Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

unable to run antivirus and malware [Solved]

Started by papa_A_D , Nov 23 2011 05:51 PM

  • This topic is locked This topic is locked

#31
maliprog
Posted 16 December 2011 - 07:22 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Post TDSSKiller log when you finish the scan.
  • 0

Advertisements

#32
papa_A_D
Posted 16 December 2011 - 06:15 PM

papa_A_D

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Here is the scan..do all the scans look ok? It all seems to be working great now (other that the ie history logs).

papa_A_D

16:05:54.0716 1100 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31

16:05:55.0232 1100 ============================================================

16:05:55.0232 1100 Current date / time: 2011/12/16 16:05:55.0232

16:05:55.0232 1100 SystemInfo:

16:05:55.0232 1100

16:05:55.0232 1100 OS Version: 5.1.2600 ServicePack: 3.0

16:05:55.0232 1100 Product type: Workstation

16:05:55.0232 1100 ComputerName: WALLSTREAT

16:05:55.0232 1100 UserName: Hemphill

16:05:55.0232 1100 Windows directory: C:\WINDOWS

16:05:55.0232 1100 System windows directory: C:\WINDOWS

16:05:55.0232 1100 Processor architecture: Intel x86

16:05:55.0232 1100 Number of processors: 2

16:05:55.0232 1100 Page size: 0x1000

16:05:55.0232 1100 Boot type: Normal boot

16:05:55.0232 1100 ============================================================

16:05:58.0419 1100 Initialize success

16:06:05.0498 2348 ============================================================

16:06:05.0498 2348 Scan started

16:06:05.0498 2348 Mode: Manual;

16:06:05.0498 2348 ============================================================

16:06:06.0544 2348 Abiosdsk - ok

16:06:06.0576 2348 abp480n5 - ok

16:06:06.0654 2348 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

16:06:06.0669 2348 ACPI - ok

16:06:06.0685 2348 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

16:06:06.0685 2348 ACPIEC - ok

16:06:06.0716 2348 adpu160m - ok

16:06:06.0748 2348 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

16:06:06.0763 2348 aec - ok

16:06:06.0826 2348 AegisP (accd563bf09c4659b54143fde633b57d) C:\WINDOWS\system32\DRIVERS\AegisP.sys

16:06:06.0857 2348 AegisP - ok

16:06:06.0919 2348 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

16:06:06.0935 2348 AFD - ok

16:06:07.0029 2348 AgereSoftModem (4458fcb8a00da31fdcc086449274c40d) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

16:06:07.0076 2348 AgereSoftModem - ok

16:06:07.0326 2348 Aha154x - ok

16:06:07.0341 2348 aic78u2 - ok

16:06:07.0357 2348 aic78xx - ok

16:06:07.0419 2348 AliIde - ok

16:06:07.0435 2348 amsint - ok

16:06:07.0529 2348 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

16:06:07.0529 2348 Arp1394 - ok

16:06:07.0544 2348 asc - ok

16:06:07.0560 2348 asc3350p - ok

16:06:07.0591 2348 asc3550 - ok

16:06:07.0654 2348 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\ASPI32.sys

16:06:07.0654 2348 ASPI32 - ok

16:06:07.0716 2348 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

16:06:07.0716 2348 AsyncMac - ok

16:06:07.0748 2348 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

16:06:07.0748 2348 atapi - ok

16:06:07.0763 2348 Atdisk - ok

16:06:07.0810 2348 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

16:06:07.0810 2348 Atmarpc - ok

16:06:08.0029 2348 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

16:06:08.0029 2348 audstub - ok

16:06:08.0076 2348 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

16:06:08.0076 2348 Beep - ok

16:06:08.0263 2348 catchme - ok

16:06:08.0498 2348 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

16:06:08.0498 2348 cbidf2k - ok

16:06:08.0544 2348 cd20xrnt - ok

16:06:08.0623 2348 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

16:06:08.0623 2348 Cdaudio - ok

16:06:08.0701 2348 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

16:06:08.0716 2348 Cdfs - ok

16:06:08.0748 2348 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

16:06:08.0748 2348 Cdrom - ok

16:06:08.0763 2348 Changer - ok

16:06:08.0810 2348 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

16:06:08.0810 2348 CmBatt - ok

16:06:08.0841 2348 CmdIde - ok

16:06:08.0857 2348 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

16:06:08.0857 2348 Compbatt - ok

16:06:08.0904 2348 Cpqarray - ok

16:06:08.0919 2348 dac2w2k - ok

16:06:08.0951 2348 dac960nt - ok

16:06:08.0982 2348 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

16:06:08.0982 2348 Disk - ok

16:06:09.0060 2348 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

16:06:09.0091 2348 dmboot - ok

16:06:09.0373 2348 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

16:06:09.0404 2348 dmio - ok

16:06:09.0419 2348 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

16:06:09.0419 2348 dmload - ok

16:06:09.0466 2348 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

16:06:09.0466 2348 DMusic - ok

16:06:09.0498 2348 dpti2o - ok

16:06:09.0529 2348 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

16:06:09.0529 2348 drmkaud - ok

16:06:09.0591 2348 EMSCR (66029e6c4b19223c24d8710eed3aaeab) C:\WINDOWS\system32\DRIVERS\EMS7SK.sys

16:06:09.0607 2348 EMSCR - ok

16:06:09.0716 2348 ESDCR (9f0fa60836e1d1148cc0c1b6e67aa6f7) C:\WINDOWS\system32\DRIVERS\ESD7SK.sys

16:06:09.0716 2348 ESDCR - ok

16:06:09.0841 2348 ESMCR (d9da881be71b74b328471ccf28b5f0a9) C:\WINDOWS\system32\DRIVERS\ESM7SK.sys

16:06:09.0841 2348 ESMCR - ok

16:06:09.0951 2348 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

16:06:09.0951 2348 Fastfat - ok

16:06:09.0998 2348 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

16:06:10.0013 2348 Fdc - ok

16:06:10.0029 2348 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

16:06:10.0044 2348 Fips - ok

16:06:10.0060 2348 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

16:06:10.0060 2348 Flpydisk - ok

16:06:10.0138 2348 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

16:06:10.0154 2348 FltMgr - ok

16:06:10.0388 2348 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

16:06:10.0388 2348 Fs_Rec - ok

16:06:10.0419 2348 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

16:06:10.0419 2348 Ftdisk - ok

16:06:10.0498 2348 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

16:06:10.0498 2348 GEARAspiWDM - ok

16:06:10.0560 2348 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

16:06:10.0560 2348 Gpc - ok

16:06:10.0607 2348 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

16:06:10.0607 2348 HDAudBus - ok

16:06:10.0669 2348 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

16:06:10.0669 2348 HidUsb - ok

16:06:10.0685 2348 hpn - ok

16:06:10.0779 2348 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

16:06:10.0794 2348 HTTP - ok

16:06:11.0013 2348 i2omgmt - ok

16:06:11.0029 2348 i2omp - ok

16:06:11.0107 2348 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

16:06:11.0107 2348 i8042prt - ok

16:06:11.0310 2348 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

16:06:11.0341 2348 ialm - ok

16:06:11.0638 2348 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

16:06:11.0638 2348 Imapi - ok

16:06:11.0669 2348 ini910u - ok

16:06:12.0060 2348 IntcAzAudAddService (7385944d4f025bd8c498bfd97981e336) C:\WINDOWS\system32\drivers\RtkHDAud.sys

16:06:12.0404 2348 IntcAzAudAddService - ok

16:06:12.0638 2348 IntelIde - ok

16:06:12.0716 2348 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

16:06:12.0716 2348 intelppm - ok

16:06:12.0763 2348 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

16:06:12.0763 2348 Ip6Fw - ok

16:06:12.0794 2348 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

16:06:12.0794 2348 IpFilterDriver - ok

16:06:12.0841 2348 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

16:06:12.0841 2348 IpInIp - ok

16:06:12.0904 2348 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

16:06:12.0904 2348 IpNat - ok

16:06:13.0060 2348 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

16:06:13.0060 2348 IPSec - ok

16:06:13.0185 2348 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

16:06:13.0201 2348 IRENUM - ok

16:06:13.0310 2348 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

16:06:13.0310 2348 isapnp - ok

16:06:13.0373 2348 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys

16:06:13.0373 2348 Iviaspi - ok

16:06:13.0451 2348 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

16:06:13.0466 2348 Kbdclass - ok

16:06:13.0482 2348 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

16:06:13.0498 2348 kbdhid - ok

16:06:13.0560 2348 KLIF (ade4545fe3dd94d2e44678c745477dab) C:\WINDOWS\system32\drivers\klif.sys

16:06:16.0029 2348 KLIF - ok

16:06:16.0279 2348 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

16:06:16.0279 2348 kmixer - ok

16:06:16.0388 2348 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

16:06:16.0388 2348 KSecDD - ok

16:06:16.0451 2348 L8042Kbd (3c342af6b920d37fd9155877af2b4b4e) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys

16:06:16.0451 2348 L8042Kbd - ok

16:06:16.0482 2348 lbrtfdc - ok

16:06:16.0560 2348 LHidKe (952c825c2a3014d4d1648309c42d8718) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys

