"
HKLM\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service\Enum\Count: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service\Enum\NextInstance: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service\Type: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service\Start: 0x00000004
HKLM\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service\ErrorControl: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service\ImagePath: "\??\C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\epvbgppd.sys"
HKLM\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service\DisplayName: "Micorsoft Windows Service"
HKLM\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service\DeleteFlag: 0x00000001
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\f: 52 00 65 00 73 00 48 00 61 00 63 00 6B 00 65 00 72 00 2E 00 65 00 78 00 65 00 00 00 43 00 3A 00 5C 00 64 00 6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 6F 00 73 00 5C 00 53 00 61 00 6D 00 70 00 6C 00 65 00 73 00 5C 00 52 00 61 00 6D 00 6E 00 69 00 74 00 20 00 52 00 6F 00 6F 00 74 00 6B 00 69 00 74 00 20 00 28 00 32 00 30 00 31 00 32 00 29 00 00 00
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\g: "C:\documentos\Samples\Ramnit Rootkit (2012)\Ramnit.exe"
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe\d: "C:\documentos\Samples\Ramnit Rootkit (2012)\Ramnit.exe"
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\b: "rundll32.exe C:\documentos\Samples\Flamer\advnetcfg.ocx,DDEnumCallback\1"
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\c: "rundll32.exe C:/documentos/Samples/Flamer/advnetcfg.ocx,DDEnumCallback\1"
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Jverfunex.yax: 01 00 00 00 07 00 00 00 20 77 F5 61 61 81 CD 01
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Nepuvibf qr cebtenzn\Jverfunex\jverfunex.rkr: 01 00 00 00 07 00 00 00 20 06 F3 61 61 81 CD 01
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\qbphzragbf\Fnzcyrf\Enzavg Ebbgxvg (2012)\Enzavg.rkr: 01 00 00 00 06 00 00 00 70 41 51 46 66 81 CD 01
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Run\WbuTgswq: "C:\Documents and Settings\Administrador\Configuración local\Datos de programa\oudhvpna\wbutgswq.exe"
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{7007ACC7-3202-11D1-AAD2-00805FC1270E} {10DF43C8-1DBE-11D3-8B34-006097DF5BD4} 0x401: 00 00 00 00 37 00 33 00 62 DB E8 BB 5E 81 CD 01
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{7007ACC7-3202-11D1-AAD2-00805FC1270E} {000214E6-0000-0000-C000-000000000046} 0x401: 01 00 00 00 37 00 33 00 6A 8A 18 BC 5E 81 CD 01
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\3: 5A 00 31 00 00 00 00 00 17 41 80 95 10 00 52 41 4D 4E 49 54 7E 31 00 00 42 00 03 00 04 00 EF BE 17 41 7D 95 17 41 80 95 14 00 00 00 52 00 61 00 6D 00 6E 00 69 00 74 00 20 00 52 00 6F 00 6F 00 74 00 6B 00 69 00 74 00 20 00 28 00 32 00 30 00 31 00 32 00 29 00 00 00 18 00 00 00
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\3\NodeSlot: 0x0000002A
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\3\MRUListEx: FF FF FF FF
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\0\0\1: 46 00 31 00 00 00 00 00 17 41 36 93 10 00 50 45 45 58 50 4C 7E 31 00 00 2E 00 03 00 04 00 EF BE 17 41 35 93 17 41 36 93 14 00 00 00 50 00 45 00 20 00 45 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 00 00 00 18 00 00 00
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\0\0\1\NodeSlot: 0x0000002B
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\0\0\1\MRUListEx: FF FF FF FF
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\17\Shell\MinPos800x600(1).x: 0xFFFFFFFF
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\17\Shell\MinPos800x600(1).y: 0xFFFFFFFF
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\17\Shell\MaxPos800x600(1).x: 0xFFFFFFFF
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\17\Shell\MaxPos800x600(1).y: 0xFFFFFFFF
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\17\Shell\WinPos800x600(1).left: 0x00000058
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\17\Shell\WinPos800x600(1).top: 0x00000074
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\17\Shell\WinPos800x600(1).right: 0x000002B0
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\17\Shell\WinPos800x600(1).bottom: 0x00000208
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\17\Shell\ScrollPos800x600(1).x: 0x00000000
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\17\Shell\ScrollPos800x600(1).y: 0x00000000
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\41\Shell\MinPos800x600(1).x: 0xFFFF8300
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\41\Shell\MinPos800x600(1).y: 0xFFFF8300
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\41\Shell\MaxPos800x600(1).x: 0xFFFFFFFF
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\41\Shell\MaxPos800x600(1).y: 0xFFFFFFFF
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\41\Shell\WinPos800x600(1).left: 0x00000000
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\41\Shell\WinPos800x600(1).top: 0x00000000
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\41\Shell\WinPos800x600(1).right: 0x00000320
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\41\Shell\WinPos800x600(1).bottom: 0x0000023A
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\41\Shell\Rev: 0x00000000
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\41\Shell\WFlags: 0x00000002
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\41\Shell\ShowCmd: 0x00000003
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\41\Shell\FFlags: 0x00000001
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\41\Shell\HotKey: 0x00000000
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\41\Shell\Buttons: 0xFFFFFFFF
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\41\Shell\Links: 0x00000000
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\41\Shell\Address: 0xFFFFFFFF
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\41\Shell\Vid: "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}"
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\41\Shell\Mode: 0x00000006
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\41\Shell\ScrollPos800x600(1).x: 0x00000000
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\41\Shell\ScrollPos800x600(1).y: 0x00000000
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\41\Shell\Sort: 0x00000000
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\41\Shell\SortDir: 0x00000001
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\41\Shell\Col: 0xFFFFFFFF
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\41\Shell\ColInfo: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FD DF DF FD 0F 00 06 00 28 00 10 00 34 00 48 00 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 04 00 00 00 05 00 00 00 B4 00 60 00 78 00 78 00 B4 00 B4 00 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\5\Shell\ItemPos800x600(1): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 4E 00 31 00 00 00 00 00 17 41 E0 91 10 00 50 52 4F 43 45 53 7E 31 00 00 36 00 03 00 04 00 EF BE 17 41 E0 91 17 41 E0 91 14 00 00 00 50 00 72 00 6F 00 63 00 65 00 73 00 73 00 45 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 00 00 00 18 00 DC 00 00 00 02 00 00 00 8A 00 31 00 00 00 00 00 17 41 60 91 10 00 56 35 5F 52 45 47 7E 31 2E 33 5F 42 00 00 6E 00 03 00 04 00 EF BE 17 41 60 91 17 41 60 91 14 00 00 00 76 00 35 00 5F 00 72 00 65 00 67 00 73 00 68 00 6F 00 74 00 5F 00 31 00 2E 00 38 00 2E 00 33 00 5F 00 62 00 65 00 74 00 61 00 31 00 5F 00 77 00 69 00 6E 00 33 00 32 00 5F 00 78 00 36 00 34 00 5F 00 73 00 72 00 63 00 5F 00 62 00 69 00 6E 00 5F 00 76 00 35 00 00 00 1C 00 02 00 00 00 3A 00 00 00 4C 00 32 00 B1 77 09 00 79 3E CF AD 20 00 41 75 74 6F 72 75 6E 73 2E 7A 69 70 00 00 30 00 03 00 04 00 EF BE E6 40 4E 7D 0D 41 50 1E 14 00 00 00 41 00 75 00 74 00 6F 00 72 00 75 00 6E 00 73 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 DC 00 00 00 3A 00 00 00 96 00 32 00 EB E9 07 00 79 3E 29 AE 20 00 42 49 4E 5F 4C 4F 7E 31 2E 5A 49 50 00 00 7A 00 03 00 04 00 EF BE E6 40 4E 7D 0D 41 65 22 14 00 00 00 42 00 69 00 6E 00 5F 00 4C 00 6F 00 72 00 64 00 50 00 45 00 5F 00 32 00 30 00 31 00 30 00 2D 00 36 00 2D 00 32 00 39 00 5F 00 33 00 2E 00 39 00 5F 00 4C 00 6F 00 72 00 64 00 50 00 45 00 5F 00 31 00 2E 00 34 00 31 00 5F 00 44 00 65 00 6C 00 75 00 78 00 65 00 5F 00 62 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 02 00 00 00 72 00 00 00 50 00 32 00 B9 40 00 00 E6 40 BD 7E 20 00 42 49 4E 54 45 58 7E 31 2E 5A 49 50 00 00 34 00 03 00 04 00 EF BE E6 40 2F 7F 0D 41 3D 1F 14 00 00 00 62 00 69 00 6E 00 74 00 65 00 78 00 74 00 33 00 30 00 33 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 DC 00 00 00 72 00 00 00 6A 00 32 00 92 E9 29 00 79 3E F8 AC 20 00 42 55 53 54 45 52 7E 31 2E 52 41 52 00 00 4E 00 03 00 04 00 EF BE E6 40 4E 7D 0D 41 0A 20 14 00 00 00 42 00 75 00 73 00 74 00 65 00 72 00 20 00 53 00 61 00 6E 00 64 00 62 00 6F 00 78 00 20 00 41 00 6E 00 61 00 6C 00 79 00 7A 00 65 00 72 00 2E 00 72 00 61 00 72 00 00 00 1C 00 02 00 00 00 AA 00 00 00 72 00 32 00 0D 03 07 00 E4 40 A1 25 20 00 43 41 50 54 55 52 7E 31 2E 45 58 45 00 00 56 00 03 00 04 00 EF BE E6 40 4E 7D 17 41 5B 91 14 00 00 00 43 00 61 00 70 00 74 00 75 00 72 00 65 00 42 00 41 00 54 00 2D 00 53 00 65 00 74 00 75 00 70 00 2D 00 32 00 2E 00 30 00 2E 00 30 00 2D 00 35 00 35 00 37 00 34 00 2E 00 65 00 78 00 65 00 00 00 1C 00 DC 00 00 00 AA 00 00 00 42 00 32 00 F3 E1 00 00 E6 40 2E 7E 20 00 66 70 6F 72 74 2E 7A 69 70 00 2A 00 03 00 04 00 EF BE E6 40 3A 7E E6 40 3A 7E 14 00 00 00 66 00 70 00 6F 00 72 00 74 00 2E 00 7A 00 69 00 70 00 00 00 18 00 02 00 00 00 E2 00 00 00 5A 00 32 00 28 15 3A 00 E6 40 F9 23 20 00 48 4F 4F 4B 41 4E 7E 31 2E 5A 49 50 00 00 3E 00 03 00 04 00 EF BE E6 40 4E 7D 0D 41 7D 1F 14 00 00 00 48 00 6F 00 6F 00 6B 00 41 00 6E 00 61 00 6C 00 79 00 73 00 65 00 72 00 32 00 2E 00 30 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 DC 00 00 00 E2 00 00 00 52 00 32 00 1C DB 06 00 55 37 18 35 20 00 4C 50 45 2D 44 4C 7E 31 2E 5A 49 50 00 00 36 00 03 00 04 00 EF BE 0D 41 73 22 0D 41 75 22 14 00 00 00 4C 00 50 00 45 00 2D 00 44 00 4C 00 58 00 5F 00 31 00 2E 00 34 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 DC 00 00 00 1A 01 00 00 5E 00 32 00 41 3C 01 00 55 37 1A 35 20 00 4C 50 45 2D 44 4C 7E 32 2E 5A 49 50 00 00 42 00 03 00 04 00 EF BE 0D 41 73 22 0D 41 73 22 14 00 00 00 4C 00 50 00 45 00 2D 00 44 00 4C 00 58 00 62 00 5F 00 31 00 2E 00 34 00 31 00 5F 00 55 00 50 00 44 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 02 00 00 00 52 01 00 00 64 00 32 00 CD 0B 3C 00 E6 40 8A 24 20 00 4D 41 4C 57 41 52 7E 31 2E 5A 49 50 00 00 48 00 03 00 04 00 EF BE E6 40 4E 7D 0D 41 96 22 14 00 00 00 6D 00 61 00 6C 00 77 00 61 00 72 00 65 00 5F 00 61 00 6E 00 61 00 6C 00 79 00 73 00 65 00 72 00 2D 00 33 00 2E 00 33 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 DC 00 00 00 52 01 00 00 52 00 32 00 71 2E 07 00 E6 40 A3 1B 20 00 4F 53 50 59 2D 31 7E 31 2E 5A 49 50 00 00 36 00 03 00 04 00 EF BE E6 40 4F 7D 0D 41 FD 1E 14 00 00 00 6F 00 53 00 70 00 79 00 2D 00 31 00 2E 00 31 00 30 00 2E 00 34 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 02 00 00 00 8A 01 00 00 5A 00 32 00 E3 78 11 00 E4 40 13 26 20 00 50 52 4F 43 45 53 7E 31 2E 5A 49 50 00 00 3E 00 03 00 04 00 EF BE E6 40 4F 7D 17 41 DD 91 14 00 00 00 50 00 72 00 6F 00 63 00 65 00 73 00 73 00 45 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 DC 00 00 00 8A 01 00 00 6C 00 32 00 99 F0 1A 00 E4 40 40 26 20 00 50 52 4F 43 45 53 7E 31 2E 45 58 45 00 00 50 00 03 00 04 00 EF BE E6 40 4F 7D 17 41 5B 91 14 00 00 00 70 00 72 00 6F 00 63 00 65 00 73 00 73 00 68 00 61 00 63 00 6B 00 65 00 72 00 2D 00 32 00 2E 00 32 00 37 00 2D 00 73 00 65 00 74 00 75 00 70 00 2E 00 65 00 78 00 65 00 00 00 1C 00 02 00 00 00 C2 01 00 00 58 00 32 00 00 D3 10 00 E4 40 7C 25 20 00 50 52 4F 43 45 53 7E 32 2E 5A 49 50 00 00 3C 00 03 00 04 00 EF BE E6 40 4F 7D 0D 41 1A 1F 14 00 00 00 50 00 72 00 6F 00 63 00 65 00 73 00 73 00 4D 00 6F 00 6E 00 69 00 74 00 6F 00 72 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 DC 00 00 00 C2 01 00 00 5A 00 32 00 D6 6A 0B 00 E6 40 48 77 20 00 52 45 53 4F 55 52 7E 31 2E 45 58 45 00 00 3E 00 03 00 04 00 EF BE E6 40 4F 7D 17 41 5B 91 14 00 00 00 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 20 00 48 00 61 00 63 00 6B 00 65 00 72 00 2E 00 65 00 78 00 65 00 00 00 1C 00 02 00 00 00 FA 01 00 00 48 00 32 00 16 73 04 00 E6 40 D2 1B 20 00 54 43 50 56 69 65 77 2E 7A 69 70 00 2E 00 03 00 04 00 EF BE E6 40 4F 7D 0D 41 29 20 14 00 00 00 54 00 43 00 50 00 56 00 69 00 65 00 77 00 2E 00 7A 00 69 00 70 00 00 00 1A 00 DC 00 00 00 FA 01 00 00 92 00 32 00 D5 D5 03 00 E4 40 8D 26 20 00 56 35 5F 52 45 47 7E 31 2E 5A 49 50 00 00 76 00 03 00 04 00 EF BE E6 40 4F 7D 17 41 5D 91 14 00 00 00 76 00 35 00 5F 00 72 00 65 00 67 00 73 00 68 00 6F 00 74 00 5F 00 31 00 2E 00 38 00 2E 00 33 00 5F 00 62 00 65 00 74 00 61 00 31 00 5F 00 77 00 69 00 6E 00 33 00 32 00 5F 00 78 00 36 00 34 00 5F 00 73 00 72 00 63 00 5F 00 62 00 69 00 6E 00 5F 00 76 00 35 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 02 00 00 00 1A 01 00 00 5E 00 32 00 38 31 3A 00 17 41 18 93 20 00 50 45 45 58 50 4C 7E 31 2E 45 58 45 00 00 42 00 03 00 04 00 EF BE 17 41 27 93 17 41 27 93 14 00 00 00 50 00 45 00 2E 00 45 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 00 5F 00 73 00 65 00 74 00 75 00 70 00 2E 00 65 00 78 00 65 00 00 00 1C 00 02 00 00 00 1A 01 00 00 00 00 00 00
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\42\Shell\FolderType: "Documents"
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\43\Shell\FolderType: "Documents"
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\SHELL32.dll,-32517: "Barra de tareas y menú Inicio"
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\SHELL32.dll,-22985: "Opciones de carpeta"
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\SHELL32.dll,-22981: "Fuentes"
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\SHELL32.dll,-22982: "Herramientas administrativas"
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\mstask.dll,-3408: "Tareas programadas"
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\wiashext.dll,-331: "Escáneres y cámaras"
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\netshell.dll,-1201: "Se conecta a otros equipos, redes e Internet."
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\@netshell.dll,-1501: "Tareas de red"
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\@netshell.dll,-1585: "Crear una conexión nueva"
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\@netshell.dll,-1520: "Configurar una red doméstica o para pequeña oficina"
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\@xpsp2res.dll,-150: "Cambiar configuración de Firewall de Windows"
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\@netshell.dll,-1503: "Vea también"
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\@netshell.dll,-1525: "Solucionador de problemas de red"
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\@netshell.dll,-1570: "Deshabilitar este dispositivo de red"
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\@netshell.dll,-1540: "Reparar esta conexión"
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\@netshell.dll,-1550: "Cambiar el nombre de esta conexión"
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\@netshell.dll,-1555: "Ver el estado de este conexión"
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\@netshell.dll,-1575: "Cambiar la configuración de esta conexión"
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\@netcfgx.dll,-50002: "Permite a su equipo tener acceso a los recursos de una red Microsoft."
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\@netcfgx.dll,-50003: "Permite a otros equipos tener acceso a los recursos de su equipo utilizando una red Microsoft."
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\@netcfgx.dll,-50015: "Programador de paquetes de calidad de servicio. Este componente ofrece control del tráfico de la red, incluidos servicios de índice de flujo y prioritarización."
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\@netcfgx.dll,-50001: "Protocolo TCP/IP. El protocolo de red de área extensa predeterminado que permite la comunicación entre varias redes conectadas entre sí."
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Archivos de programa\Wireshark\wireshark.exe: "Wireshark"
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-31375: "Hace que la carpeta seleccionada esté disponible para otros equipos en la red de manera que otras personas puedan verla."
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-31237: "Crea una nueva carpeta vacía en la carpeta que ha abierto."
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\documentos\Samples\Ramnit Rootkit (2012)\Ramnit.exe: "Ramnit"
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\ogsoiuvwubyfekkt.exe: "ogsoiuvwubyfekkt"
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\system32\taskmgr.exe: "Administrador de tareas de Windows"
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\system32\cmd.exe: "Procesador de comandos de Windows"

----------------------------------
Values modified:77
----------------------------------
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: A3 18 95 BC AA AB 41 E7 9C E6 05 C9 E2 40 CC 0D AD 77 D5 A9 DC F6 A1 EA 84 EA 1F 0F 86 17 25 6B 73 EC 2C C4 CF 25 D3 4B 5D CD 90 D4 06 15 E7 D6 64 28 F8 75 B4 13 F9 D5 18 9A 13 09 32 14 8C 6D F5 19 EB 8F E3 96 B5 BD 79 30 99 04 C9 21 16 7B
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: FA 00 67 5D 3B 26 9E 3C D5 50 11 CC 7D 3E 35 FD 7B FA 6D 54 CB 3B 48 A4 1E 71 AA F8 26 9A CB D4 FC 67 86 BF A7 8F 89 A8 1A 80 71 FE 3D 6B 13 23 08 D4 B5 E0 8C 13 7F C2 AA F4 66 3A 6C 07 6E 5A F3 69 06 89 52 A2 1F 5B AD 02 8E 4F 72 25 7C BD
HKLM\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction\LcnStartLocation: 36 35 35 32 32 38 33 00 00 00 00 00 00 00 3F 20 3F 61 01 00 00 00 3F 65 3F 00 3F 41 33 00 3F 61 3F 61 3F FD 3F 18 07 00 3F 3F 3F FD 00 14 3F FD 3F 61 3F 41 00 00 00 00 3F 01 3F 3F 00 14 3F FD 3F 3F 3F 3F 3F 14 48 CC 3D 3F 3D 3F 3F FD 3F 3F 3F 3F 00 00 32 3F 08 00 48 CC 48 CC 3F FD 3F 19 3F FD 58 75
HKLM\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction\LcnStartLocation: 36 36 34 34 39 31 36 00 00 00 00 00 00 00 3F 55 3F 61 01 00 00 00 3F 66 3F 00 3F 41 33 00 3F 61 3F 61 3F FD 3F 18 3F 00 3F 3F 3F FD 00 14 3F FD 3F 61 3F 41 00 00 00 00 3F 01 3F 3F 00 14 3F FD 3F 3F 3F 3F 3F 14 48 CC 3D 3F 3D 3F 3F FD 3F 3F 3F 3F 00 00 32 3F 3F 00 48 CC 48 CC 3F FD 3F 19 3F FD 00 00
HKLM\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction\LcnEndLocation: 36 36 32 36 34 36 31 00 00 00 00 00 00 00 3F 20 3F 61 01 00 00 00 3F 65 3F 00 3F 41 33 00 3F 61 3F 61 3F FD 3F 18 07 00 3F 3F 3F FD 00 14 3F FD 3F 61 3F 41 00 00 00 00 3F 01 3F 3F 00 14 3F FD 3F 3F 3F 3F 3F 14 48 CC 3D 3F 3D 3F 3F FD 3F 3F 3F 3F 00 00 32 3F 08 00 48 CC 48 CC 3F FD 3F 19 3F FD 58 75
HKLM\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction\LcnEndLocation: 36 37 33 33 37 36 33 00 00 00 00 00 00 00 3F 55 3F 61 01 00 00 00 3F 66 3F 00 3F 41 33 00 3F 61 3F 61 3F FD 3F 18 3F 00 3F 3F 3F FD 00 14 3F FD 3F 61 3F 41 00 00 00 00 3F 01 3F 3F 00 14 3F FD 3F 3F 3F 3F 3F 14 48 CC 3D 3F 3D 3F 3F FD 3F 3F 3F 3F 00 00 32 3F 3F 00 48 CC 48 CC 3F FD 3F 19 3F FD 00 00
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-73586283-616249376-1177238915-500\Extension-List\{00000000-0000-0000-0000-000000000000}\StartTimeLo: 0x1E2D2D6C
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-73586283-616249376-1177238915-500\Extension-List\{00000000-0000-0000-0000-000000000000}\StartTimeLo: 0x7C1C687A
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-73586283-616249376-1177238915-500\Extension-List\{00000000-0000-0000-0000-000000000000}\StartTimeHi: 0x01CD8157
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-73586283-616249376-1177238915-500\Extension-List\{00000000-0000-0000-0000-000000000000}\StartTimeHi: 0x01CD8166
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-73586283-616249376-1177238915-500\Extension-List\{00000000-0000-0000-0000-000000000000}\EndTimeLo: 0x1E31F220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-73586283-616249376-1177238915-500\Extension-List\{00000000-0000-0000-0000-000000000000}\EndTimeLo: 0x7C1C687A
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-73586283-616249376-1177238915-500\Extension-List\{00000000-0000-0000-0000-000000000000}\EndTimeHi: 0x01CD8157
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-73586283-616249376-1177238915-500\Extension-List\{00000000-0000-0000-0000-000000000000}\EndTimeHi: 0x01CD8166
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesProcessed: 0x0000004D
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesProcessed: 0x00000060
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesSuccessful: 0x0000001A
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesSuccessful: 0x0000001D
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\LastDiskLayoutTime: 98 6B EF 01 E1 78 CD 01
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\LastDiskLayoutTime: 7A C6 65 9B 63 81 CD 01
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\LastDiskLayoutTimeString: "2012/08/12-18:20:05"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\LastDiskLayoutTimeString: "2012/08/23-14:15:07"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: "C:\WINDOWS\system32\userinit.exe,"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: "C:\WINDOWS\system32\userinit.exe,,C:\Documents and Settings\Administrador\Configuración local\Datos de programa\oudhvpna\wbutgswq.exe"
HKLM\SYSTEM\ControlSet001\Control\Session Manager\PendingFileRenameOperations: 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 34 37 63 65 38 64 33 31 5C 43 46 46 20 45 78 70 6C 6F 72 65 72 53 75 69 74 65 2E 65 78 65 00 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 34 37 63 65 38 64 33 31 5C 43 6F 6D 62 6F 46 69 78 2E 65 78 65 00 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 34 37 63 65 38 64 33 31 5C 44 65 70 65 6E 64 65 6E 63 79 20 57 61 6C 6B 65 72 5F 32 32 5F 78 38 36 2E 7A 69 70 00 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 34 37 63 65 38 64 33 31 5C 48 69 6A 61 63 6B 54 68 69 73 2E 6D 73 69 2E 74 78 74 00 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 34 37 63 65 38 64 33 31 5C 4B 65 72 6E 65 6C 20 44 65 74 65 63 74 69 76 65 20 76 31 2E 34 2E 31 2E 72 61 72 00 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 34 37 63 65 38 64 33 31 5C 00 00 5C 3F 3F 5C 43 3A 5C 51 6F 6F 62 6F 78 5C 51 75 61 72 61 6E 74 69 6E 65 5C 43 5C 4D 6F 76 65 45 78 5F 74 65 73 74 30 31 32 33 2E 76 69 72 00 00 5C 3F 3F 5C 43 3A 5C 74 65 73 74 30 31 32 33 00 5C 3F 3F 5C 43 3A 5C 51 6F 6F 62 6F 78 5C 51 75 61 72 61 6E 74 69 6E 65 5C 43 5C 4D 6F 76 65 45 78 5F 74 65 73 74 30 31 32 33 2E 76 69 72 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 35 32 36 37 62 65 33 30 5C 46 6C 61 6D 65 72 20 77 6F 72 6D 2E 7A 69 70 00 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 35 32 36 37 62 65 33 30 5C 00 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 35 30 36 34 62 38 31 63 5C 46 6C 61 6D 65 72 20 77 6F 72 6D 20 32 2E 7A 69 70 00 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 35 30 36 34 62 38 31 63 5C 00 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 35 38 36 65 61 30 39 65 5C 50 45 2E 45 78 70 6C 6F 72 65 72 5F 73 65 74 75 70 2E 65 78 65 00 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 35 38 36 65 61 30 39 65 5C 00 00 00