16:06:16.0576 2348 LHidKe - ok

16:06:16.0638 2348 LHidUsbK (01b150189a1406a67a9489f8c3ee6c23) C:\WINDOWS\system32\Drivers\LHidUsbK.Sys

16:06:16.0638 2348 LHidUsbK - ok

16:06:16.0873 2348 LMouKE (bb9cc32385c3320074009fe4b9b3b3b6) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys

16:06:16.0888 2348 LMouKE - ok

16:06:16.0904 2348 MBAMSwissArmy - ok

16:06:16.0982 2348 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys

16:06:16.0982 2348 meiudf - ok

16:06:17.0029 2348 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

16:06:17.0029 2348 MHNDRV - ok

16:06:17.0060 2348 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

16:06:17.0060 2348 mnmdd - ok

16:06:17.0123 2348 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

16:06:17.0123 2348 Modem - ok

16:06:17.0154 2348 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

16:06:17.0169 2348 Mouclass - ok

16:06:17.0263 2348 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

16:06:17.0279 2348 mouhid - ok

16:06:17.0294 2348 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

16:06:17.0294 2348 MountMgr - ok

16:06:17.0498 2348 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

16:06:17.0498 2348 MpFilter - ok

16:06:17.0607 2348 MpKslcc655b51 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{197F8F5C-7BB4-4950-8670-7F08E85C6FD7}\MpKslcc655b51.sys

16:06:17.0607 2348 MpKslcc655b51 - ok

16:06:17.0638 2348 mraid35x - ok

16:06:17.0701 2348 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

16:06:17.0716 2348 MRxDAV - ok

16:06:17.0951 2348 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

16:06:17.0966 2348 MRxSmb - ok

16:06:18.0029 2348 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

16:06:18.0029 2348 Msfs - ok

16:06:18.0091 2348 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

16:06:18.0091 2348 MSKSSRV - ok

16:06:18.0169 2348 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

16:06:18.0185 2348 MSPCLOCK - ok

16:06:18.0216 2348 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

16:06:18.0216 2348 MSPQM - ok

16:06:18.0326 2348 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

16:06:18.0326 2348 mssmbios - ok

16:06:18.0544 2348 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

16:06:18.0544 2348 Mup - ok

16:06:18.0607 2348 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

16:06:18.0607 2348 NDIS - ok

16:06:18.0669 2348 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

16:06:18.0685 2348 NdisTapi - ok

16:06:18.0763 2348 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

16:06:18.0763 2348 Ndisuio - ok

16:06:18.0779 2348 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

16:06:18.0779 2348 NdisWan - ok

16:06:18.0857 2348 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

16:06:18.0857 2348 NDProxy - ok

16:06:19.0044 2348 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

16:06:19.0044 2348 NetBIOS - ok

16:06:19.0107 2348 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

16:06:19.0107 2348 NetBT - ok

16:06:19.0248 2348 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys

16:06:19.0248 2348 Netdevio - ok

16:06:19.0466 2348 NETw3x32 (f886500c285af271fdd33bf8ba7b32ef) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys

16:06:19.0513 2348 NETw3x32 - ok

16:06:19.0732 2348 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

16:06:19.0732 2348 NIC1394 - ok

16:06:19.0810 2348 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

16:06:19.0810 2348 Npfs - ok

16:06:19.0857 2348 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

16:06:19.0873 2348 Ntfs - ok

16:06:19.0951 2348 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

16:06:19.0951 2348 Null - ok

16:06:19.0982 2348 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

16:06:19.0982 2348 NwlnkFlt - ok

16:06:20.0029 2348 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

16:06:20.0029 2348 NwlnkFwd - ok

16:06:20.0201 2348 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

16:06:20.0201 2348 ohci1394 - ok

16:06:20.0341 2348 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

16:06:20.0341 2348 Parport - ok

16:06:20.0373 2348 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

16:06:20.0373 2348 PartMgr - ok

16:06:20.0404 2348 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

16:06:20.0404 2348 ParVdm - ok

16:06:20.0451 2348 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

16:06:20.0451 2348 PCI - ok

16:06:20.0466 2348 PCIDump - ok

16:06:20.0513 2348 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

16:06:20.0513 2348 PCIIde - ok

16:06:20.0544 2348 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

16:06:20.0544 2348 Pcmcia - ok

16:06:20.0560 2348 PDCOMP - ok

16:06:20.0591 2348 PDFRAME - ok

16:06:20.0607 2348 PDRELI - ok

16:06:20.0638 2348 PDRFRAME - ok

16:06:20.0654 2348 perc2 - ok

16:06:20.0685 2348 perc2hib - ok

16:06:20.0748 2348 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys

16:06:20.0748 2348 Pfc - ok

16:06:20.0779 2348 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

16:06:20.0779 2348 PptpMiniport - ok

16:06:21.0138 2348 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

16:06:21.0138 2348 PSched - ok

16:06:21.0404 2348 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

16:06:21.0404 2348 Ptilink - ok

16:06:21.0435 2348 PxHelp20 - ok

16:06:21.0451 2348 ql1080 - ok

16:06:21.0482 2348 Ql10wnt - ok

16:06:21.0498 2348 ql12160 - ok

16:06:21.0529 2348 ql1240 - ok

16:06:21.0544 2348 ql1280 - ok

16:06:21.0591 2348 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

16:06:21.0591 2348 RasAcd - ok

16:06:21.0669 2348 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

16:06:21.0685 2348 Rasl2tp - ok

16:06:21.0701 2348 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

16:06:21.0701 2348 RasPppoe - ok

16:06:21.0732 2348 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

16:06:21.0732 2348 Raspti - ok

16:06:21.0779 2348 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

16:06:21.0779 2348 Rdbss - ok

16:06:21.0888 2348 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

16:06:21.0888 2348 RDPCDD - ok

16:06:22.0029 2348 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

16:06:22.0029 2348 rdpdr - ok

16:06:22.0076 2348 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

16:06:22.0091 2348 RDPWD - ok

16:06:22.0138 2348 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

16:06:22.0138 2348 redbook - ok

16:06:22.0263 2348 RTLE8023xp (0e74171ee80a8640de564b72dbbb397b) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

16:06:22.0263 2348 RTLE8023xp - ok

16:06:22.0341 2348 s24trans (d4661148e44816b6501be8f4466d65b0) C:\WINDOWS\system32\DRIVERS\s24trans.sys

16:06:22.0388 2348 s24trans - ok

16:06:22.0513 2348 SASKUTIL - ok

16:06:22.0779 2348 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

16:06:22.0779 2348 sdbus - ok

16:06:22.0826 2348 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

16:06:22.0841 2348 Secdrv - ok

16:06:22.0951 2348 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

16:06:22.0951 2348 Serial - ok

16:06:22.0998 2348 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

16:06:22.0998 2348 Sfloppy - ok

16:06:23.0029 2348 Simbad - ok

16:06:23.0060 2348 Sparrow - ok

16:06:23.0091 2348 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

16:06:23.0091 2348 splitter - ok

16:06:23.0169 2348 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

16:06:23.0185 2348 sr - ok

16:06:23.0498 2348 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

16:06:23.0513 2348 Srv - ok

16:06:23.0529 2348 SVRPEDRV - ok

16:06:23.0607 2348 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

16:06:23.0607 2348 swenum - ok

16:06:23.0623 2348 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

16:06:23.0623 2348 swmidi - ok

16:06:23.0669 2348 symc810 - ok

16:06:23.0685 2348 symc8xx - ok

16:06:23.0716 2348 sym_hi - ok

16:06:23.0748 2348 sym_u3 - ok

16:06:23.0826 2348 SynTP (a6cc8c28d5aad4179ef32f05bed55e91) C:\WINDOWS\system32\DRIVERS\SynTP.sys

16:06:23.0826 2348 SynTP - ok

16:06:23.0873 2348 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

16:06:23.0873 2348 sysaudio - ok

16:06:24.0138 2348 tapvpn (27a2c318cd28cfb3eb2200fd96af1e58) C:\WINDOWS\system32\DRIVERS\tapvpn.sys

16:06:24.0138 2348 tapvpn - ok

16:06:24.0232 2348 tbiosdrv (7147b0575bcc93a6ab7d5c90f47c0b9f) C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys

16:06:24.0232 2348 tbiosdrv - ok

16:06:24.0326 2348 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

16:06:24.0341 2348 Tcpip - ok

16:06:24.0388 2348 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys

16:06:24.0388 2348 TcUsb - ok

16:06:24.0451 2348 tdcmdpst (cc1d7bc6a3632c55ee6d8877e9b936f3) C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys

16:06:24.0498 2348 tdcmdpst - ok

16:06:24.0732 2348 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

16:06:24.0748 2348 TDPIPE - ok

16:06:24.0779 2348 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

16:06:24.0779 2348 TDTCP - ok

16:06:24.0841 2348 tdudf (09aa3cf863793f92276b39e74878c386) C:\WINDOWS\system32\DRIVERS\tdudf.sys

16:06:24.0841 2348 tdudf - ok

16:06:24.0919 2348 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

16:06:24.0919 2348 TermDD - ok

16:06:24.0982 2348 TosIde - ok

16:06:25.0044 2348 tosrfec (cc069342ee0eae55b32a0ae99cf6185c) C:\WINDOWS\system32\DRIVERS\tosrfec.sys