HKLM\SYSTEM\ControlSet001\Control\Session Manager\PendingFileRenameOperations: 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 34 37 63 65 38 64 33 31 5C 43 46 46 20 45 78 70 6C 6F 72 65 72 53 75 69 74 65 2E 65 78 65 00 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 34 37 63 65 38 64 33 31 5C 43 6F 6D 62 6F 46 69 78 2E 65 78 65 00 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 34 37 63 65 38 64 33 31 5C 44 65 70 65 6E 64 65 6E 63 79 20 57 61 6C 6B 65 72 5F 32 32 5F 78 38 36 2E 7A 69 70 00 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 34 37 63 65 38 64 33 31 5C 48 69 6A 61 63 6B 54 68 69 73 2E 6D 73 69 2E 74 78 74 00 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 34 37 63 65 38 64 33 31 5C 4B 65 72 6E 65 6C 20 44 65 74 65 63 74 69 76 65 20 76 31 2E 34 2E 31 2E 72 61 72 00 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 34 37 63 65 38 64 33 31 5C 00 00 5C 3F 3F 5C 43 3A 5C 51 6F 6F 62 6F 78 5C 51 75 61 72 61 6E 74 69 6E 65 5C 43 5C 4D 6F 76 65 45 78 5F 74 65 73 74 30 31 32 33 2E 76 69 72 00 00 5C 3F 3F 5C 43 3A 5C 74 65 73 74 30 31 32 33 00 5C 3F 3F 5C 43 3A 5C 51 6F 6F 62 6F 78 5C 51 75 61 72 61 6E 74 69 6E 65 5C 43 5C 4D 6F 76 65 45 78 5F 74 65 73 74 30 31 32 33 2E 76 69 72 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 35 32 36 37 62 65 33 30 5C 46 6C 61 6D 65 72 20 77 6F 72 6D 2E 7A 69 70 00 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 35 32 36 37 62 65 33 30 5C 00 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 35 30 36 34 62 38 31 63 5C 46 6C 61 6D 65 72 20 77 6F 72 6D 20 32 2E 7A 69 70 00 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 35 30 36 34 62 38 31 63 5C 00 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 35 38 36 65 61 30 39 65 5C 50 45 2E 45 78 70 6C 6F 72 65 72 5F 73 65 74 75 70 2E 65 78 65 00 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 35 38 36 65 61 30 39 65 5C 00 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 63 39 36 37 31 62 63 37 5C 52 61 6D 6E 69 74 20 52 6F 6F 74 6B 69 74 20 28 32 30 31 32 29 2E 7A 69 70 00 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 63 39 36 37 31 62 63 37 5C 00 00 00
HKLM\SYSTEM\ControlSet001\Services\Dhcp\Parameters\{592EF604-1449-41AA-9D00-3A1F262B0400}: 06 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 5D 7F 36 50 C0 A8 E0 01 0F 00 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 5D 7F 36 50 6C 6F 63 61 6C 64 6F 6D 61 69 6E 00 01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 5D 7F 36 50 FF FF FF 00 33 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 5D 7F 36 50 00 00 07 08 36 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 5D 7F 36 50 C0 A8 E0 FE 35 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 5D 7F 36 50 05 00 00 00
HKLM\SYSTEM\ControlSet001\Services\Dhcp\Parameters\{592EF604-1449-41AA-9D00-3A1F262B0400}: 06 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 B3 8A 36 50 C0 A8 E0 01 0F 00 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 B3 8A 36 50 6C 6F 63 61 6C 64 6F 6D 61 69 6E 00 01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 B3 8A 36 50 FF FF FF 00 33 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 B3 8A 36 50 00 00 07 08 36 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 B3 8A 36 50 C0 A8 E0 FE 35 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 B3 8A 36 50 05 00 00 00
HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Epoch\Epoch: 0x00000034
HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Epoch\Epoch: 0x00000038
HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{592EF604-1449-41AA-9D00-3A1F262B0400}\NameServer: ""
HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{592EF604-1449-41AA-9D00-3A1F262B0400}\NameServer: "192.168.224.129"
HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{592EF604-1449-41AA-9D00-3A1F262B0400}\LeaseObtainedTime: 0x50367855
HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{592EF604-1449-41AA-9D00-3A1F262B0400}\LeaseObtainedTime: 0x503683AB
HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{592EF604-1449-41AA-9D00-3A1F262B0400}\T1: 0x50367BD9
HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{592EF604-1449-41AA-9D00-3A1F262B0400}\T1: 0x5036872F
HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{592EF604-1449-41AA-9D00-3A1F262B0400}\T2: 0x50367E7C
HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{592EF604-1449-41AA-9D00-3A1F262B0400}\T2: 0x503689D2
HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{592EF604-1449-41AA-9D00-3A1F262B0400}\LeaseTerminatesTime: 0x50367F5D
HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{592EF604-1449-41AA-9D00-3A1F262B0400}\LeaseTerminatesTime: 0x50368AB3
HKLM\SYSTEM\ControlSet001\Services\{592EF604-1449-41AA-9D00-3A1F262B0400}\Parameters\Tcpip\LeaseObtainedTime: 0x50367855
HKLM\SYSTEM\ControlSet001\Services\{592EF604-1449-41AA-9D00-3A1F262B0400}\Parameters\Tcpip\LeaseObtainedTime: 0x503683AB
HKLM\SYSTEM\ControlSet001\Services\{592EF604-1449-41AA-9D00-3A1F262B0400}\Parameters\Tcpip\T1: 0x50367BD9
HKLM\SYSTEM\ControlSet001\Services\{592EF604-1449-41AA-9D00-3A1F262B0400}\Parameters\Tcpip\T1: 0x5036872F
HKLM\SYSTEM\ControlSet001\Services\{592EF604-1449-41AA-9D00-3A1F262B0400}\Parameters\Tcpip\T2: 0x50367E7C
HKLM\SYSTEM\ControlSet001\Services\{592EF604-1449-41AA-9D00-3A1F262B0400}\Parameters\Tcpip\T2: 0x503689D2
HKLM\SYSTEM\ControlSet001\Services\{592EF604-1449-41AA-9D00-3A1F262B0400}\Parameters\Tcpip\LeaseTerminatesTime: 0x50367F5D
HKLM\SYSTEM\ControlSet001\Services\{592EF604-1449-41AA-9D00-3A1F262B0400}\Parameters\Tcpip\LeaseTerminatesTime: 0x50368AB3
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations: 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 34 37 63 65 38 64 33 31 5C 43 46 46 20 45 78 70 6C 6F 72 65 72 53 75 69 74 65 2E 65 78 65 00 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 34 37 63 65 38 64 33 31 5C 43 6F 6D 62 6F 46 69 78 2E 65 78 65 00 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 34 37 63 65 38 64 33 31 5C 44 65 70 65 6E 64 65 6E 63 79 20 57 61 6C 6B 65 72 5F 32 32 5F 78 38 36 2E 7A 69 70 00 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 34 37 63 65 38 64 33 31 5C 48 69 6A 61 63 6B 54 68 69 73 2E 6D 73 69 2E 74 78 74 00 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 34 37 63 65 38 64 33 31 5C 4B 65 72 6E 65 6C 20 44 65 74 65 63 74 69 76 65 20 76 31 2E 34 2E 31 2E 72 61 72 00 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 34 37 63 65 38 64 33 31 5C 00 00 5C 3F 3F 5C 43 3A 5C 51 6F 6F 62 6F 78 5C 51 75 61 72 61 6E 74 69 6E 65 5C 43 5C 4D 6F 76 65 45 78 5F 74 65 73 74 30 31 32 33 2E 76 69 72 00 00 5C 3F 3F 5C 43 3A 5C 74 65 73 74 30 31 32 33 00 5C 3F 3F 5C 43 3A 5C 51 6F 6F 62 6F 78 5C 51 75 61 72 61 6E 74 69 6E 65 5C 43 5C 4D 6F 76 65 45 78 5F 74 65 73 74 30 31 32 33 2E 76 69 72 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 35 32 36 37 62 65 33 30 5C 46 6C 61 6D 65 72 20 77 6F 72 6D 2E 7A 69 70 00 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 35 32 36 37 62 65 33 30 5C 00 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 35 30 36 34 62 38 31 63 5C 46 6C 61 6D 65 72 20 77 6F 72 6D 20 32 2E 7A 69 70 00 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 35 30 36 34 62 38 31 63 5C 00 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 35 38 36 65 61 30 39 65 5C 50 45 2E 45 78 70 6C 6F 72 65 72 5F 73 65 74 75 70 2E 65 78 65 00 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 35 38 36 65 61 30 39 65 5C 00 00 00
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations: 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 34 37 63 65 38 64 33 31 5C 43 46 46 20 45 78 70 6C 6F 72 65 72 53 75 69 74 65 2E 65 78 65 00 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 34 37 63 65 38 64 33 31 5C 43 6F 6D 62 6F 46 69 78 2E 65 78 65 00 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 34 37 63 65 38 64 33 31 5C 44 65 70 65 6E 64 65 6E 63 79 20 57 61 6C 6B 65 72 5F 32 32 5F 78 38 36 2E 7A 69 70 00 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 34 37 63 65 38 64 33 31 5C 48 69 6A 61 63 6B 54 68 69 73 2E 6D 73 69 2E 74 78 74 00 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 34 37 63 65 38 64 33 31 5C 4B 65 72 6E 65 6C 20 44 65 74 65 63 74 69 76 65 20 76 31 2E 34 2E 31 2E 72 61 72 00 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 34 37 63 65 38 64 33 31 5C 00 00 5C 3F 3F 5C 43 3A 5C 51 6F 6F 62 6F 78 5C 51 75 61 72 61 6E 74 69 6E 65 5C 43 5C 4D 6F 76 65 45 78 5F 74 65 73 74 30 31 32 33 2E 76 69 72 00 00 5C 3F 3F 5C 43 3A 5C 74 65 73 74 30 31 32 33 00 5C 3F 3F 5C 43 3A 5C 51 6F 6F 62 6F 78 5C 51 75 61 72 61 6E 74 69 6E 65 5C 43 5C 4D 6F 76 65 45 78 5F 74 65 73 74 30 31 32 33 2E 76 69 72 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 35 32 36 37 62 65 33 30 5C 46 6C 61 6D 65 72 20 77 6F 72 6D 2E 7A 69 70 00 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 35 32 36 37 62 65 33 30 5C 00 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 35 30 36 34 62 38 31 63 5C 46 6C 61 6D 65 72 20 77 6F 72 6D 20 32 2E 7A 69 70 00 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 35 30 36 34 62 38 31 63 5C 00 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 35 38 36 65 61 30 39 65 5C 50 45 2E 45 78 70 6C 6F 72 65 72 5F 73 65 74 75 70 2E 65 78 65 00 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 35 38 36 65 61 30 39 65 5C 00 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 63 39 36 37 31 62 63 37 5C 52 61 6D 6E 69 74 20 52 6F 6F 74 6B 69 74 20 28 32 30 31 32 29 2E 7A 69 70 00 00 5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 43 4F 4E 46 49 47 7E 31 5C 54 65 6D 70 5C 56 4D 77 61 72 65 44 6E 44 5C 63 39 36 37 31 62 63 37 5C 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\{592EF604-1449-41AA-9D00-3A1F262B0400}: 06 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 5D 7F 36 50 C0 A8 E0 01 0F 00 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 5D 7F 36 50 6C 6F 63 61 6C 64 6F 6D 61 69 6E 00 01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 5D 7F 36 50 FF FF FF 00 33 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 5D 7F 36 50 00 00 07 08 36 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 5D 7F 36 50 C0 A8 E0 FE 35 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 5D 7F 36 50 05 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\{592EF604-1449-41AA-9D00-3A1F262B0400}: 06 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 B3 8A 36 50 C0 A8 E0 01 0F 00 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 B3 8A 36 50 6C 6F 63 61 6C 64 6F 6D 61 69 6E 00 01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 B3 8A 36 50 FF FF FF 00 33 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 B3 8A 36 50 00 00 07 08 36 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 B3 8A 36 50 C0 A8 E0 FE 35 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 B3 8A 36 50 05 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\Epoch: 0x00000034
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\Epoch: 0x00000038
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{592EF604-1449-41AA-9D00-3A1F262B0400}\NameServer: ""
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{592EF604-1449-41AA-9D00-3A1F262B0400}\NameServer: "192.168.224.129"
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{592EF604-1449-41AA-9D00-3A1F262B0400}\LeaseObtainedTime: 0x50367855
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{592EF604-1449-41AA-9D00-3A1F262B0400}\LeaseObtainedTime: 0x503683AB
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{592EF604-1449-41AA-9D00-3A1F262B0400}\T1: 0x50367BD9
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{592EF604-1449-41AA-9D00-3A1F262B0400}\T1: 0x5036872F
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{592EF604-1449-41AA-9D00-3A1F262B0400}\T2: 0x50367E7C
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{592EF604-1449-41AA-9D00-3A1F262B0400}\T2: 0x503689D2
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{592EF604-1449-41AA-9D00-3A1F262B0400}\LeaseTerminatesTime: 0x50367F5D
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{592EF604-1449-41AA-9D00-3A1F262B0400}\LeaseTerminatesTime: 0x50368AB3
HKLM\SYSTEM\CurrentControlSet\Services\{592EF604-1449-41AA-9D00-3A1F262B0400}\Parameters\Tcpip\LeaseObtainedTime: 0x50367855
HKLM\SYSTEM\CurrentControlSet\Services\{592EF604-1449-41AA-9D00-3A1F262B0400}\Parameters\Tcpip\LeaseObtainedTime: 0x503683AB
HKLM\SYSTEM\CurrentControlSet\Services\{592EF604-1449-41AA-9D00-3A1F262B0400}\Parameters\Tcpip\T1: 0x50367BD9
HKLM\SYSTEM\CurrentControlSet\Services\{592EF604-1449-41AA-9D00-3A1F262B0400}\Parameters\Tcpip\T1: 0x5036872F
HKLM\SYSTEM\CurrentControlSet\Services\{592EF604-1449-41AA-9D00-3A1F262B0400}\Parameters\Tcpip\T2: 0x50367E7C
HKLM\SYSTEM\CurrentControlSet\Services\{592EF604-1449-41AA-9D00-3A1F262B0400}\Parameters\Tcpip\T2: 0x503689D2
HKLM\SYSTEM\CurrentControlSet\Services\{592EF604-1449-41AA-9D00-3A1F262B0400}\Parameters\Tcpip\LeaseTerminatesTime: 0x50367F5D
HKLM\SYSTEM\CurrentControlSet\Services\{592EF604-1449-41AA-9D00-3A1F262B0400}\Parameters\Tcpip\LeaseTerminatesTime: 0x50368AB3
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Heaventools\PE Explorer 1.0\Customize\Customize: 00 00 00 00 01 00 00 00 06 00 00 00 01 00 00 00 80 61 93 31 01 00 00 00 92 57 98 31 09 00 00 00 00 FF 00 00 CD B7 B2 D9 FF 00 00 00 00 00 00 00 00 00 00 00 DF 81 B9 D9 09 00 00 00 00 FF FF 00 66 90 97 F7 FF 00 00 00 07 00 91 00 00 00 00 00 60 09 97 F6 08 00 00 00 08 00 00 80 BE BB 90 75 05 00 00 80 00 00 00 00 E5 32 D1 04 09 00 00 00 00 00 00 00 00 00 80 00 FF 00 00 00 00 80 00 00 FF FF FF 00 7E 96 84 BD 01 00 00 00 E8 03 00 00 01 00 00 00 09 00 00 00 00 FF FF 00 FF 00 00 00 07 00 91 00 00 00 00 00 00 00 00 00 FF 00 FF 00 F8 FF 6E 00 FF 00 00 00 00 FF 00 00 11 00 00 80 FF FF FF 00 00 FF 00 00
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Heaventools\PE Explorer 1.0\Customize\Customize: 00 00 00 00 01 00 00 00 06 00 00 00 01 00 00 00 8E 84 D2 B4 01 00 00 00 9C B2 D9 B4 09 00 00 00 00 FF 00 00 03 47 4A 45 FF 00 00 00 00 00 00 00 00 00 00 00 11 71 41 45 09 00 00 00 00 FF FF 00 5C E4 24 30 FF 00 00 00 07 00 91 00 00 00 00 00 5A 7D 24 31 08 00 00 00 08 00 00 80 9C D7 70 F8 05 00 00 80 00 00 00 00 C7 5E 31 89 09 00 00 00 00 00 00 00 00 00 80 00 FF 00 00 00 00 80 00 00 FF FF FF 00 E8 F9 15 59 01 00 00 00 E8 03 00 00 01 00 00 00 09 00 00 00 00 FF FF 00 FF 00 00 00 07 00 91 00 00 00 00 00 00 00 00 00 FF 00 FF 00 F8 FF 6E 00 FF 00 00 00 00 FF 00 00 11 00 00 80 FF FF FF 00 00 FF 00 00
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Heaventools\PE Explorer 1.0\Params\MainWindowParams: FF FF FF 7F FF FF FF 7F F2 02 00 00 67 51 AD 86 31 02 00 00 01 00 00 00 91 A1 87 74 65 51 AD 86 0B 01 00 00 08 37 9C CA FF FF FF FF FF FF FF FF 75 67 A6 86 FF FF FF FF FF FF FF FF 2D B7 B5 81 FF FF FF 7F FF FF FF 7F 1A 01 97 CA 44 02 00 00 AE 01 00 00 E6 4B 70 64 00 00 00 00 3C 00 00 00 2B 2E B5 80 58 02 00 00 0A 37 9C CA CD 00 00 00 86 33 F4 A0 95 01 00 00 83 97 8C 74 00 00 00 00 FF FF FF 7F FF FF FF 7F BD C2 31 15 44 02 00 00 94 05 FF A0 AE 01 00 00 00 00 00 00 EF 76 83 79 64 00 00 00 EB 00 00 00 E9 EF 83 78 FA 00 00 00 A5 00 00 00 64 00 00 00 EB 00 00 00 BD C2 31 15 01 00 00 00 01 00 00 00 00 00 00 00 FF FF FF 7F FF FF FF 7F E4 02 00 00 3A 02 00 00 00 00 00 00 D7 00 00 00 A0 00 00 00 4B 00 00 00 4B 00 00 00 78 00 00 00 41 00 00 00 4B 00 00 00 44 00 00 00 0A 00 00 00 02 00 00 00 FF FF FF FF FF FF FF FF 9B 00 00 00 4A 01 00 00 FF FF FF 7F FF FF FF 7F FF FF FF 7F FF FF FF 7F FF FF FF 7F FF FF FF 7F D0 02 00 00 08 02 00 00 00 00 00 00 F2 00 00 00 00 00 00 00
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Heaventools\PE Explorer 1.0\Params\MainWindowParams: FF FF FF 7F FF FF FF 7F F2 02 00 00 D9 A2 98 E1 31 02 00 00 01 00 00 00 C7 38 A6 F4 DA A2 98 E1 0B 01 00 00 42 96 C3 02 FF FF FF FF FF FF FF FF CB 94 93 E1 FF FF FF FF FF FF FF FF 4F 7B 64 B1 FF FF FF 7F FF FF FF 7F 50 A0 C8 02 44 02 00 00 AE 01 00 00 90 A8 0B A1 00 00 00 00 3C 00 00 00 49 E2 64 B0 58 02 00 00 41 96 C3 02 CD 00 00 00 3C 94 BC 29 95 01 00 00 D5 0E AD F4 00 00 00 00 FF FF FF 7F FF FF FF 7F CB 21 4A D0 44 02 00 00 2E A2 B7 29 AE 01 00 00 00 00 00 00 ED FF AE 08 64 00 00 00 EB 00 00 00 EB 66 AE 09 FA 00 00 00 A5 00 00 00 64 00 00 00 EB 00 00 00 CB 21 4A D0 01 00 00 00 01 00 00 00 00 00 00 00 FF FF FF 7F FF FF FF 7F E4 02 00 00 3A 02 00 00 00 00 00 00 D7 00 00 00 A0 00 00 00 4B 00 00 00 4B 00 00 00 78 00 00 00 41 00 00 00 4B 00 00 00 44 00 00 00 0A 00 00 00 02 00 00 00 FF FF FF FF FF FF FF FF 9B 00 00 00 4A 01 00 00 FF FF FF 7F FF FF FF 7F FF FF FF 7F FF FF FF 7F FF FF FF 7F FF FF FF 7F D0 02 00 00 08 02 00 00 00 00 00 00 F2 00 00 00 00 00 00 00
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Heaventools\PE Explorer 1.0\Params\Last Root: "C:\DOCUMENTOS\SAMPLES\FLAMER WORM 2\"
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Heaventools\PE Explorer 1.0\Params\Last Root: "C:\DOCUMENTOS\SAMPLES\RAMNIT ROOTKIT (2012)\"
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Heaventools\PE Explorer 1.0\Params\FILE0: "C:\documentos\Samples\Flamer worm 2\f.exe"
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Heaventools\PE Explorer 1.0\Params\FILE0: "C:\documentos\Samples\Ramnit Rootkit (2012)\Ramnit.exe"
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Heaventools\PE Explorer 1.0\Params\FILE1: ""
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Heaventools\PE Explorer 1.0\Params\FILE1: "C:\documentos\Samples\Flamer worm 2\f.exe"
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Heaventools\PE Explorer 1.0\Params\ExtParams: 96 00 00 00 50 00 00 00 78 00 00 00 96 00 00 00 50 00 00 00 78 00 00 00 C8 00 00 00 5A 00 00 00 5A 00 00 00 46 00 00 00 4B 00 00 00 55 00 00 00 64 00 00 00 73 00 00 00 55 00 00 00 B9 00 00 00 8C 00 00 00 64 00 00 00 73 00 00 00 46 00 00 00 46 00 00 00 3A 02 00 00 41 00 00 00 87 00 00 00 DF 00 00 00 41 00 00 00 41 00 00 00 63 01 00 00 41 00 00 00 87 00 00 00 DF 00 00 00 41 00 00 00 41 00 00 00 E1 00 00 00 41 00 00 00 41 00 00 00 50 00 00 00 50 00 00 00 96 00 00 00 5A 00 00 00 C8 00 00 00 C8 00 00 00 32 00 00 00 5A 00 00 00 50 00 00 00 50 00 00 00 50 00 00 00 50 00 00 00 50 00 00 00 26 02 00 00 50 00 00 00 50 00 00 00 50 00 00 00 50 00 00 00 50 00 00 00 50 00 00 00 32 00 00 00 32 00 00 00 50 00 00 00
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Heaventools\PE Explorer 1.0\Params\ExtParams: 96 00 00 00 50 00 00 00 78 00 00 00 96 00 00 00 50 00 00 00 78 00 00 00 C8 00 00 00 5A 00 00 00 5A 00 00 00 5A 00 00 00 4B 00 00 00 55 00 00 00 64 00 00 00 73 00 00 00 55 00 00 00 B9 00 00 00 8C 00 00 00 64 00 00 00 73 00 00 00 46 00 00 00 46 00 00 00 3A 02 00 00 41 00 00 00 87 00 00 00 DF 00 00 00 41 00 00 00 41 00 00 00 63 01 00 00 41 00 00 00 87 00 00 00 DF 00 00 00 41 00 00 00 41 00 00 00 E1 00 00 00 41 00 00 00 41 00 00 00 50 00 00 00 50 00 00 00 96 00 00 00 5A 00 00 00 C8 00 00 00 C8 00 00 00 32 00 00 00 5A 00 00 00 50 00 00 00 50 00 00 00 50 00 00 00 50 00 00 00 50 00 00 00 26 02 00 00 50 00 00 00 50 00 00 00 50 00 00 00 50 00 00 00 50 00 00 00 50 00 00 00 32 00 00 00 32 00 00 00 50 00 00 00
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\MRUList: "edcba"
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\MRUList: "fedcba"
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\e: 70 00 65 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 00 2E 00 65 00 78 00 65 00 00 00 43 00 3A 00 5C 00 64 00 6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 6F 00 73 00 5C 00 53 00 61 00 6D 00 70 00 6C 00 65 00 73 00 5C 00 46 00 6C 00 61 00 6D 00 65 00 72 00 20 00 77 00 6F 00 72 00 6D 00 20 00 32 00 00 00
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\e: 70 00 65 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 00 2E 00 65 00 78 00 65 00 00 00 43 00 3A 00 5C 00 64 00 6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 6F 00 73 00 5C 00 53 00 61 00 6D 00 70 00 6C 00 65 00 73 00 5C 00 52 00 61 00 6D 00 6E 00 69 00 74 00 20 00 52 00 6F 00 6F 00 74 00 6B 00 69 00 74 00 20 00 28 00 32 00 30 00 31 00 32 00 29 00 00 00
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\MRUList: "cfedba"
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\MRUList: "gcfedba"
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe\MRUList: "cba"
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe\MRUList: "dcba"