16:06:25.0091 2348 tosrfec - ok

16:06:25.0341 2348 TVALD (676db15ddf2e0ff6ec03068dea428b8b) C:\WINDOWS\system32\DRIVERS\NBSMI.sys

16:06:25.0373 2348 TVALD - ok

16:06:25.0435 2348 Tvs (546dfba6486569120d33f7ad6e94efdd) C:\WINDOWS\system32\DRIVERS\Tvs.sys

16:06:25.0513 2348 Tvs - ok

16:06:25.0576 2348 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

16:06:25.0576 2348 Udfs - ok

16:06:25.0607 2348 ultra - ok

16:06:25.0701 2348 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

16:06:25.0716 2348 Update - ok

16:06:25.0982 2348 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

16:06:25.0982 2348 usbccgp - ok

16:06:26.0029 2348 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

16:06:26.0029 2348 usbehci - ok

16:06:26.0091 2348 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

16:06:26.0091 2348 usbhub - ok

16:06:26.0138 2348 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

16:06:26.0138 2348 USBSTOR - ok

16:06:26.0232 2348 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

16:06:26.0232 2348 usbuhci - ok

16:06:26.0263 2348 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

16:06:26.0263 2348 VgaSave - ok

16:06:26.0279 2348 ViaIde - ok

16:06:26.0326 2348 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

16:06:26.0326 2348 VolSnap - ok

16:06:26.0576 2348 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

16:06:26.0576 2348 Wanarp - ok

16:06:26.0638 2348 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

16:06:26.0638 2348 wanatw - ok

16:06:26.0654 2348 WDICA - ok

16:06:26.0716 2348 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

16:06:26.0732 2348 wdmaud - ok

16:06:26.0873 2348 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

16:06:26.0873 2348 WudfPf - ok

16:06:26.0919 2348 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

16:06:26.0919 2348 WudfRd - ok

16:06:26.0998 2348 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk0\DR0

16:06:27.0201 2348 \Device\Harddisk0\DR0 - ok

16:06:27.0201 2348 Boot (0x1200) (a6592f2a48b0a281db0e2bf06cea5495) \Device\Harddisk0\DR0\Partition0

16:06:27.0201 2348 \Device\Harddisk0\DR0\Partition0 - ok

16:06:27.0201 2348 ============================================================

16:06:27.0201 2348 Scan finished

16:06:27.0201 2348 ============================================================

16:06:27.0341 1328 Detected object count: 0

16:06:27.0341 1328 Actual detected object count: 0
  • 0

#33
maliprog
Posted 17 December 2011 - 02:18 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi papa_A_D,

Start Internet Explorer and click on Tools then Internet Options.

Ensure that Delete browsing history on exit is un-checked. Also click Settings and see that the Days to keep pages in history is set at 20 days.

Posted Image
  • 0

#34
papa_A_D
Posted 17 December 2011 - 05:15 PM

papa_A_D

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
"Start Internet Explorer and click on Tools then Internet Options.
Ensure that Delete browsing history on exit is un-checked. Also click Settings and see that the Days to keep pages in history is set at 20 days."

I don't have the "Delete browsing history on exit" available there. I did a Print Screen on the what's going on with the Favorites Center history problem, but I can't seem to attach or cut & paste it to a Reply. It would clear up the mystery a little bit. How can I get this JPG file to you, maliprog?

papa_A_D
  • 0

#35
papa_A_D
Posted 17 December 2011 - 05:17 PM

papa_A_D

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Got it!

Attached Thumbnails

  • ie history.JPG

  • 0

#36
maliprog
Posted 18 December 2011 - 06:27 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Let's try this.

Start Internet Explorer and click on Tools then Internet Options.
Click on Advanced tab and press Reset... button.
Make sure that Delete personal setting IS NOT SELECTED.
Press Reset button.

Restart your IE and see if it works now.
  • 0

#37
papa_A_D
Posted 18 December 2011 - 07:12 PM

papa_A_D

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Sorry, maliprog, but my ie7 doesn't have a Delete personal settings check box anywhere in the Reset Internet Explorer window. I've looked all around the Internet Options window tabs for something similar but with no help. What the heck is the name of this bug or bugs I acquired? By the way, you have all the patience in the world to be able to continue with this mess. Now what? Thanks...

papa_A_D
  • 0

#38
maliprog
Posted 19 December 2011 - 12:15 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi papa_A_D,

Let's try to install new version Internet Explorer 8.

Please download and install IE 8 from Here. Let me know if you still have any problems after this.
  • 0

#39
papa_A_D
Posted 20 December 2011 - 04:04 PM

papa_A_D

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
ok, I'll give it a shot...standby

papa_A_D_
  • 0

#40
papa_A_D
Posted 20 December 2011 - 08:58 PM

papa_A_D

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Hi...I've installed IE 8 and re-booted as you asked. I don't believe it installed, maliprog. Nothing seems to have changed. The About Internet Explorer file from the Help tab still reads the same Version - 7.0.5730 sp3. What now? By the way, whenever this finishes, I really want to know what bug(s) we've been dealing with. Thanks,

papa_A_D

Edited by papa_A_D, 20 December 2011 - 09:12 PM.

  • 0

Advertisements

#41
maliprog
Posted 21 December 2011 - 01:12 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi papa_A_D,

That is strange... Let's see where we stand now.

Step 1

Please ZIP this file

C:\Temp\aswMBR\MBR.dat

and attach it to your next reply.

Step 2

Please delete your version of Combofix and download new one.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 3

Delete your version of TDSSKiller and download new one.

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 4

Please don't forget to include these items in your reply:

  • MBR.dat
  • Combofix log
  • TDSSKiller log
It would be helpful if you could post each log in separate post
  • 0

#42
papa_A_D
Posted 21 December 2011 - 03:49 PM

papa_A_D

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Step 1 is attached
Step 2: Here is the Combo log:

ComboFix 11-12-21.02 - Hemphill 12/21/2011 14:36:53.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.177 [GMT -8:00]
Running from: c:\documents and settings\Hemphill\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Hemphill\Desktop\Explorer XP.exe
c:\documents and settings\Hemphill\Local Settings\Application Data\assembly\tmp
c:\windows\system32\oobe\isperror
c:\windows\system32\oobe\isperror\ispcnerr.htm
c:\windows\system32\oobe\isperror\ispdtone.htm
c:\windows\system32\oobe\isperror\isphdshk.htm
c:\windows\system32\oobe\isperror\ispins.htm
c:\windows\system32\oobe\isperror\ispnoanw.htm
c:\windows\system32\oobe\isperror\isppberr.htm
c:\windows\system32\oobe\isperror\ispphbsy.htm
c:\windows\system32\oobe\isperror\ispsbusy.htm
.
.
((((((((((((((((((((((((( Files Created from 2011-11-21 to 2011-12-21 )))))))))))))))))))))))))))))))
.
.
2011-12-21 02:24 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{03686EA9-E2C8-4DF7-AEDB-E7A9A3CB8F50}\mpengine.dll
2011-12-16 06:05 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-16 04:35 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-15 20:44 . 2011-12-15 20:44 -------- d-----w- C:\_OTL
2011-12-15 01:32 . 2011-12-15 01:32 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-12 07:47 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-12-12 07:47 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-12-12 07:46 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-12-02 01:05 . 2011-12-02 00:20 302592 ----a-w- C:\is7cwtxh.exe
2011-11-22 03:44 . 2011-11-22 03:44 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-11-22 03:43 . 2011-11-22 03:53 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-12 04:11 . 2004-08-03 22:59 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-11-23 13:25 . 2006-07-19 00:48 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 07:45 . 2006-07-19 23:24 114688 ----a-w- c:\windows\system32\TODDSrv.exe
2011-11-08 02:19 . 2006-11-03 03:40 174656 ----a-w- c:\windows\system32\PSIService.exe
2011-11-08 00:51 . 2006-07-19 23:11 114688 ----a-w- c:\windows\system32\DVDRAMSV.exe
2011-11-02 22:51 . 2008-04-19 04:22 36864 ----a-w- c:\windows\system32\acs.exe
2011-11-01 16:07 . 2006-07-19 00:47 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 23:43 . 2006-07-19 00:48 832512 ----a-w- c:\windows\system32\wininet.dll
2011-10-31 23:43 . 2006-07-19 00:47 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-10-31 23:43 . 2006-07-19 00:47 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-10-31 23:43 . 2006-07-19 00:46 17408 ------w- c:\windows\system32\corpol.dll
2011-10-31 20:57 . 2006-07-19 00:47 389120 ----a-w- c:\windows\system32\html.iec
2011-10-28 05:31 . 2006-07-19 00:46 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2004-08-03 23:18 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-15 01:38 . 2006-07-19 00:47 456192 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2006-07-19 02:35 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2006-07-19 00:46 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 19:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 19:41 . 2006-07-19 00:47 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 19:41 . 2006-07-19 00:47 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-06 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-02 364544]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-7-19 155648]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 11 (0xb)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic 6
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SecureZIP Attachments Status.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SetPoint.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Hemphill^Start Menu^Programs^Startup^DING!.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Hemphill^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Hemphill^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 19:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-05 17:04 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDWMon]
2006-04-26 00:57 299008 -c--a-w- c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlccmon.exe]
2005-07-22 19:03 425984 -c--a-w- c:\program files\Dell Photo AIO Printer 924\dlccmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2007-02-26 09:01 437160 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 20:56 64512 -c--a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 22:08 421160 -c--a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
2005-12-06 05:06 1077322 ----a-w- c:\program files\TOSHIBA\Touch and Launch\PadExe.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger]
2005-03-18 00:37 151552 -c--a-w- c:\toshiba\IVP\ISM\pinger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 -c--a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-01-01 20:02 136600 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-06 04:39 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-03-02 23:02 761948 -c--a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
2004-12-30 07:32 65536 ----a-w- c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
2005-06-01 04:00 282624 ----a-w- c:\windows\system32\TPSMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
2006-02-02 19:11 73728 -c--a-w- c:\program files\TOSHIBA\Tvs\TvsTray.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Barnes & Noble\\NOOKstudy\\NOOKstudy.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [6/28/2006 10:50 AM 98816]
S1 MpKslc33e629a;MpKslc33e629a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{197F8F5C-7BB4-4950-8670-7F08E85C6FD7}\MpKslc33e629a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{197F8F5C-7BB4-4950-8670-7F08E85C6FD7}\MpKslc33e629a.sys [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.SYS --> c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\PEDrv.sys --> c:\sysprep\PEDrv.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2011-12-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-06 00:51]
.
2011-12-21 c:\windows\Tasks\User_Feed_Synchronization-{A00C3A91-1B39-4F57-A4C7-6A0B0F8DC435}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 01:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Save Page As PDF ... - file://c:\program files\Nitro PDF\PDF Download\nitroweb.htm
Trusted Zone: wordpress.com
Trusted Zone: wordpress.com\support
TCP: DhcpNameServer = 192.168.1.254
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-21 14:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\America Online\ygp3]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\MediaPlayer\Player\Skins\res://wmploc/RT_TEXT/MainAppSkin2.wsz]
@DACL=(02 0000)
@SACL=
"Prefs"="mute;False;TrackTimeFormat;0;miniModePrevWidth;1280;miniModePrevHeight;774;currentMetadataIconV11;2"
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\0]
@DACL=(02 0000)
@SACL=
"ViewView2"=hex:1c,00,00,00,01,00,00,00,00,00,12,09,00,00,64,00,00,00,00,00,01,
00,00,00,ff,ff,ff,ff,f0,f0,f0,f0,14,00,03,00,64,00,00,00,00,00,00,00,30,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\1]
@DACL=(02 0000)
@SACL=