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Order: 08 00 00 00 02 00 00 00 18 0C 00 00 01 00 00 00 14 00 00 00 EE 00 00 00 00 00 00 00 E0 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 CE 00 32 00 47 06 00 00 E4 40 F3 8D 20 00 43 4F 4E 46 49 47 7E 31 2E 4C 4E 4B 00 00 A4 00 03 00 04 00 EF BE E4 40 F3 8D 15 41 02 37 14 00 78 00 43 00 6F 00 6E 00 66 00 69 00 67 00 75 00 72 00 61 00 72 00 20 00 61 00 63 00 63 00 65 00 73 00 6F 00 20 00 79 00 20 00 70 00 72 00 6F 00 67 00 72 00 61 00 6D 00 61 00 73 00 20 00 70 00 72 00 65 00 64 00 65 00 74 00 65 00 72 00 6D 00 69 00 6E 00 61 00 64 00 6F 00 73 00 2E 00 6C 00 6E 00 6B 00 00 00 40 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 78 70 73 70 31 72 65 73 2E 64 6C 6C 2C 2D 31 30 30 37 37 00 00 1C 00 0E 00 00 00 0A 00 EF BE 01 00 00 00 1C 00 00 00 00 00 00 00 00 00 9C 00 00 00 01 00 00 00 8E 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 7C 00 32 00 A8 02 00 00 E4 40 F3 8D 20 00 57 49 4E 44 4F 57 7E 32 2E 4C 4E 4B 00 00 52 00 03 00 04 00 EF BE E4 40 F3 8D 15 41 02 37 14 00 3C 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 43 00 61 00 74 00 61 00 6C 00 6F 00 67 00 2E 00 6C 00 6E 00 6B 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 32 30 37 35 00 1C 00 0E 00 00 00 0A 00 EF BE 01 00 00 00 1C 00 00 00 00 00 00 00 00 00 86 00 00 00 02 00 00 00 78 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 66 00 32 00 E3 05 00 00 E4 40 F3 8D 20 00 57 49 4E 44 4F 57 7E 31 2E 4C 4E 4B 00 00 3C 00 03 00 04 00 EF BE E4 40 F3 8D 15 41 02 37 14 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 0E 00 00 00 0A 00 EF BE 01 00 00 00 1C 00 00 00 00 00 00 00 00 00 E8 00 00 00 03 00 00 00 DA 00 00 00 41 75 67 4D 02 00 00 00 02 00 00 00 66 00 31 00 00 00 00 00 E4 40 FB 8E 11 00 41 43 43 45 53 4F 7E 31 00 00 40 00 03 00 04 00 EF BE E4 40 E0 8E 15 41 2D 34 14 00 2A 00 41 00 63 00 63 00 65 00 73 00 6F 00 72 00 69 00 6F 00 73 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 31 37 36 31 00 18 00 0E 00 00 00 0A 00 EF BE 02 00 00 00 18 00 00 00 60 00 31 00 00 00 00 00 E4 40 82 8D 11 00 41 43 43 45 53 4F 7E 31 00 00 2C 00 03 00 04 00 EF BE E4 40 1D 8D 15 41 2D 34 14 00 00 00 41 00 63 00 63 00 65 00 73 00 6F 00 72 00 69 00 6F 00 73 00 00 00 18 00 0E 00 00 00 00 00 EF BE 03 00 00 00 18 00 0E 00 00 00 0A 00 EF BE 03 00 00 00 18 00 00 00 00 00 00 00 00 00 74 00 00 00 04 00 00 00 66 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 54 00 31 00 00 00 00 00 E4 40 05 8F 10 00 41 43 43 45 53 53 7E 31 00 00 2E 00 03 00 04 00 EF BE E4 40 05 8F 15 41 2D 34 14 00 00 00 41 00 63 00 63 00 65 00 73 00 73 00 6F 00 72 00 69 00 6F 00 73 00 00 00 18 00 0E 00 00 00 0A 00 EF BE 02 00 00 00 18 00 00 00 00 00 00 00 00 00 7A 00 00 00 12 00 00 00 6C 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 5A 00 31 00 00 00 00 00 15 41 AD 36 10 00 45 58 50 4C 4F 52 7E 31 00 00 34 00 03 00 04 00 EF BE 15 41 AC 36 15 41 AD 36 14 00 00 00 45 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 00 20 00 53 00 75 00 69 00 74 00 65 00 00 00 18 00 0E 00 00 00 0A 00 EF BE 03 00 00 00 18 00 00 00 00 00 00 00 00 00 72 00 00 00 13 00 00 00 64 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 52 00 31 00 00 00 00 00 15 41 F8 36 10 00 48 49 4A 41 43 4B 7E 31 00 00 2C 00 03 00 04 00 EF BE 15 41 F8 36 15 41 F9 36 14 00 00 00 48 00 69 00 4A 00 61 00 63 00 6B 00 54 00 68 00 69 00 73 00 00 00 18 00 0E 00 00 00 0A 00 EF BE 02 00 00 00 18 00 00 00 00 00 00 00 00 00 76 00 00 00 0F 00 00 00 68 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 56 00 31 00 00 00 00 00 E4 40 AA B4 10 00 49 44 41 50 52 4F 7E 31 00 00 30 00 03 00 04 00 EF BE E4 40 AA B4 15 41 2E 34 14 00 00 00 49 00 44 00 41 00 20 00 50 00 72 00 6F 00 20 00 46 00 72 00 65 00 65 00 00 00 18 00 0E 00 00 00 0A 00 EF BE 03 00 00 00 18 00 00 00 00 00 00 00 00 00 E8 00 00 00 05 00 00 00 DA 00 00 00 41 75 67 4D 02 00 00 00 02 00 00 00 5C 00 31 00 00 00 00 00 E4 40 A7 5C 11 00 49 6E 69 63 69 6F 00 00 38 00 03 00 04 00 EF BE E4 40 E0 8E 15 41 2D 34 14 00 22 00 49 00 6E 00 69 00 63 00 69 00 6F 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 31 37 38 37 00 16 00 0E 00 00 00 0A 00 EF BE 02 00 00 00 16 00 00 00 6A 00 31 00 00 00 00 00 E4 40 A7 5C 11 00 49 6E 69 63 69 6F 00 00 38 00 03 00 04 00 EF BE E4 40 A7 5C 15 41 2D 34 14 00 22 00 49 00 6E 00 69 00 63 00 69 00 6F 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 31 37 38 37 00 16 00 0E 00 00 00 00 00 EF BE 03 00 00 00 16 00 0E 00 00 00 0A 00 EF BE 03 00 00 00 16 00 00 00 00 00 00 00 00 00 7C 00 00 00 06 00 00 00 6E 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 5C 00 31 00 00 00 00 00 E4 40 74 8D 11 00 4A 75 65 67 6F 73 00 00 38 00 03 00 04 00 EF BE E4 40 74 8D 15 41 2E 34 14 00 22 00 4A 00 75 00 65 00 67 00 6F 00 73 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 31 37 37 33 00 16 00 0E 00 00 00 0A 00 EF BE 03 00 00 00 16 00 00 00 00 00 00 00 00 00 7E 00 00 00 07 00 00 00 70 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 5E 00 31 00 00 00 00 00 E4 40 F1 B3 10 00 50 52 4F 43 45 53 7E 31 00 00 38 00 03 00 04 00 EF BE E4 40 F0 B3 15 41 2E 34 14 00 00 00 50 00 72 00 6F 00 63 00 65 00 73 00 73 00 20 00 48 00 61 00 63 00 6B 00 65 00 72 00 20 00 32 00 00 00 18 00 0E 00 00 00 0A 00 EF BE 03 00 00 00 18 00 00 00 00 00 00 00 00 00 7C 00 00 00 10 00 00 00 6E 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 5C 00 31 00 00 00 00 00 0D 41 48 22 10 00 52 45 53 4F 55 52 7E 31 00 00 36 00 03 00 04 00 EF BE 0D 41 47 22 15 41 2E 34 14 00 00 00 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 20 00 48 00 61 00 63 00 6B 00 65 00 72 00 00 00 18 00 0E 00 00 00 0A 00 EF BE 03 00 00 00 18 00 00 00 00 00 00 00 00 00 C0 00 00 00 11 00 00 00 B2 00 00 00 41 75 67 4D 02 00 00 00 02 00 00 00 48 00 31 00 00 00 00 00 E4 40 71 B5 10 00 57 69 6E 52 41 52 00 00 24 00 03 00 04 00 EF BE E4 40 71 B5 15 41 2D 34 14 00 00 00 57 00 69 00 6E 00 52 00 41 00 52 00 00 00 16 00 0E 00 00 00 0A 00 EF BE 02 00 00 00 16 00 00 00 56 00 31 00 00 00 00 00 E4 40 71 B5 10 00 57 69 6E 52 41 52 00 00 24 00 03 00 04 00 EF BE E4 40 71 B5 15 41 2D 34 14 00 00 00 57 00 69 00 6E 00 52 00 41 00 52 00 00 00 16 00 0E 00 00 00 00 00 EF BE 03 00 00 00 16 00 0E 00 00 00 0A 00 EF BE 03 00 00 00 16 00 00 00 00 00 00 00 00 00 B4 00 00 00 08 00 00 00 A6 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 94 00 32 00 3F 06 00 00 E4 40 F3 8D 20 00 41 53 49 53 54 45 7E 31 2E 4C 4E 4B 00 00 6A 00 03 00 04 00 EF BE E4 40 E0 8E 15 41 02 37 14 00 40 00 41 00 73 00 69 00 73 00 74 00 65 00 6E 00 63 00 69 00 61 00 20 00 72 00 65 00 6D 00 6F 00 74 00 61 00 2E 00 6C 00 6E 00 6B 00 00 00 40 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 72 63 62 64 79 63 74 6C 2E 64 6C 6C 2C 2D 31 35 32 00 00 1C 00 0E 00 00 00 0A 00 EF BE 02 00 00 00 1C 00 00 00 00 00 00 00 00 00 8C 00 00 00 09 00 00 00 7E 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 6C 00 32 00 46 03 00 00 E4 40 05 8F 20 00 49 4E 54 45 52 4E 7E 31 2E 4C 4E 4B 00 00 42 00 03 00 04 00 EF BE E4 40 05 8F 15 41 02 37 14 00 00 00 49 00 6E 00 74 00 65 00 72 00 6E 00 65 00 74 00 20 00 45 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 0E 00 00 00 0A 00 EF BE 02 00 00 00 1C 00 00 00 00 00 00 00 00 00 6A 00 00 00 0A 00 00 00 5C 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 4A 00 32 00 13 08 00 00 E4 40 6F 8D 20 00 4D 53 4E 2E 6C 6E 6B 00 26 00 03 00 04 00 EF BE E4 40 6F 8D 15 41 02 37 14 00 00 00 4D 00 53 00 4E 00 2E 00 6C 00 6E 00 6B 00 00 00 16 00 0E 00 00 00 0A 00 EF BE 03 00 00 00 16 00 00 00 00 00 00 00 00 00 9E 00 00 00 0B 00 00 00 90 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 7E 00 32 00 05 03 00 00 E4 40 05 8F 20 00 4F 55 54 4C 4F 4F 7E 31 2E 4C 4E 4B 00 00 54 00 03 00 04 00 EF BE E4 40 F7 8E 15 41 02 37 14 00 3C 00 4F 00 75 00 74 00 6C 00 6F 00 6F 00 6B 00 20 00 45 00 78 00 70 00 72 00 65 00 73 00 73 00 2E 00 6C 00 6E 00 6B 00 00 00 40 78 70 73 70 31 72 65 73 2E 64 6C 6C 2C 2D 31 31 30 30 34 00 00 1C 00 0E 00 00 00 0A 00 EF BE 02 00 00 00 1C 00 00 00 00 00 00 00 00 00 92 00 00 00 0C 00 00 00 84 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 72 00 32 00 37 03 00 00 E4 40 FA 8E 20 00 57 49 4E 44 4F 57 7E 31 2E 4C 4E 4B 00 00 48 00 03 00 04 00 EF BE E4 40 E0 8E 15 41 02 37 14 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 4D 00 65 00 64 00 69 00 61 00 20 00 50 00 6C 00 61 00 79 00 65 00 72 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 0E 00 00 00 0A 00 EF BE 02 00 00 00 1C 00 00 00 00 00 00 00 00 00 8C 00 00 00 0D 00 00 00 7E 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 6C 00 32 00 8F 02 00 00 E4 40 74 8D 20 00 57 49 4E 44 4F 57 7E 31 2E 4C 4E 4B 00 00 42 00 03 00 04 00 EF BE E4 40 74 8D 15 41 02 37 14 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 4D 00 65 00 73 00 73 00 65 00 6E 00 67 00 65 00 72 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 0E 00 00 00 0A 00 EF BE 03 00 00 00 1C 00 00 00 00 00 00 00 00 00 BA 00 00 00 0E 00 00 00 AC 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 9A 00 32 00 43 03 00 00 E4 40 B7 8D 20 00 57 49 4E 44 4F 57 7E 32 2E 4C 4E 4B 00 00 70 00 03 00 04 00 EF BE E4 40 B7 8D 15 41 02 37 14 00 44 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 4D 00 6F 00 76 00 69 00 65 00 20 00 4D 00 61 00 6B 00 65 00 72 00 2E 00 6C 00 6E 00 6B 00 00 00 40 43 3A 5C 41 52 43 48 49 56 7E 31 5C 4D 4F 56 49 45 4D 7E 31 5C 77 6D 6D 32 72 65 73 2E 64 6C 6C 2C 2D 36 31 34 34 36 00 00 1C 00 0E 00 00 00 0A 00 EF BE 03 00 00 00 1C 00 00 00 00 00 00 00 00 00
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Order: 08 00 00 00 02 00 00 00 72 0D 00 00 01 00 00 00 17 00 00 00 EE 00 00 00 00 00 00 00 E0 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 CE 00 32 00 47 06 00 00 E4 40 F3 8D 20 00 43 4F 4E 46 49 47 7E 31 2E 4C 4E 4B 00 00 A4 00 03 00 04 00 EF BE E4 40 F3 8D 15 41 02 37 14 00 78 00 43 00 6F 00 6E 00 66 00 69 00 67 00 75 00 72 00 61 00 72 00 20 00 61 00 63 00 63 00 65 00 73 00 6F 00 20 00 79 00 20 00 70 00 72 00 6F 00 67 00 72 00 61 00 6D 00 61 00 73 00 20 00 70 00 72 00 65 00 64 00 65 00 74 00 65 00 72 00 6D 00 69 00 6E 00 61 00 64 00 6F 00 73 00 2E 00 6C 00 6E 00 6B 00 00 00 40 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 78 70 73 70 31 72 65 73 2E 64 6C 6C 2C 2D 31 30 30 37 37 00 00 1C 00 0E 00 00 00 0A 00 EF BE 01 00 00 00 1C 00 00 00 00 00 00 00 00 00 9C 00 00 00 01 00 00 00 8E 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 7C 00 32 00 A8 02 00 00 E4 40 F3 8D 20 00 57 49 4E 44 4F 57 7E 32 2E 4C 4E 4B 00 00 52 00 03 00 04 00 EF BE E4 40 F3 8D 15 41 02 37 14 00 3C 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 43 00 61 00 74 00 61 00 6C 00 6F 00 67 00 2E 00 6C 00 6E 00 6B 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 32 30 37 35 00 1C 00 0E 00 00 00 0A 00 EF BE 01 00 00 00 1C 00 00 00 00 00 00 00 00 00 86 00 00 00 02 00 00 00 78 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 66 00 32 00 E3 05 00 00 E4 40 F3 8D 20 00 57 49 4E 44 4F 57 7E 31 2E 4C 4E 4B 00 00 3C 00 03 00 04 00 EF BE E4 40 F3 8D 15 41 02 37 14 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 0E 00 00 00 0A 00 EF BE 01 00 00 00 1C 00 00 00 00 00 00 00 00 00 E8 00 00 00 03 00 00 00 DA 00 00 00 41 75 67 4D 02 00 00 00 02 00 00 00 66 00 31 00 00 00 00 00 E4 40 FB 8E 11 00 41 43 43 45 53 4F 7E 31 00 00 40 00 03 00 04 00 EF BE E4 40 E0 8E 17 41 7B 8D 14 00 2A 00 41 00 63 00 63 00 65 00 73 00 6F 00 72 00 69 00 6F 00 73 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 31 37 36 31 00 18 00 0E 00 00 00 0A 00 EF BE 02 00 00 00 18 00 00 00 60 00 31 00 00 00 00 00 E4 40 82 8D 11 00 41 43 43 45 53 4F 7E 31 00 00 2C 00 03 00 04 00 EF BE E4 40 1D 8D 17 41 7B 8D 14 00 00 00 41 00 63 00 63 00 65 00 73 00 6F 00 72 00 69 00 6F 00 73 00 00 00 18 00 0E 00 00 00 00 00 EF BE 03 00 00 00 18 00 0E 00 00 00 0A 00 EF BE 03 00 00 00 18 00 00 00 00 00 00 00 00 00 74 00 00 00 04 00 00 00 66 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 54 00 31 00 00 00 00 00 E4 40 05 8F 10 00 41 43 43 45 53 53 7E 31 00 00 2E 00 03 00 04 00 EF BE E4 40 05 8F 17 41 7B 8D 14 00 00 00 41 00 63 00 63 00 65 00 73 00 73 00 6F 00 72 00 69 00 6F 00 73 00 00 00 18 00 0E 00 00 00 0A 00 EF BE 02 00 00 00 18 00 00 00 00 00 00 00 00 00 7A 00 00 00 12 00 00 00 6C 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 5A 00 31 00 00 00 00 00 15 41 AD 36 10 00 45 58 50 4C 4F 52 7E 31 00 00 34 00 03 00 04 00 EF BE 15 41 AC 36 17 41 7B 8D 14 00 00 00 45 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 00 20 00 53 00 75 00 69 00 74 00 65 00 00 00 18 00 0E 00 00 00 0A 00 EF BE 03 00 00 00 18 00 00 00 00 00 00 00 00 00 72 00 00 00 13 00 00 00 64 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 52 00 31 00 00 00 00 00 15 41 F8 36 10 00 48 49 4A 41 43 4B 7E 31 00 00 2C 00 03 00 04 00 EF BE 15 41 F8 36 17 41 7B 8D 14 00 00 00 48 00 69 00 4A 00 61 00 63 00 6B 00 54 00 68 00 69 00 73 00 00 00 18 00 0E 00 00 00 0A 00 EF BE 02 00 00 00 18 00 00 00 00 00 00 00 00 00 76 00 00 00 0F 00 00 00 68 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 56 00 31 00 00 00 00 00 E4 40 AA B4 10 00 49 44 41 50 52 4F 7E 31 00 00 30 00 03 00 04 00 EF BE E4 40 AA B4 17 41 7B 8D 14 00 00 00 49 00 44 00 41 00 20 00 50 00 72 00 6F 00 20 00 46 00 72 00 65 00 65 00 00 00 18 00 0E 00 00 00 0A 00 EF BE 03 00 00 00 18 00 00 00 00 00 00 00 00 00 E8 00 00 00 05 00 00 00 DA 00 00 00 41 75 67 4D 02 00 00 00 02 00 00 00 5C 00 31 00 00 00 00 00 E4 40 A7 5C 11 00 49 6E 69 63 69 6F 00 00 38 00 03 00 04 00 EF BE E4 40 E0 8E 17 41 7B 8D 14 00 22 00 49 00 6E 00 69 00 63 00 69 00 6F 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 31 37 38 37 00 16 00 0E 00 00 00 0A 00 EF BE 02 00 00 00 16 00 00 00 6A 00 31 00 00 00 00 00 E4 40 A7 5C 11 00 49 6E 69 63 69 6F 00 00 38 00 03 00 04 00 EF BE E4 40 A7 5C 17 41 7B 8D 14 00 22 00 49 00 6E 00 69 00 63 00 69 00 6F 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 31 37 38 37 00 16 00 0E 00 00 00 00 00 EF BE 03 00 00 00 16 00 0E 00 00 00 0A 00 EF BE 03 00 00 00 16 00 00 00 00 00 00 00 00 00 7C 00 00 00 06 00 00 00 6E 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 5C 00 31 00 00 00 00 00 E4 40 74 8D 11 00 4A 75 65 67 6F 73 00 00 38 00 03 00 04 00 EF BE E4 40 74 8D 17 41 7B 8D 14 00 22 00 4A 00 75 00 65 00 67 00 6F 00 73 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 31 37 37 33 00 16 00 0E 00 00 00 0A 00 EF BE 03 00 00 00 16 00 00 00 00 00 00 00 00 00 74 00 00 00 14 00 00 00 66 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 54 00 31 00 00 00 00 00 17 41 36 93 10 00 50 45 45 58 50 4C 7E 31 00 00 2E 00 03 00 04 00 EF BE 17 41 35 93 17 41 36 93 14 00 00 00 50 00 45 00 20 00 45 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 00 00 00 18 00 0E 00 00 00 0A 00 EF BE 03 00 00 00 18 00 00 00 00 00 00 00 00 00 7E 00 00 00 07 00 00 00 70 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 5E 00 31 00 00 00 00 00 E4 40 F1 B3 10 00 50 52 4F 43 45 53 7E 31 00 00 38 00 03 00 04 00 EF BE E4 40 F0 B3 17 41 7B 8D 14 00 00 00 50 00 72 00 6F 00 63 00 65 00 73 00 73 00 20 00 48 00 61 00 63 00 6B 00 65 00 72 00 20 00 32 00 00 00 18 00 0E 00 00 00 0A 00 EF BE 03 00 00 00 18 00 00 00 00 00 00 00 00 00 7C 00 00 00 10 00 00 00 6E 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 5C 00 31 00 00 00 00 00 0D 41 48 22 10 00 52 45 53 4F 55 52 7E 31 00 00 36 00 03 00 04 00 EF BE 0D 41 47 22 17 41 7B 8D 14 00 00 00 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 20 00 48 00 61 00 63 00 6B 00 65 00 72 00 00 00 18 00 0E 00 00 00 0A 00 EF BE 03 00 00 00 18 00 00 00 00 00 00 00 00 00 6A 00 00 00 15 00 00 00 5C 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 4A 00 31 00 00 00 00 00 15 41 D8 A8 10 00 57 69 6E 50 63 61 70 00 26 00 03 00 04 00 EF BE 15 41 D8 A8 17 41 7B 8D 14 00 00 00 57 00 69 00 6E 00 50 00 63 00 61 00 70 00 00 00 16 00 0E 00 00 00 0A 00 EF BE 03 00 00 00 16 00 00 00 00 00 00 00 00 00 C0 00 00 00 11 00 00 00 B2 00 00 00 41 75 67 4D 02 00 00 00 02 00 00 00 48 00 31 00 00 00 00 00 E4 40 71 B5 10 00 57 69 6E 52 41 52 00 00 24 00 03 00 04 00 EF BE E4 40 71 B5 17 41 7B 8D 14 00 00 00 57 00 69 00 6E 00 52 00 41 00 52 00 00 00 16 00 0E 00 00 00 0A 00 EF BE 02 00 00 00 16 00 00 00 56 00 31 00 00 00 00 00 E4 40 71 B5 10 00 57 69 6E 52 41 52 00 00 24 00 03 00 04 00 EF BE E4 40 71 B5 17 41 7B 8D 14 00 00 00 57 00 69 00 6E 00 52 00 41 00 52 00 00 00 16 00 0E 00 00 00 00 00 EF BE 03 00 00 00 16 00 0E 00 00 00 0A 00 EF BE 03 00 00 00 16 00 00 00 00 00 00 00 00 00 B4 00 00 00 08 00 00 00 A6 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 94 00 32 00 3F 06 00 00 E4 40 F3 8D 20 00 41 53 49 53 54 45 7E 31 2E 4C 4E 4B 00 00 6A 00 03 00 04 00 EF BE E4 40 E0 8E 15 41 02 37 14 00 40 00 41 00 73 00 69 00 73 00 74 00 65 00 6E 00 63 00 69 00 61 00 20 00 72 00 65 00 6D 00 6F 00 74 00 61 00 2E 00 6C 00 6E 00 6B 00 00 00 40 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 72 63 62 64 79 63 74 6C 2E 64 6C 6C 2C 2D 31 35 32 00 00 1C 00 0E 00 00 00 0A 00 EF BE 02 00 00 00 1C 00 00 00 00 00 00 00 00 00 8C 00 00 00 09 00 00 00 7E 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 6C 00 32 00 46 03 00 00 E4 40 05 8F 20 00 49 4E 54 45 52 4E 7E 31 2E 4C 4E 4B 00 00 42 00 03 00 04 00 EF BE E4 40 05 8F 15 41 02 37 14 00 00 00 49 00 6E 00 74 00 65 00 72 00 6E 00 65 00 74 00 20 00 45 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 0E 00 00 00 0A 00 EF BE 02 00 00 00 1C 00 00 00 00 00 00 00 00 00 6A 00 00 00 0A 00 00 00 5C 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 4A 00 32 00 13 08 00 00 E4 40 6F 8D 20 00 4D 53 4E 2E 6C 6E 6B 00 26 00 03 00 04 00 EF BE E4 40 6F 8D 15 41 02 37 14 00 00 00 4D 00 53 00 4E 00 2E 00 6C 00 6E 00 6B 00 00 00 16 00 0E 00 00 00 0A 00 EF BE 03 00 00 00 16 00 00 00 00 00 00 00 00 00 9E 00 00 00 0B 00 00 00 90 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 7E 00 32 00 05 03 00 00 E4 40 05 8F 20 00 4F 55 54 4C 4F 4F 7E 31 2E 4C 4E 4B 00 00 54 00 03 00 04 00 EF BE E4 40 F7 8E 15 41 02 37 14 00 3C 00 4F 00 75 00 74 00 6C 00 6F 00 6F 00 6B 00 20 00 45 00 78 00 70 00 72 00 65 00 73 00 73 00 2E 00 6C 00 6E 00 6B 00 00 00 40 78 70 73 70 31 72 65 73 2E 64 6C 6C 2C 2D 31 31 30 30 34 00 00 1C 00 0E 00 00 00 0A 00 EF BE 02 00 00 00 1C 00 00 00 00 00 00 00 00 00 92 00 00 00 0C 00 00 00 84 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 72 00 32 00 37 03 00 00 E4 40 FA 8E 20 00 57 49 4E 44 4F 57 7E 31 2E 4C 4E 4B 00 00 48 00 03 00 04 00 EF BE E4 40 E0 8E 15 41 02 37 14 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 4D 00 65 00 64 00 69 00 61 00 20 00 50 00 6C 00 61 00 79 00 65 00 72 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 0E 00 00 00 0A 00 EF BE 02 00 00 00 1C 00 00 00 00 00 00 00 00 00 8C 00 00 00 0D 00 00 00 7E 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 6C 00 32 00 8F 02 00 00 E4 40 74 8D 20 00 57 49 4E 44 4F 57 7E 31 2E 4C 4E 4B 00 00 42 00 03 00 04 00 EF BE E4 40 74 8D 15 41 02 37 14 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 4D 00 65 00 73 00 73 00 65 00 6E 00 67 00 65 00 72 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 0E 00 00 00 0A 00 EF BE 03 00 00 00 1C 00 00 00 00 00 00 00 00 00 BA 00 00 00 0E 00 00 00 AC 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 9A 00 32 00 43 03 00 00 E4 40 B7 8D 20 00 57 49 4E 44 4F 57 7E 32 2E 4C 4E 4B 00 00 70 00 03 00 04 00 EF BE E4 40 B7 8D 15 41 02 37 14 00 44 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 4D 00 6F 00 76 00 69 00 65 00 20 00 4D 00 61 00 6B 00 65 00 72 00 2E 00 6C 00 6E 00 6B 00 00 00 40 43 3A 5C 41 52 43 48 49 56 7E 31 5C 4D 4F 56 49 45 4D 7E 31 5C 77 6D 6D 32 72 65 73 2E 64 6C 6C 2C 2D 36 31 34 34 36 00 00 1C 00 0E 00 00 00 0A 00 EF BE 03 00 00 00 1C 00 00 00 00 00 00 00 00 00 7C 00 00 00 16 00 00 00 6E 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 5C 00 32 00 0B 06 00 00 15 41 C5 A8 20 00 57 49 52 45 53 48 7E 31 2E 4C 4E 4B 00 00 32 00 03 00 04 00 EF BE 15 41 C5 A8 15 41 C5 A8 14 00 00 00 57 00 69 00 72 00 65 00 73 00 68 00 61 00 72 00 6B 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 0E 00 00 00 0A 00 EF BE 03 00 00 00 1C 00 00 00 00 00 00 00 00 00
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\MRUList: "a"
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\MRUList: "cba"