"ViewView2"=hex:1c,00,00,00,06,00,00,00,00,00,00,00,00,00,9c,00,00,00,00,00,01,
00,00,00,ff,ff,ff,ff,f0,f0,f0,f0,14,00,03,00,9c,00,00,00,00,00,00,00,30,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\2]
@DACL=(02 0000)
@SACL=
"ViewView2"=hex:1c,00,00,00,06,00,00,00,00,00,02,00,00,00,9c,00,00,00,00,00,01,
00,00,00,ff,ff,ff,ff,f0,f0,f0,f0,14,00,03,00,9c,00,00,00,00,00,00,00,30,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\3]
@DACL=(02 0000)
@SACL=
"ViewView2"=hex:1c,00,00,00,06,00,00,00,00,00,00,00,00,00,9c,00,00,00,00,00,01,
00,00,00,ff,ff,ff,ff,f0,f0,f0,f0,14,00,03,00,9c,00,00,00,00,00,00,00,30,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\4]
@DACL=(02 0000)
@SACL=
"ViewView2"=hex:1c,00,00,00,06,00,00,00,00,00,00,00,00,00,9c,00,00,00,00,00,01,
00,00,00,ff,ff,ff,ff,f0,f0,f0,f0,14,00,03,00,9c,00,00,00,00,00,00,00,30,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\5]
@DACL=(02 0000)
@SACL=
"ViewView2"=hex:1c,00,00,00,06,00,00,00,00,00,00,00,00,00,9c,00,00,00,00,00,01,
00,00,00,ff,ff,ff,ff,f0,f0,f0,f0,14,00,03,00,9c,00,00,00,00,00,00,00,30,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\6]
@DACL=(02 0000)
@SACL=
"ViewView2"=hex:1c,00,00,00,06,00,00,00,00,00,00,00,00,00,90,00,00,00,00,00,01,
00,00,00,ff,ff,ff,ff,f0,f0,f0,f0,14,00,03,00,90,00,00,00,00,00,00,00,30,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\7]
@DACL=(02 0000)
@SACL=
"ViewView2"=hex:1c,00,00,00,06,00,00,00,00,00,00,00,00,00,90,00,00,00,00,00,01,
00,00,00,ff,ff,ff,ff,f0,f0,f0,f0,14,00,03,00,90,00,00,00,00,00,00,00,30,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\8]
@DACL=(02 0000)
@SACL=
"ViewView2"=hex:1c,00,00,00,06,00,00,00,00,00,00,00,00,00,90,00,00,00,00,00,01,
00,00,00,ff,ff,ff,ff,f0,f0,f0,f0,14,00,03,00,90,00,00,00,00,00,00,00,30,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\9]
@DACL=(02 0000)
@SACL=
"ViewView2"=hex:1c,00,00,00,06,00,00,00,00,00,00,00,00,00,9c,00,00,00,00,00,01,
00,00,00,ff,ff,ff,ff,f0,f0,f0,f0,14,00,03,00,9c,00,00,00,00,00,00,00,30,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\Desktop]
@DACL=(02 0000)
@SACL=
"Toolbars"=hex:11,00,00,00,00,00,00,00
"TaskbarWinXP"=hex:0c,00,00,00,08,00,00,00,01,00,00,00,00,00,00,00,aa,4f,28,68,
48,6a,d0,11,8c,78,00,c0,4f,d9,18,b4,0c,03,00,00,e0,0c,00,00,00,00,00,00,1e,\
"Upgrade"=dword:00000001
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\Shell\Bags\1]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0]
@DACL=(02 0000)
@SACL=
"0"=hex:14,00,2e,00,20,20,ec,21,ea,3a,69,10,a2,dd,08,00,2b,30,30,9d,00,00
"MRUListEx"=hex:00,00,00,00,02,00,00,00,04,00,00,00,03,00,00,00,05,00,00,00,01,
00,00,00,ff,ff,ff,ff
"1"=hex:19,00,2f,45,3a,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00
"NodeSlot"=dword:00000003
"2"=hex:19,00,2f,43,3a,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00
"3"=hex:44,00,2e,00,1e,00,02,00,00,00,48,00,65,00,6d,00,70,00,68,00,69,00,6c,
00,6c,00,00,00,00,00,00,00,00,00,00,00,74,1a,59,5e,96,df,d3,48,8d,67,17,33,\
"4"=hex:32,00,2e,00,0c,00,00,00,00,00,00,00,00,00,00,00,00,00,74,1a,59,5e,96,
df,d3,48,8d,67,17,33,bc,ee,28,ba,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,\
"5"=hex:19,00,2f,44,3a,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\0\1]
@DACL=(02 0000)
"NodeSlot"=dword:0000009d
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\0\2]
@DACL=(02 0000)
"NodeSlot"=dword:000000a2
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\0\3]
@DACL=(02 0000)
"NodeSlot"=dword:00000217
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\0\4]
@DACL=(02 0000)
"NodeSlot"=dword:00000466
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\1\0\0\0\10]
@DACL=(02 0000)
"NodeSlot"=dword:00000449
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\1\0\0\0\4]
@DACL=(02 0000)
"NodeSlot"=dword:00000072
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\1\0\0\0\5]
@DACL=(02 0000)
"NodeSlot"=dword:00000073
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\1\0\0\0\6]
@DACL=(02 0000)
"NodeSlot"=dword:000002be
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\1\0\0\0\7]
@DACL=(02 0000)
"0"=hex:5c,00,31,00,00,00,00,00,f3,34,10,15,11,00,53,59,53,54,45,4d,7e,31,00,
00,44,00,03,00,04,00,ef,be,f3,34,40,14,8b,38,01,20,14,00,2e,00,53,00,79,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"NodeSlot"=dword:00000334
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\1\0\0\0\8]
@DACL=(02 0000)
"NodeSlot"=dword:00000343
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\1\0\0\0\9]
@DACL=(02 0000)
"NodeSlot"=dword:00000414
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\1\0\1]
@DACL=(02 0000)
"0"=hex:42,00,31,00,00,00,00,00,4a,3b,8e,3e,10,00,41,53,43,45,4e,54,7e,31,00,
00,2a,00,03,00,04,00,ef,be,4a,3b,8e,3e,4a,3b,8e,3e,14,00,00,00,41,00,73,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\1\1]
@DACL=(02 0000)
"0"=hex:58,00,31,00,00,00,00,00,f2,34,89,9b,11,00,53,54,41,52,54,4d,7e,31,00,
00,40,00,03,00,04,00,ef,be,3a,36,97,a1,3a,36,07,b2,14,00,2a,00,53,00,74,00,\
"MRUListEx"=hex:06,00,00,00,10,00,00,00,01,00,00,00,0a,00,00,00,00,00,00,00,0e,
00,00,00,08,00,00,00,16,00,00,00,14,00,00,00,0c,00,00,00,02,00,00,00,15,00,\
"1"=hex:56,00,31,00,00,00,00,00,3a,36,b9,a1,11,00,46,41,56,4f,52,49,7e,31,00,
00,3e,00,03,00,04,00,ef,be,3a,36,97,a1,3a,36,8a,b8,14,00,28,00,46,00,61,00,\
"NodeSlot"=dword:00000051
"2"=hex:40,00,31,00,00,00,00,00,3a,36,4c,be,11,00,4d,59,4d,55,53,49,7e,31,00,
00,28,00,03,00,04,00,ef,be,3a,36,4c,be,3a,36,4c,be,14,00,00,00,4d,00,79,00,\
"3"=hex:46,00,31,00,00,00,00,00,3a,36,f8,bb,10,00,44,41,44,27,53,46,7e,31,00,
00,2e,00,03,00,04,00,ef,be,3a,36,bb,ba,3a,36,f8,bb,14,00,00,00,44,00,61,00,\
"4"=hex:3c,00,31,00,00,00,00,00,3a,36,24,bd,14,00,43,6f,6f,6b,69,65,73,00,26,
00,03,00,04,00,ef,be,3a,36,97,a1,3a,36,24,bd,14,00,00,00,43,00,6f,00,6f,00,\
"5"=hex:3c,00,31,00,00,00,00,00,3a,36,6c,bb,10,00,46,75,74,75,72,65,73,00,26,
00,03,00,04,00,ef,be,3a,36,66,bb,3b,36,f2,00,14,00,00,00,46,00,75,00,74,00,\
"6"=hex:64,00,31,00,00,00,00,00,3a,36,59,bf,11,00,4d,59,44,4f,43,55,7e,31,00,
00,30,00,03,00,04,00,ef,be,3a,36,97,a1,3b,36,37,36,14,00,00,00,4d,00,79,00,\
"7"=hex:36,00,31,00,00,00,00,00,3e,36,c0,04,10,00,61,64,76,66,6e,00,22,00,03,
00,04,00,ef,be,3e,36,bd,04,3f,36,75,75,14,00,00,00,61,00,64,00,76,00,66,00,\
"8"=hex:4c,00,31,00,00,00,00,00,3b,36,6b,00,12,00,4c,4f,43,41,4c,53,7e,31,00,
00,34,00,03,00,04,00,ef,be,3a,36,97,a1,54,36,c0,12,14,00,00,00,4c,00,6f,00,\
"9"=hex:40,00,31,00,00,00,00,00,69,36,9a,3a,10,00,66,6c,65,78,64,6f,63,6b,00,
00,28,00,03,00,04,00,ef,be,69,36,9a,3a,6a,36,a9,10,14,00,00,00,66,00,6c,00,\
"10"=hex:3c,00,31,00,00,00,00,00,6d,36,cb,28,10,00,44,65,73,6b,74,6f,70,00,26,
00,03,00,04,00,ef,be,3a,36,97,a1,6d,36,cb,28,14,00,00,00,44,00,65,00,73,00,\
"11"=hex:36,00,31,00,00,00,00,00,6a,36,ec,96,10,00,65,74,70,72,6f,00,22,00,03,
00,04,00,ef,be,69,36,98,3a,6d,36,79,1f,14,00,00,00,65,00,74,00,70,00,72,00,\
"12"=hex:3a,00,31,00,00,00,00,00,b2,36,46,3b,13,00,52,65,63,65,6e,74,00,00,24,
00,03,00,04,00,ef,be,3a,36,97,a1,b2,36,46,3b,14,00,00,00,52,00,65,00,63,00,\
"13"=hex:42,00,31,00,00,00,00,00,f2,34,89,9b,12,00,50,52,49,4e,54,48,7e,31,00,