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\StartMenu_Balloon_Time: F0 FB 8F 07 6A 7F CD 01
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\StartMenu_Balloon_Time: 96 8D 2C D3 5E 81 CD 01
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count\HRZR_HVGBBYONE: 04 00 00 00 3A 00 00 00 10 F3 35 8B 5E 81 CD 01
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count\HRZR_HVGBBYONE: 04 00 00 00 3B 00 00 00 90 1C 3A 3C 5F 81 CD 01
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count\HRZR_HVGBBYONE:0k1,120: 04 00 00 00 35 00 00 00 10 F3 35 8B 5E 81 CD 01
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count\HRZR_HVGBBYONE:0k1,120: 04 00 00 00 36 00 00 00 90 1C 3A 3C 5F 81 CD 01
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU: 01 00 00 00 51 00 00 00 40 AB D0 F5 5C 81 CD 01
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU: 01 00 00 00 5E 00 00 00 20 27 2D AC 66 81 CD 01
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\qbphzragbf\Gbbyf\Orunivbeny nanylfvf gbbyf\CebprffRkcybere\cebprkc.rkr: 01 00 00 00 07 00 00 00 50 07 87 39 5B 81 CD 01
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\qbphzragbf\Gbbyf\Orunivbeny nanylfvf gbbyf\CebprffRkcybere\cebprkc.rkr: 01 00 00 00 08 00 00 00 E0 C8 DD 71 66 81 CD 01
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY: 01 00 00 00 07 00 00 00 20 68 CB 06 36 5A CD 01
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY: 01 00 00 00 09 00 00 00 20 77 F5 61 61 81 CD 01
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_HVFPHG: 01 00 00 00 16 00 00 00 A0 85 AA F5 5C 81 CD 01
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_HVFPHG: 01 00 00 00 18 00 00 00 D0 38 A6 67 61 81 CD 01
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\pzq.rkr: 01 00 00 00 06 00 00 00 40 78 6B 24 06 79 CD 01
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\pzq.rkr: 01 00 00 00 07 00 00 00 20 27 2D AC 66 81 CD 01
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:Erfbhepr Unpxre.yax: 01 00 00 00 06 00 00 00 F0 B8 9D B1 0A 79 CD 01
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:Erfbhepr Unpxre.yax: 01 00 00 00 07 00 00 00 D0 38 A6 67 61 81 CD 01
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Nepuvibf qr cebtenzn\Erfbhepr Unpxre\ErfUnpxre.rkr: 01 00 00 00 09 00 00 00 A0 D0 AA B6 5A 81 CD 01
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Nepuvibf qr cebtenzn\Erfbhepr Unpxre\ErfUnpxre.rkr: 01 00 00 00 0A 00 00 00 90 95 BB 67 61 81 CD 01
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\ehaqyy32.rkr: 01 00 00 00 06 00 00 00 30 0A 87 E5 58 81 CD 01
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\ehaqyy32.rkr: 01 00 00 00 0A 00 00 00 80 B6 59 2E 5F 81 CD 01
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:CR Rkcybere.yax: 01 00 00 00 06 00 00 00 A0 85 AA F5 5C 81 CD 01
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:CR Rkcybere.yax: 01 00 00 00 07 00 00 00 50 0C 5D 55 5F 81 CD 01
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Nepuvibf qr cebtenzn\CR Rkcybere\crkcybere.rkr: 01 00 00 00 06 00 00 00 40 AB D0 F5 5C 81 CD 01
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Nepuvibf qr cebtenzn\CR Rkcybere\crkcybere.rkr: 01 00 00 00 07 00 00 00 F0 C0 80 55 5F 81 CD 01
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E88DCCE0-B7B3-11D1-A9F0-00AA0060FA31} {0000013A-0000-0000-C000-000000000046} 0x401: 00 00 00 00 37 00 33 00 32 D4 8A A3 5C 81 CD 01
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E88DCCE0-B7B3-11D1-A9F0-00AA0060FA31} {0000013A-0000-0000-C000-000000000046} 0x401: 00 00 00 00 37 00 33 00 16 31 75 6E 66 81 CD 01
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\NodeSlots: 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\NodeSlots: 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\MRUListEx: 01 00 00 00 00 00 00 00 02 00 00 00 FF FF FF FF
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\MRUListEx: 00 00 00 00 01 00 00 00 02 00 00 00 FF FF FF FF
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\MRUListEx: 02 00 00 00 01 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\MRUListEx: 03 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\0\MRUListEx: 01 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\0\MRUListEx: 00 00 00 00 01 00 00 00 FF FF FF FF
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\0\0\MRUListEx: 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\0\0\MRUListEx: 01 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\ScrollPos800x600(1).y: 0x00000045
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\ScrollPos800x600(1).y: 0x00000081
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\ItemPos800x600(1): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 C2 01 00 00 46 00 31 00 00 00 00 00 17 41 52 90 10 00 46 4C 41 4D 45 52 7E 31 00 00 2E 00 03 00 04 00 EF BE 17 41 F3 8D 17 41 52 90 14 00 00 00 46 00 6C 00 61 00 6D 00 65 00 72 00 20 00 77 00 6F 00 72 00 6D 00 00 00 18 00 DC 00 00 00 C2 01 00 00 3A 00 31 00 00 00 00 00 17 41 11 91 10 00 46 6C 61 6D 65 72 00 00 24 00 03 00 04 00 EF BE 17 41 5B 8E 17 41 D8 94 14 00 00 00 46 00 6C 00 61 00 6D 00 65 00 72 00 00 00 16 00 02 00 00 00 02 00 00 00 52 00 32 00 AC FD 22 00 CD 40 1A 79 20 00 32 58 47 57 49 4E 7E 31 2E 52 41 52 00 00 36 00 03 00 04 00 EF BE E4 40 F1 B1 E4 40 91 B5 14 00 00 00 32 00 78 00 67 00 77 00 69 00 6E 00 64 00 6F 00 77 00 33 00 78 00 2E 00 72 00 61 00 72 00 00 00 1C 00 DC 00 00 00 02 00 00 00 94 00 32 00 EF A3 02 00 0A 41 42 BB 20 00 42 55 4E 44 45 53 7E 31 2E 5A 49 50 00 00 78 00 03 00 04 00 EF BE 0D 41 24 1E 0D 41 24 1E 14 00 00 00 42 00 75 00 6E 00 64 00 65 00 73 00 74 00 72 00 6F 00 6A 00 61 00 6E 00 65 00 72 00 20 00 2D 00 20 00 54 00 72 00 6F 00 6A 00 61 00 6E 00 2E 00 41 00 67 00 65 00 6E 00 74 00 42 00 79 00 70 00 61 00 73 00 73 00 2D 00 31 00 20 00 2D 00 20 00 32 00 30 00 31 00 31 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 02 00 00 00 3A 00 00 00 7E 00 32 00 FD 0B 00 00 0A 41 66 BB 20 00 42 55 4E 44 45 53 7E 32 2E 5A 49 50 00 00 62 00 03 00 04 00 EF BE 0D 41 24 1E 0D 41 24 1E 14 00 00 00 42 00 75 00 6E 00 64 00 65 00 73 00 74 00 72 00 6F 00 6A 00 61 00 6E 00 65 00 72 00 20 00 28 00 6E 00 6F 00 20 00 70 00 61 00 63 00 6B 00 65 00 74 00 29 00 20 00 2D 00 20 00 32 00 30 00 31 00 31 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 DC 00 00 00 3A 00 00 00 78 00 32 00 1A D2 02 00 0A 41 86 BB 20 00 42 55 4E 44 45 53 7E 33 2E 5A 49 50 00 00 5C 00 03 00 04 00 EF BE 0D 41 24 1E 17 41 F2 8D 14 00 00 00 42 00 75 00 6E 00 64 00 65 00 73 00 74 00 72 00 6F 00 6A 00 61 00 6E 00 65 00 72 00 20 00 28 00 70 00 61 00 63 00 6B 00 65 00 74 00 29 00 20 00 2D 00 20 00 32 00 30 00 31 00 31 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 02 00 00 00 72 00 00 00 5A 00 32 00 15 A1 02 00 7E 3E 6B 81 20 00 43 59 43 42 4F 54 7E 31 2E 5A 49 50 00 00 3E 00 03 00 04 00 EF BE 0D 41 24 1E 0D 41 24 1E 14 00 00 00 43 00 79 00 63 00 62 00 6F 00 74 00 2D 00 32 00 20 00 2D 00 20 00 32 00 30 00 31 00 31 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 DC 00 00 00 72 00 00 00 5A 00 32 00 02 9D 02 00 7E 3E 5C 81 20 00 43 59 43 42 4F 54 7E 32 2E 5A 49 50 00 00 3E 00 03 00 04 00 EF BE 0D 41 24 1E 0D 41 24 1E 14 00 00 00 43 00 79 00 63 00 62 00 6F 00 74 00 2D 00 33 00 20 00 2D 00 20 00 32 00 30 00 31 00 31 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 02 00 00 00 AA 00 00 00 5A 00 32 00 83 79 02 00 7E 3E 93 81 20 00 43 59 43 42 4F 54 7E 33 2E 5A 49 50 00 00 3E 00 03 00 04 00 EF BE 0D 41 24 1E 0D 41 24 1E 14 00 00 00 43 00 79 00 63 00 62 00 6F 00 74 00 2D 00 39 00 20 00 2D 00 20 00 32 00 30 00 31 00 31 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 02 00 00 00 8A 01 00 00 56 00 32 00 3B 9D 08 00 17 41 A7 8A 20 00 46 4C 41 4D 45 52 7E 32 2E 5A 49 50 00 00 3A 00 03 00 04 00 EF BE 17 41 59 8E 17 41 59 8E 14 00 00 00 46 00 6C 00 61 00 6D 00 65 00 72 00 20 00 77 00 6F 00 72 00 6D 00 20 00 32 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 02 00 00 00 E2 00 00 00 52 00 32 00 3D DE 32 00 17 41 74 8A 20 00 46 4C 41 4D 45 52 7E 31 2E 5A 49 50 00 00 36 00 03 00 04 00 EF BE 17 41 F0 8D 17 41 F0 8D 14 00 00 00 46 00 6C 00 61 00 6D 00 65 00 72 00 20 00 77 00 6F 00 72 00 6D 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 DC 00 00 00 AA 00 00 00 76 00 32 00 37 29 0E 00 5C 40 0A 81 20 00 50 52 41 43 54 49 7E 31 2E 52 41 52 00 00 5A 00 03 00 04 00 EF BE 0D 41 24 1E 0D 41 25 1E 14 00 00 00 50 00 72 00 61 00 63 00 74 00 69 00 63 00 61 00 6C 00 4D 00 61 00 6C 00 77 00 61 00 72 00 65 00 41 00 6E 00 61 00 6C 00 79 00 73 00 69 00 73 00 2D 00 4C 00 61 00 62 00 73 00 2E 00 72 00 61 00 72 00 00 00 1C 00 DC 00 00 00 E2 00 00 00 82 00 32 00 BE 28 01 00 08 41 FB 96 20 00 52 49 4D 45 43 55 7E 31 2E 5A 49 50 00 00 66 00 03 00 04 00 EF BE 0D 41 25 1E 17 41 59 8E 14 00 00 00 52 00 69 00 6D 00 65 00 63 00 75 00 64 00 20 00 2D 00 20 00 54 00 72 00 6F 00 6A 00 61 00 6E 00 2E 00 52 00 69 00 6D 00 65 00 63 00 75 00 64 00 2D 00 32 00 36 00 34 00 20 00 2D 00 20 00 32 00 30 00 31 00 32 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 02 00 00 00 1A 01 00 00 90 00 32 00 22 E7 00 00 08 41 B7 96 20 00 52 49 4D 45 43 55 7E 32 2E 5A 49 50 00 00 74 00 03 00 04 00 EF BE 0D 41 25 1E 0D 41 25 1E 14 00 00 00 52 00 69 00 6D 00 65 00 63 00 75 00 64 00 20 00 2D 00 20 00 57 00 33 00 32 00 52 00 69 00 6D 00 65 00 63 00 75 00 64 00 2E 00 42 00 2E 00 67 00 65 00 6E 00 21 00 45 00 6C 00 64 00 6F 00 72 00 61 00 64 00 6F 00 20 00 2D 00 20 00 32 00 30 00 31 00 31 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 DC 00 00 00 1A 01 00 00 90 00 32 00 1C E7 00 00 08 41 D5 96 20 00 52 49 4D 45 43 55 7E 33 2E 5A 49 50 00 00 74 00 03 00 04 00 EF BE 0D 41 25 1E 17 41 F1 8D 14 00 00 00 52 00 69 00 6D 00 65 00 63 00 75 00 64 00 20 00 2D 00 20 00 57 00 33 00 32 00 52 00 69 00 6D 00 65 00 63 00 75 00 64 00 2E 00 42 00 2E 00 67 00 65 00 6E 00 21 00 45 00 6C 00 64 00 6F 00 72 00 61 00 64 00 6F 00 20 00 2D 00 20 00 32 00 30 00 31 00 32 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 02 00 00 00 52 01 00 00 5C 00 32 00 7F B6 00 00 7E 3E 32 84 20 00 53 41 4C 49 54 59 7E 31 2E 5A 49 50 00 00 40 00 03 00 04 00 EF BE 0D 41 25 1E 0D 41 25 1E 14 00 00 00 53 00 61 00 6C 00 69 00 74 00 79 00 2E 00 41 00 44 00 20 00 2D 00 20 00 32 00 30 00 31 00 31 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 DC 00 00 00 52 01 00 00 5C 00 32 00 B6 9D 01 00 7E 3E 4A 84 20 00 53 41 4C 49 54 59 7E 32 2E 5A 49 50 00 00 40 00 03 00 04 00 EF BE 0D 41 25 1E 0D 41 25 1E 14 00 00 00 53 00 61 00 6C 00 69 00 74 00 79 00 2E 00 41 00 4B 00 20 00 2D 00 20 00 32 00 30 00 31 00 30 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 DC 00 00 00 8A 01 00 00 5C 00 32 00 AB F5 01 00 7E 3E 20 84 20 00 53 41 4C 49 54 59 7E 33 2E 5A 49 50 00 00 40 00 03 00 04 00 EF BE 0D 41 25 1E 0D 41 25 1E 14 00 00 00 53 00 61 00 6C 00 69 00 74 00 79 00 2E 00 4F 00 47 00 20 00 2D 00 20 00 32 00 30 00 31 00 30 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 DC 00 00 00 8A 01 00 00 00 00 00 00