00,2a,00,03,00,04,00,ef,be,3a,36,97,a1,b2,36,0a,1c,14,00,00,00,50,00,72,00,\
"14"=hex:3c,00,31,00,00,00,00,00,f4,34,f2,02,10,00,57,49,4e,44,4f,57,53,00,26,
00,03,00,04,00,ef,be,3a,36,97,a1,d8,36,3d,31,14,00,00,00,57,00,49,00,4e,00,\
"15"=hex:40,00,31,00,00,00,00,00,3c,36,50,31,14,00,55,73,65,72,44,61,74,61,00,
00,28,00,03,00,04,00,ef,be,3c,36,50,31,f7,36,4b,1b,14,00,00,00,55,00,73,00,\
"16"=hex:44,00,31,00,00,00,00,00,f8,36,78,13,10,00,49,4e,43,4f,4d,50,7e,31,00,
00,2c,00,03,00,04,00,ef,be,f8,36,07,13,f8,36,78,13,14,00,00,00,49,00,6e,00,\
"17"=hex:3c,00,31,00,00,00,00,00,4d,36,f6,ab,12,00,4e,65,74,48,6f,6f,64,00,26,
00,03,00,04,00,ef,be,3a,36,97,a1,f8,36,d5,13,14,00,00,00,4e,00,65,00,74,00,\
"18"=hex:3a,00,31,00,00,00,00,00,f8,36,78,13,10,00,53,68,61,72,65,64,00,00,24,
00,03,00,04,00,ef,be,f8,36,12,13,f8,36,78,13,14,00,00,00,53,00,68,00,61,00,\
"19"=hex:3a,00,31,00,00,00,00,00,8a,36,e6,02,13,00,53,65,6e,64,54,6f,00,00,24,
00,03,00,04,00,ef,be,3a,36,97,a1,04,37,47,90,14,00,00,00,53,00,65,00,6e,00,\
"20"=hex:64,00,31,00,00,00,00,00,15,37,21,12,13,00,41,50,50,4c,49,43,7e,31,00,
00,4c,00,03,00,04,00,ef,be,3a,36,97,a1,19,37,96,06,14,00,36,00,41,00,70,00,\
"21"=hex:56,00,31,00,00,00,00,00,3a,38,f3,85,10,00,53,55,4e,44,4f,57,7e,31,00,
00,3e,00,03,00,04,00,ef,be,3a,38,77,85,42,38,ab,ab,14,00,00,00,2e,00,53,00,\
"22"=hex:34,00,31,00,00,00,00,00,6b,39,14,0e,10,00,74,65,6d,70,00,00,20,00,03,
00,04,00,ef,be,6b,39,14,0e,6b,39,49,23,14,00,00,00,74,00,65,00,6d,00,70,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\1\2]
@DACL=(02 0000)
"NodeSlot"=dword:000000b4
"MRUListEx"=hex:01,00,00,00,00,00,00,00,ff,ff,ff,ff
"0"=hex:4c,00,31,00,00,00,00,00,f2,34,89,9b,12,00,4c,4f,43,41,4c,53,7e,31,00,
00,34,00,03,00,04,00,ef,be,f3,34,38,15,54,36,3b,0f,14,00,00,00,4c,00,6f,00,\
"1"=hex:58,00,31,00,00,00,00,00,f2,34,89,9b,11,00,53,54,41,52,54,4d,7e,31,00,
00,40,00,03,00,04,00,ef,be,f3,34,38,15,8b,38,00,20,14,00,2a,00,53,00,74,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\1\3]
@DACL=(02 0000)
"NodeSlot"=dword:000000d6
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:4c,00,31,00,00,00,00,00,f2,34,89,9b,12,00,4c,4f,43,41,4c,53,7e,31,00,
00,34,00,03,00,04,00,ef,be,f2,34,89,9b,54,36,3d,0f,14,00,00,00,4c,00,6f,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\1\4]
@DACL=(02 0000)
"0"=hex:3c,00,31,00,00,00,00,00,48,38,99,a2,16,20,43,6f,6f,6b,69,65,73,00,26,
00,03,00,04,00,ef,be,f3,34,2e,15,9e,3a,24,26,14,00,00,00,43,00,6f,00,6f,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\1\5]
@DACL=(02 0000)
"0"=hex:3c,00,31,00,00,00,00,00,48,38,50,a7,16,20,43,6f,6f,6b,69,65,73,00,26,
00,03,00,04,00,ef,be,f3,34,2d,15,9d,3a,2f,42,14,00,00,00,43,00,6f,00,6f,00,\
"MRUListEx"=hex:01,00,00,00,00,00,00,00,ff,ff,ff,ff
"1"=hex:4c,00,31,00,00,00,00,00,f3,34,2d,15,12,00,4c,4f,43,41,4c,53,7e,31,00,
00,34,00,03,00,04,00,ef,be,f3,34,2d,15,9e,3a,24,26,14,00,00,00,4c,00,6f,00,\
"NodeSlot"=dword:0000048f
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\10]
@DACL=(02 0000)
"NodeSlot"=dword:00000071
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\11]
@DACL=(02 0000)
"NodeSlot"=dword:0000008a
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\12]
@DACL=(02 0000)
"NodeSlot"=dword:00000098
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\13]
@DACL=(02 0000)
"NodeSlot"=dword:00000099
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:34,00,31,00,00,00,00,00,3b,36,72,02,10,00,48,65,6c,70,00,00,20,00,03,
00,04,00,ef,be,3b,36,71,02,70,36,92,0d,14,00,00,00,48,00,65,00,6c,00,70,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\14]
@DACL=(02 0000)
"NodeSlot"=dword:000000a8
"MRUListEx"=hex:00,00,00,00,01,00,00,00,ff,ff,ff,ff
"0"=hex:46,00,31,00,00,00,00,00,49,36,69,4c,10,00,49,4e,46,4f,52,4d,7e,31,00,
00,2e,00,03,00,04,00,ef,be,49,36,69,4c,4c,36,ef,2a,14,00,00,00,69,00,6e,00,\
"1"=hex:34,00,31,00,00,00,00,00,42,37,12,94,10,00,68,65,6c,70,00,00,20,00,03,
00,04,00,ef,be,49,36,69,4c,42,37,12,94,14,00,00,00,68,00,65,00,6c,00,70,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\15]
@DACL=(02 0000)
"NodeSlot"=dword:000000e3
"MRUListEx"=hex:03,00,00,00,02,00,00,00,01,00,00,00,00,00,00,00,ff,ff,ff,ff
"0"=hex:3c,00,31,00,00,00,00,00,3c,36,01,1d,10,00,56,53,66,6c,65,78,37,00,26,
00,03,00,04,00,ef,be,3c,36,01,1d,8b,38,03,20,14,00,00,00,56,00,53,00,66,00,\
"1"=hex:3a,00,31,00,00,00,00,00,3c,36,28,1d,10,00,56,53,4f,43,58,36,00,00,24,
00,03,00,04,00,ef,be,3c,36,28,1d,8b,38,03,20,14,00,00,00,56,00,53,00,4f,00,\
"2"=hex:40,00,31,00,00,00,00,00,3c,36,48,1d,10,00,56,53,53,50,45,4c,4c,36,00,
00,28,00,03,00,04,00,ef,be,3c,36,48,1d,8b,38,03,20,14,00,00,00,56,00,53,00,\
"3"=hex:3c,00,31,00,00,00,00,00,3c,36,54,1d,10,00,56,73,56,49,45,57,36,00,26,
00,03,00,04,00,ef,be,3c,36,52,1d,8b,38,c7,2b,14,00,00,00,56,00,73,00,56,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\16]
@DACL=(02 0000)
"NodeSlot"=dword:000000e4
"MRUListEx"=hex:02,00,00,00,03,00,00,00,01,00,00,00,00,00,00,00,ff,ff,ff,ff
"0"=hex:30,00,31,00,00,00,00,00,3c,36,72,1a,10,00,42,49,4e,00,1e,00,03,00,04,
00,ef,be,3c,36,70,1a,54,36,31,b2,14,00,00,00,42,00,49,00,4e,00,00,00,12,00,\
"1"=hex:40,00,31,00,00,00,00,00,3c,36,81,1a,10,00,45,58,41,4d,50,4c,45,53,00,
00,28,00,03,00,04,00,ef,be,3c,36,7b,1a,54,36,36,b2,14,00,00,00,45,00,58,00,\
"2"=hex:3a,00,31,00,00,00,00,00,3c,36,6f,1a,10,00,49,4d,41,47,45,53,00,00,24,
00,03,00,04,00,ef,be,3c,36,6e,1a,63,36,db,7b,14,00,00,00,49,00,4d,00,41,00,\
"3"=hex:34,00,31,00,00,00,00,00,3c,36,87,1a,10,00,48,45,4c,50,00,00,20,00,03,
00,04,00,ef,be,3c,36,83,1a,48,38,64,03,14,00,00,00,48,00,45,00,4c,00,50,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\17]
@DACL=(02 0000)
"NodeSlot"=dword:00000127
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\18]
@DACL=(02 0000)
"0"=hex:40,00,31,00,00,00,00,00,00,00,00,00,10,00,48,65,6d,70,68,69,6c,6c,00,
00,28,00,03,00,04,00,ef,be,00,00,00,00,00,00,00,00,14,00,00,00,48,00,65,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\19]
@DACL=(02 0000)
"0"=hex:3c,00,31,00,00,00,00,00,3d,36,53,15,10,00,44,72,69,76,65,72,73,00,26,
00,03,00,04,00,ef,be,3d,36,53,15,96,36,a5,a5,14,00,00,00,44,00,72,00,69,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"NodeSlot"=dword:00000341
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\2\0\0]
@DACL=(02 0000)
"0"=hex:4a,00,31,00,00,00,00,00,b3,3c,96,ab,10,00,50,52,4f,47,52,41,7e,31,00,
00,32,00,03,00,04,00,ef,be,b3,3c,96,ab,b3,3c,96,ab,14,00,00,00,70,00,72,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\2\10]
@DACL=(02 0000)
"NodeSlot"=dword:00000507
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\2\2]
@DACL=(02 0000)
"NodeSlot"=dword:00000068
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\2\3]
@DACL=(02 0000)
"NodeSlot"=dword:00000097
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\2\4]
@DACL=(02 0000)
"0"=hex:ef,00,31,00,00,00,00,00,49,36,98,64,10,00,73,68,61,72,65,64,00,00,24,
00,03,00,04,00,ef,be,f3,34,bd,14,18,37,0d,98,14,00,00,00,73,00,68,00,61,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\2\5]
@DACL=(02 0000)
"NodeSlot"=dword:00000296
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\2\6]
@DACL=(02 0000)
"NodeSlot"=dword:000002c1
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\2\7]
@DACL=(02 0000)
"NodeSlot"=dword:00000344
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\2\8]
@DACL=(02 0000)
"NodeSlot"=dword:0000035e
"MRUListEx"=hex:01,00,00,00,00,00,00,00,ff,ff,ff,ff
"0"=hex:46,00,31,00,00,00,00,00,de,38,f2,12,10,00,43,4f,4e,46,4c,49,43,54,2e,
31,00,00,2c,00,03,00,04,00,ef,be,de,38,ee,12,de,38,f2,12,14,00,00,00,43,00,\
"1"=hex:36,00,31,00,00,00,00,00,62,36,d6,31,10,00,57,65,62,45,78,00,22,00,03,
00,04,00,ef,be,62,36,d6,31,d6,38,50,1d,14,00,00,00,57,00,65,00,62,00,45,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\2\9]
@DACL=(02 0000)
"NodeSlot"=dword:0000045b
"MRUListEx"=hex:00,00,00,00,01,00,00,00,ff,ff,ff,ff
"0"=hex:40,00,31,00,00,00,00,00,23,3a,b5,12,10,00,31,2d,32,2d,32,30,30,39,00,
00,28,00,03,00,04,00,ef,be,23,3a,b3,12,4e,3a,08,04,14,00,00,00,31,00,2d,00,\
"1"=hex:42,00,31,00,00,00,00,00,4e,3a,e0,0d,10,00,32,2d,31,33,2d,32,7e,31,00,
00,2a,00,03,00,04,00,ef,be,4e,3a,db,0d,4e,3a,e0,0d,14,00,00,00,32,00,2d,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\20]
@DACL=(02 0000)
"NodeSlot"=dword:000001cd
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\21]
@DACL=(02 0000)
"NodeSlot"=dword:000001d4
"MRUListEx"=hex:02,00,00,00,01,00,00,00,00,00,00,00,ff,ff,ff,ff
"0"=hex:7c,00,31,00,00,00,00,00,9a,36,94,1c,10,00,7b,39,46,35,46,42,7e,31,00,
00,64,00,03,00,04,00,ef,be,49,36,ce,51,b6,36,00,11,14,00,00,00,7b,00,39,00,\
"1"=hex:34,00,31,00,00,00,00,00,6b,39,92,02,10,00,37,36,2d,68,00,00,20,00,03,
00,04,00,ef,be,6b,39,91,02,6b,39,92,02,14,00,00,00,37,00,36,00,2d,00,68,00,\
"2"=hex:34,00,31,00,00,00,00,00,6b,39,f6,0d,10,00,37,34,2d,68,00,00,20,00,03,
00,04,00,ef,be,6b,39,f4,0d,6b,39,f6,0d,14,00,00,00,37,00,34,00,2d,00,68,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\22]
@DACL=(02 0000)
"NodeSlot"=dword:000001de
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\23]
@DACL=(02 0000)
"NodeSlot"=dword:00000203
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:34,00,31,00,00,00,00,00,67,39,3a,04,10,00,37,36,2d,68,00,00,20,00,03,
00,04,00,ef,be,67,39,37,04,67,39,3a,04,14,00,00,00,37,00,36,00,2d,00,68,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\24]
@DACL=(02 0000)
"NodeSlot"=dword:00000208
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:3c,00,31,00,00,00,00,00,54,36,59,18,10,00,41,63,72,6f,62,61,74,00,26,
00,03,00,04,00,ef,be,54,36,59,18,03,37,c1,16,14,00,00,00,41,00,63,00,72,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\25]
@DACL=(02 0000)
"NodeSlot"=dword:00000210
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\26]
@DACL=(02 0000)
"NodeSlot"=dword:00000293
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:36,00,31,00,00,00,00,00,2e,38,ac,13,10,00,46,6f,72,65,78,00,22,00,03,
00,04,00,ef,be,2e,38,ac,13,31,38,90,2b,14,00,00,00,46,00,6f,00,72,00,65,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\27]
@DACL=(02 0000)
"0"=hex:4c,00,31,00,00,00,00,00,38,38,f2,26,10,00,53,59,53,54,45,4d,7e,31,00,
00,34,00,03,00,04,00,ef,be,38,38,91,26,38,38,f2,26,14,00,00,00,53,00,79,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"NodeSlot"=dword:000002aa
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\28]
@DACL=(02 0000)
"NodeSlot"=dword:000002af
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\29]
@DACL=(02 0000)
"NodeSlot"=dword:000002cc
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:30,00,31,00,00,00,00,00,4e,38,ae,25,10,00,62,69,6e,00,1e,00,03,00,04,
00,ef,be,48,38,b2,13,4e,38,ae,25,14,00,00,00,62,00,69,00,6e,00,00,00,12,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\30]
@DACL=(02 0000)
"NodeSlot"=dword:000002cd
"MRUListEx"=hex:00,00,00,00,01,00,00,00,ff,ff,ff,ff
"0"=hex:3c,00,31,00,00,00,00,00,48,38,e8,13,10,00,46,75,74,75,72,65,73,00,26,
00,03,00,04,00,ef,be,48,38,db,13,48,38,e8,13,14,00,00,00,46,00,75,00,74,00,\
"1"=hex:48,00,31,00,00,00,00,00,48,38,da,13,10,00,46,55,54,55,52,45,7e,31,00,
00,30,00,03,00,04,00,ef,be,48,38,b3,13,48,38,da,13,14,00,00,00,46,00,75,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\31]
@DACL=(02 0000)
"NodeSlot"=dword:000002e6
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:3a,00,31,00,00,00,00,00,3f,38,0f,ae,10,00,53,4f,53,36,2e,30,00,00,24,
00,03,00,04,00,ef,be,3f,38,0f,ae,4d,38,0e,16,14,00,00,00,53,00,4f,00,53,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\32]
@DACL=(02 0000)
"NodeSlot"=dword:00000302
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:54,00,31,00,00,00,00,00,66,38,07,9e,10,00,4a,54,52,41,44,45,7e,31,00,
00,3c,00,03,00,04,00,ef,be,66,38,07,9e,66,38,07,9e,14,00,00,00,4a,00,54,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\33]
@DACL=(02 0000)
"NodeSlot"=dword:00000345
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\34]
@DACL=(02 0000)
"NodeSlot"=dword:000003e1
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\35]
@DACL=(02 0000)
"NodeSlot"=dword:000003e2
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\36]
@DACL=(02 0000)
"NodeSlot"=dword:00000446
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\37]
@DACL=(02 0000)
"NodeSlot"=dword:00000452
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:40,00,31,00,00,00,00,00,96,39,81,2b,10,00,46,69,78,49,45,44,65,66,00,
00,28,00,03,00,04,00,ef,be,96,39,7b,2b,4a,3a,34,0f,14,00,00,00,46,00,69,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\38]
@DACL=(02 0000)
"NodeSlot"=dword:0000045a
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\39]
@DACL=(02 0000)
"NodeSlot"=dword:0000045e
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:34,00,31,00,00,00,00,00,96,39,85,2b,10,00,54,65,6d,70,00,00,20,00,03,
00,04,00,ef,be,96,39,71,2b,4f,3a,b2,02,14,00,00,00,54,00,65,00,6d,00,70,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\40]
@DACL=(02 0000)
"NodeSlot"=dword:0000048a
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\41]
@DACL=(02 0000)
"NodeSlot"=dword:000004bf
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:a4,00,b1,00,00,00,00,00,1f,3b,02,39,16,00,53,2d,31,2d,35,2d,7e,32,00,
00,72,00,03,00,04,00,ef,be,3a,36,34,a2,1f,3b,02,39,14,00,00,00,53,00,2d,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\42]
@DACL=(02 0000)
"NodeSlot"=dword:000004f2
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:36,00,31,00,00,00,00,00,06,3b,5c,59,10,00,61,6d,64,36,34,00,22,00,03,
00,04,00,ef,be,06,3b,5c,59,8a,3b,84,ac,14,00,00,00,61,00,6d,00,64,00,36,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\2\9]
@DACL=(02 0000)
"0"=hex:3c,00,31,00,00,00,00,00,0b,35,1c,a7,10,00,50,69,63,61,73,61,32,00,26,
00,03,00,04,00,ef,be,0b,35,1b,a7,3b,36,ab,1b,14,00,00,00,50,00,69,00,63,00,\
"MRUListEx"=hex:2d,00,00,00,31,00,00,00,6e,00,00,00,2e,00,00,00,24,00,00,00,6d,
00,00,00,20,00,00,00,69,00,00,00,0a,00,00,00,06,00,00,00,14,00,00,00,63,00,\
"NodeSlot"=dword:0000006f
"1"=hex:46,00,31,00,00,00,00,00,f4,34,d2,0e,10,00,4d,63,41,66,65,65,2e,63,6f,
6d,00,00,2c,00,03,00,04,00,ef,be,f4,34,c0,0e,3d,36,e1,0a,14,00,00,00,4d,00,\
"2"=hex:3a,00,31,00,00,00,00,00,f4,34,d5,0e,10,00,4d,63,41,66,65,65,00,00,24,
00,03,00,04,00,ef,be,f4,34,d5,0e,3d,36,e1,0a,14,00,00,00,4d,00,63,00,41,00,\
"3"=hex:4e,00,31,00,00,00,00,00,f3,34,2d,14,10,00,4f,4e,4c,49,4e,45,7e,31,00,