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\ItemPos800x600(1): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 FA 01 00 00 3A 00 31 00 00 00 00 00 17 41 11 91 10 00 46 6C 61 6D 65 72 00 00 24 00 03 00 04 00 EF BE 17 41 5B 8E 17 41 D8 94 14 00 00 00 46 00 6C 00 61 00 6D 00 65 00 72 00 00 00 16 00 DC 00 00 00 C2 01 00 00 46 00 31 00 00 00 00 00 17 41 52 90 10 00 46 4C 41 4D 45 52 7E 31 00 00 2E 00 03 00 04 00 EF BE 17 41 F3 8D 17 41 52 90 14 00 00 00 46 00 6C 00 61 00 6D 00 65 00 72 00 20 00 77 00 6F 00 72 00 6D 00 00 00 18 00 02 00 00 00 02 00 00 00 52 00 32 00 AC FD 22 00 CD 40 1A 79 20 00 32 58 47 57 49 4E 7E 31 2E 52 41 52 00 00 36 00 03 00 04 00 EF BE E4 40 F1 B1 E4 40 91 B5 14 00 00 00 32 00 78 00 67 00 77 00 69 00 6E 00 64 00 6F 00 77 00 33 00 78 00 2E 00 72 00 61 00 72 00 00 00 1C 00 DC 00 00 00 02 00 00 00 94 00 32 00 EF A3 02 00 0A 41 42 BB 20 00 42 55 4E 44 45 53 7E 31 2E 5A 49 50 00 00 78 00 03 00 04 00 EF BE 0D 41 24 1E 0D 41 24 1E 14 00 00 00 42 00 75 00 6E 00 64 00 65 00 73 00 74 00 72 00 6F 00 6A 00 61 00 6E 00 65 00 72 00 20 00 2D 00 20 00 54 00 72 00 6F 00 6A 00 61 00 6E 00 2E 00 41 00 67 00 65 00 6E 00 74 00 42 00 79 00 70 00 61 00 73 00 73 00 2D 00 31 00 20 00 2D 00 20 00 32 00 30 00 31 00 31 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 02 00 00 00 3A 00 00 00 7E 00 32 00 FD 0B 00 00 0A 41 66 BB 20 00 42 55 4E 44 45 53 7E 32 2E 5A 49 50 00 00 62 00 03 00 04 00 EF BE 0D 41 24 1E 0D 41 24 1E 14 00 00 00 42 00 75 00 6E 00 64 00 65 00 73 00 74 00 72 00 6F 00 6A 00 61 00 6E 00 65 00 72 00 20 00 28 00 6E 00 6F 00 20 00 70 00 61 00 63 00 6B 00 65 00 74 00 29 00 20 00 2D 00 20 00 32 00 30 00 31 00 31 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 DC 00 00 00 3A 00 00 00 78 00 32 00 1A D2 02 00 0A 41 86 BB 20 00 42 55 4E 44 45 53 7E 33 2E 5A 49 50 00 00 5C 00 03 00 04 00 EF BE 0D 41 24 1E 17 41 F2 8D 14 00 00 00 42 00 75 00 6E 00 64 00 65 00 73 00 74 00 72 00 6F 00 6A 00 61 00 6E 00 65 00 72 00 20 00 28 00 70 00 61 00 63 00 6B 00 65 00 74 00 29 00 20 00 2D 00 20 00 32 00 30 00 31 00 31 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 02 00 00 00 72 00 00 00 5A 00 32 00 15 A1 02 00 7E 3E 6B 81 20 00 43 59 43 42 4F 54 7E 31 2E 5A 49 50 00 00 3E 00 03 00 04 00 EF BE 0D 41 24 1E 0D 41 24 1E 14 00 00 00 43 00 79 00 63 00 62 00 6F 00 74 00 2D 00 32 00 20 00 2D 00 20 00 32 00 30 00 31 00 31 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 DC 00 00 00 72 00 00 00 5A 00 32 00 02 9D 02 00 7E 3E 5C 81 20 00 43 59 43 42 4F 54 7E 32 2E 5A 49 50 00 00 3E 00 03 00 04 00 EF BE 0D 41 24 1E 0D 41 24 1E 14 00 00 00 43 00 79 00 63 00 62 00 6F 00 74 00 2D 00 33 00 20 00 2D 00 20 00 32 00 30 00 31 00 31 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 02 00 00 00 AA 00 00 00 5A 00 32 00 83 79 02 00 7E 3E 93 81 20 00 43 59 43 42 4F 54 7E 33 2E 5A 49 50 00 00 3E 00 03 00 04 00 EF BE 0D 41 24 1E 0D 41 24 1E 14 00 00 00 43 00 79 00 63 00 62 00 6F 00 74 00 2D 00 39 00 20 00 2D 00 20 00 32 00 30 00 31 00 31 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 DC 00 00 00 8A 01 00 00 56 00 32 00 3B 9D 08 00 17 41 A7 8A 20 00 46 4C 41 4D 45 52 7E 32 2E 5A 49 50 00 00 3A 00 03 00 04 00 EF BE 17 41 59 8E 17 41 59 8E 14 00 00 00 46 00 6C 00 61 00 6D 00 65 00 72 00 20 00 77 00 6F 00 72 00 6D 00 20 00 32 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 02 00 00 00 E2 00 00 00 52 00 32 00 3D DE 32 00 17 41 74 8A 20 00 46 4C 41 4D 45 52 7E 31 2E 5A 49 50 00 00 36 00 03 00 04 00 EF BE 17 41 F0 8D 17 41 F0 8D 14 00 00 00 46 00 6C 00 61 00 6D 00 65 00 72 00 20 00 77 00 6F 00 72 00 6D 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 DC 00 00 00 AA 00 00 00 76 00 32 00 37 29 0E 00 5C 40 0A 81 20 00 50 52 41 43 54 49 7E 31 2E 52 41 52 00 00 5A 00 03 00 04 00 EF BE 0D 41 24 1E 0D 41 25 1E 14 00 00 00 50 00 72 00 61 00 63 00 74 00 69 00 63 00 61 00 6C 00 4D 00 61 00 6C 00 77 00 61 00 72 00 65 00 41 00 6E 00 61 00 6C 00 79 00 73 00 69 00 73 00 2D 00 4C 00 61 00 62 00 73 00 2E 00 72 00 61 00 72 00 00 00 1C 00 DC 00 00 00 E2 00 00 00 82 00 32 00 BE 28 01 00 08 41 FB 96 20 00 52 49 4D 45 43 55 7E 31 2E 5A 49 50 00 00 66 00 03 00 04 00 EF BE 0D 41 25 1E 17 41 59 8E 14 00 00 00 52 00 69 00 6D 00 65 00 63 00 75 00 64 00 20 00 2D 00 20 00 54 00 72 00 6F 00 6A 00 61 00 6E 00 2E 00 52 00 69 00 6D 00 65 00 63 00 75 00 64 00 2D 00 32 00 36 00 34 00 20 00 2D 00 20 00 32 00 30 00 31 00 32 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 02 00 00 00 1A 01 00 00 90 00 32 00 22 E7 00 00 08 41 B7 96 20 00 52 49 4D 45 43 55 7E 32 2E 5A 49 50 00 00 74 00 03 00 04 00 EF BE 0D 41 25 1E 0D 41 25 1E 14 00 00 00 52 00 69 00 6D 00 65 00 63 00 75 00 64 00 20 00 2D 00 20 00 57 00 33 00 32 00 52 00 69 00 6D 00 65 00 63 00 75 00 64 00 2E 00 42 00 2E 00 67 00 65 00 6E 00 21 00 45 00 6C 00 64 00 6F 00 72 00 61 00 64 00 6F 00 20 00 2D 00 20 00 32 00 30 00 31 00 31 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 DC 00 00 00 1A 01 00 00 90 00 32 00 1C E7 00 00 08 41 D5 96 20 00 52 49 4D 45 43 55 7E 33 2E 5A 49 50 00 00 74 00 03 00 04 00 EF BE 0D 41 25 1E 17 41 F1 8D 14 00 00 00 52 00 69 00 6D 00 65 00 63 00 75 00 64 00 20 00 2D 00 20 00 57 00 33 00 32 00 52 00 69 00 6D 00 65 00 63 00 75 00 64 00 2E 00 42 00 2E 00 67 00 65 00 6E 00 21 00 45 00 6C 00 64 00 6F 00 72 00 61 00 64 00 6F 00 20 00 2D 00 20 00 32 00 30 00 31 00 32 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 DC 00 00 00 52 01 00 00 5C 00 32 00 7F B6 00 00 7E 3E 32 84 20 00 53 41 4C 49 54 59 7E 31 2E 5A 49 50 00 00 40 00 03 00 04 00 EF BE 0D 41 25 1E 0D 41 25 1E 14 00 00 00 53 00 61 00 6C 00 69 00 74 00 79 00 2E 00 41 00 44 00 20 00 2D 00 20 00 32 00 30 00 31 00 31 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 02 00 00 00 8A 01 00 00 5C 00 32 00 B6 9D 01 00 7E 3E 4A 84 20 00 53 41 4C 49 54 59 7E 32 2E 5A 49 50 00 00 40 00 03 00 04 00 EF BE 0D 41 25 1E 0D 41 25 1E 14 00 00 00 53 00 61 00 6C 00 69 00 74 00 79 00 2E 00 41 00 4B 00 20 00 2D 00 20 00 32 00 30 00 31 00 30 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 02 00 00 00 C2 01 00 00 5C 00 32 00 AB F5 01 00 7E 3E 20 84 20 00 53 41 4C 49 54 59 7E 33 2E 5A 49 50 00 00 40 00 03 00 04 00 EF BE 0D 41 25 1E 0D 41 25 1E 14 00 00 00 53 00 61 00 6C 00 69 00 74 00 79 00 2E 00 4F 00 47 00 20 00 2D 00 20 00 32 00 30 00 31 00 30 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 02 00 00 00 52 01 00 00 66 00 32 00 29 05 02 00 17 41 3D 87 20 00 52 41 4D 4E 49 54 7E 31 2E 5A 49 50 00 00 4A 00 03 00 04 00 EF BE 17 41 7B 95 17 41 7B 95 14 00 00 00 52 00 61 00 6D 00 6E 00 69 00 74 00 20 00 52 00 6F 00 6F 00 74 00 6B 00 69 00 74 00 20 00 28 00 32 00 30 00 31 00 32 00 29 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 DC 00 00 00 FA 01 00 00 5A 00 31 00 00 00 00 00 17 41 80 95 10 00 52 41 4D 4E 49 54 7E 31 00 00 42 00 03 00 04 00 EF BE 17 41 7D 95 17 41 80 95 14 00 00 00 52 00 61 00 6D 00 6E 00 69 00 74 00 20 00 52 00 6F 00 6F 00 74 00 6B 00 69 00 74 00 20 00 28 00 32 00 30 00 31 00 32 00 29 00 00 00 18 00 DC 00 00 00 FA 01 00 00 00 00 00 00
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\17\Shell\WFlags: 0x00000000
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\17\Shell\WFlags: 0x00000002
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\17\Shell\ShowCmd: 0x00000001
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\17\Shell\ShowCmd: 0x00000003
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\5\Shell\ScrollPos800x600(1).y: 0x00000081
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Microsoft\Windows\ShellNoRoam\Bags\5\Shell\ScrollPos800x600(1).y: 0x00000000
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Sysinternals\Process Explorer\Windowplacement: 2C 00 00 00 02 00 00 00 02 00 00 00 00 83 FF FF 00 83 FF FF FF FF FF FF FF FF FF FF 64 00 00 00 32 00 00 00 20 03 00 00 8A 02 00 00
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Sysinternals\Process Explorer\Windowplacement: 2C 00 00 00 02 00 00 00 03 00 00 00 00 83 FF FF 00 83 FF FF FF FF FF FF FF FF FF FF 64 00 00 00 32 00 00 00 20 03 00 00 8A 02 00 00
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Sysinternals\Process Explorer\Divider: 00 00 00 00 00 00 E0 3F
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Sysinternals\Process Explorer\Divider: D3 DC 05 7F 15 27 E4 3F
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Sysinternals\Process Explorer\SavedDivider: 00 00 00 00 00 00 E0 3F
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Sysinternals\Process Explorer\SavedDivider: D3 DC 05 7F 15 27 E4 3F
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Sysinternals\Process Explorer\ProcessColumns\5: 0x00000096
HKU\S-1-5-21-73586283-616249376-1177238915-500\Software\Sysinternals\Process Explorer\ProcessColumns\5: 0x000000DB
HKU\S-1-5-21-73586283-616249376-1177238915-500\SessionInformation\ProgramCount: 0x00000002
HKU\S-1-5-21-73586283-616249376-1177238915-500\SessionInformation\ProgramCount: 0x00000003

----------------------------------
Total changes:724
----------------------------------