00,36,00,03,00,04,00,ef,be,f3,34,2d,14,3d,36,d5,0d,14,00,00,00,4f,00,6e,00,\
"4"=hex:5c,00,31,00,00,00,00,00,3b,36,21,02,10,00,4f,50,54,49,4f,4e,7e,31,00,
00,44,00,03,00,04,00,ef,be,3b,36,1c,02,3d,36,d6,0d,14,00,00,00,6f,00,70,00,\
"5"=hex:3c,00,31,00,00,00,00,00,3d,36,02,0e,10,00,52,65,67,43,75,72,65,00,26,
00,03,00,04,00,ef,be,3d,36,ad,0d,3d,36,02,0e,14,00,00,00,52,00,65,00,67,00,\
"6"=hex:36,00,31,00,00,00,00,00,f3,34,3c,b8,10,00,6c,74,6d,6f,68,00,22,00,03,
00,04,00,ef,be,f3,34,3c,b8,3d,36,cb,0d,14,00,00,00,6c,00,74,00,6d,00,6f,00,\
"7"=hex:4e,00,31,00,00,00,00,00,f3,34,13,14,10,00,4d,53,4e,47,41,4d,7e,31,00,
00,36,00,03,00,04,00,ef,be,f3,34,13,14,3d,36,d5,0d,14,00,00,00,4d,00,53,00,\
"8"=hex:40,00,31,00,00,00,00,00,3d,36,b6,15,10,00,53,65,74,50,6f,69,6e,74,00,
00,28,00,03,00,04,00,ef,be,3d,36,9a,15,3d,36,6f,20,14,00,00,00,53,00,65,00,\
"9"=hex:48,00,31,00,00,00,00,00,53,36,6e,0b,10,00,51,55,4f,54,45,54,7e,31,00,
00,30,00,03,00,04,00,ef,be,4f,36,96,0a,53,36,1c,14,14,00,00,00,51,00,75,00,\
"10"=hex:3a,00,31,00,00,00,00,00,54,36,4c,04,10,00,69,54,75,6e,65,73,00,00,24,
00,03,00,04,00,ef,be,54,36,3d,04,54,36,6f,0c,14,00,00,00,69,00,54,00,75,00,\
"11"=hex:4a,00,31,00,00,00,00,00,3f,36,31,17,10,00,4d,41,52,4b,45,54,7e,31,00,
00,32,00,03,00,04,00,ef,be,3f,36,31,17,68,36,58,06,14,00,00,00,4d,00,61,00,\
"12"=hex:42,00,31,00,00,00,00,00,66,36,c9,3a,10,00,4d,42,54,52,41,44,7e,31,00,
00,2a,00,03,00,04,00,ef,be,66,36,c9,3a,68,36,70,06,14,00,00,00,4d,00,42,00,\
"13"=hex:42,00,31,00,00,00,00,00,f3,34,2e,18,10,00,4d,45,53,53,45,4e,7e,31,00,
00,2a,00,03,00,04,00,ef,be,f3,34,13,14,68,36,58,06,14,00,00,00,4d,00,65,00,\
"14"=hex:4a,00,31,00,00,00,00,00,5a,36,73,2b,10,00,4f,50,45,4e,49,4e,7e,31,00,
00,32,00,03,00,04,00,ef,be,56,36,2e,1b,68,36,56,06,14,00,00,00,4f,00,70,00,\
"15"=hex:46,00,31,00,00,00,00,00,49,36,54,6c,10,00,54,48,49,4e,4b,4f,7e,31,00,
00,2e,00,03,00,04,00,ef,be,49,36,4a,6c,68,36,58,06,14,00,00,00,74,00,68,00,\
"16"=hex:40,00,31,00,00,00,00,00,3c,36,b3,36,10,00,4c,61,76,61,73,6f,66,74,00,
00,28,00,03,00,04,00,ef,be,3c,36,b3,36,68,36,ec,23,14,00,00,00,4c,00,61,00,\
"17"=hex:3c,00,31,00,00,00,00,00,41,36,23,31,10,00,47,65,6e,65,73,69,73,00,26,
00,03,00,04,00,ef,be,41,36,1b,31,68,36,58,06,14,00,00,00,47,00,65,00,6e,00,\
"18"=hex:4c,00,31,00,00,00,00,00,65,36,27,b8,10,00,48,4f,54,53,50,4f,7e,31,00,
00,34,00,03,00,04,00,ef,be,65,36,1b,b8,70,36,9c,0d,14,00,00,00,48,00,6f,00,\
"19"=hex:46,00,31,00,00,00,00,00,f3,34,3d,be,10,00,45,4e,47,4c,49,53,7e,31,00,
00,2e,00,03,00,04,00,ef,be,f3,34,3c,be,70,36,59,0d,14,00,00,00,45,00,6e,00,\
"20"=hex:4e,00,31,00,00,00,00,00,4a,36,3c,30,10,00,46,55,4c,4c,54,49,7e,31,00,
00,36,00,03,00,04,00,ef,be,3c,36,d0,0e,70,36,99,0d,14,00,00,00,46,00,75,00,\
"21"=hex:42,00,31,00,00,00,00,00,f4,34,c1,05,10,00,47,45,4d,4d,41,53,7e,31,00,
00,2a,00,03,00,04,00,ef,be,f4,34,c0,05,70,36,54,0d,14,00,00,00,47,00,65,00,\
"22"=hex:3c,00,31,00,00,00,00,00,f3,34,73,b9,10,00,44,56,44,2d,52,41,4d,00,26,
00,03,00,04,00,ef,be,f3,34,73,b9,70,36,7a,0d,14,00,00,00,44,00,56,00,44,00,\
"23"=hex:7c,00,31,00,00,00,00,00,6e,36,78,43,12,00,49,4e,53,54,41,4c,7e,31,00,
00,64,00,03,00,04,00,ef,be,f3,34,c1,b6,70,36,a0,0d,14,00,00,00,49,00,6e,00,\
"24"=hex:34,00,31,00,00,00,00,00,52,36,ba,ba,10,00,69,6f,6c,6f,00,00,20,00,03,
00,04,00,ef,be,52,36,ba,ba,70,36,70,0c,14,00,00,00,69,00,6f,00,6c,00,6f,00,\
"25"=hex:34,00,31,00,00,00,00,00,f4,34,08,15,10,00,52,65,61,6c,00,00,20,00,03,
00,04,00,ef,be,f4,34,08,15,70,36,ca,0d,14,00,00,00,52,00,65,00,61,00,6c,00,\
"26"=hex:50,00,31,00,00,00,00,00,81,36,e4,2a,10,00,4d,49,43,52,4f,53,7e,32,00,
00,38,00,03,00,04,00,ef,be,f3,34,77,15,81,36,e4,2a,14,00,00,00,4d,00,69,00,\
"27"=hex:4e,00,31,00,00,00,00,00,f4,34,37,13,10,00,4d,49,43,52,4f,53,7e,34,00,
00,36,00,03,00,04,00,ef,be,f4,34,1a,13,8d,36,ca,18,14,00,00,00,4d,00,69,00,\
"28"=hex:64,00,31,00,00,00,00,00,94,36,6a,bf,10,00,4d,49,36,35,44,33,7e,31,00,
00,4c,00,03,00,04,00,ef,be,94,36,6a,bf,94,36,6a,bf,14,00,00,00,4d,00,69,00,\
"29"=hex:34,00,31,00,00,00,00,00,69,36,b6,31,10,00,4a,61,76,61,00,00,20,00,03,
00,04,00,ef,be,f4,34,90,0e,96,36,76,b9,14,00,00,00,4a,00,61,00,76,00,61,00,\
"30"=hex:50,00,31,00,00,00,00,00,4d,36,93,ac,10,00,57,49,46,44,31,46,7e,31,00,
00,38,00,03,00,04,00,ef,be,4d,36,93,ac,97,36,42,0e,14,00,00,00,57,00,69,00,\
"31"=hex:44,00,31,00,00,00,00,00,f3,34,67,14,10,00,4e,45,54,4d,45,45,7e,31,00,
00,2c,00,03,00,04,00,ef,be,f3,34,61,14,97,36,42,0e,14,00,00,00,4e,00,65,00,\
"32"=hex:42,00,31,00,00,00,00,00,f3,34,38,b7,10,00,53,59,4e,41,50,54,7e,31,00,
00,2a,00,03,00,04,00,ef,be,f3,34,38,b7,97,36,42,0e,14,00,00,00,53,00,79,00,\
"33"=hex:34,00,31,00,00,00,00,00,3d,36,c6,10,10,00,44,65,6c,6c,00,00,20,00,03,
00,04,00,ef,be,3d,36,c6,10,97,36,91,24,14,00,00,00,44,00,65,00,6c,00,6c,00,\
"34"=hex:6a,00,31,00,00,00,00,00,9e,36,6a,3e,10,00,53,43,48,41,45,46,7e,31,00,
00,52,00,03,00,04,00,ef,be,9c,36,e4,b1,a1,36,52,1d,14,00,00,00,53,00,63,00,\
"35"=hex:5e,00,31,00,00,00,00,00,3c,36,c3,1b,10,00,4d,49,43,52,4f,53,7e,33,00,
00,46,00,03,00,04,00,ef,be,3c,36,8e,1b,bb,36,34,9d,14,00,00,00,4d,00,69,00,\
"36"=hex:34,00,31,00,00,00,00,00,b7,36,95,2c,10,00,69,50,6f,64,00,00,20,00,03,
00,04,00,ef,be,b7,36,95,2c,bb,36,32,9d,14,00,00,00,69,00,50,00,6f,00,64,00,\
"37"=hex:40,00,31,00,00,00,00,00,f8,36,a1,03,10,00,4d,6f,72,70,68,65,75,73,00,
00,28,00,03,00,04,00,ef,be,f8,36,88,03,f8,36,a2,03,14,00,00,00,4d,00,6f,00,\
"38"=hex:46,00,31,00,00,00,00,00,f8,36,a2,03,10,00,4d,4f,52,50,48,45,7e,31,00,
00,2e,00,03,00,04,00,ef,be,f8,36,a2,03,f8,36,a2,03,14,00,00,00,4d,00,6f,00,\
"39"=hex:40,00,31,00,00,00,00,00,f8,36,f7,12,10,00,4c,69,6d,65,57,69,72,65,00,
00,28,00,03,00,04,00,ef,be,f8,36,f1,12,f8,36,f7,12,14,00,00,00,4c,00,69,00,\
"40"=hex:4c,00,31,00,00,00,00,00,f8,36,50,12,10,00,47,4e,55,54,45,4c,7e,31,00,
00,34,00,03,00,04,00,ef,be,f8,36,63,11,f8,36,50,12,14,00,00,00,47,00,6e,00,\
"41"=hex:52,00,31,00,00,00,00,00,d0,36,a1,4b,10,00,49,4e,54,45,52,4e,7e,31,00,
00,3a,00,03,00,04,00,ef,be,f3,34,5d,14,f8,36,04,0d,14,00,00,00,49,00,6e,00,\
"42"=hex:5a,00,31,00,00,00,00,00,f3,34,41,15,12,00,55,4e,49,4e,53,54,7e,31,00,
00,42,00,03,00,04,00,ef,be,f3,34,41,15,f8,36,f1,13,14,00,00,00,55,00,6e,00,\
"43"=hex:46,00,31,00,00,00,00,00,f3,34,64,14,10,00,4d,4f,56,49,45,4d,7e,31,00,
00,2e,00,03,00,04,00,ef,be,f3,34,1c,14,18,37,95,a2,14,00,00,00,4d,00,6f,00,\
"44"=hex:3a,00,31,00,00,00,00,00,3b,36,a0,1d,10,00,59,61,68,6f,6f,21,00,00,24,
00,03,00,04,00,ef,be,f4,34,0e,12,18,37,95,a2,14,00,00,00,59,00,61,00,68,00,\
"45"=hex:58,00,31,00,00,00,00,00,61,36,39,33,10,00,57,49,4e,44,4f,57,7e,33,00,
00,40,00,03,00,04,00,ef,be,f3,34,24,14,28,37,c4,05,14,00,00,00,57,00,69,00,\
"46"=hex:44,00,31,00,00,00,00,00,1a,37,39,13,10,00,49,4e,43,4f,4d,50,7e,31,00,
00,2c,00,03,00,04,00,ef,be,1a,37,36,13,44,37,a2,b9,14,00,00,00,49,00,6e,00,\
"47"=hex:3a,00,31,00,00,00,00,00,4f,37,2e,a1,10,00,53,68,61,72,65,64,00,00,24,
00,03,00,04,00,ef,be,4e,37,49,2b,4f,37,82,be,14,00,00,00,53,00,68,00,61,00,\
"48"=hex:50,00,31,00,00,00,00,00,8c,37,47,0f,10,00,56,49,52,54,55,41,7e,31,00,
00,38,00,03,00,04,00,ef,be,8c,37,43,0f,8f,37,6c,1c,14,00,00,00,56,00,69,00,\
"49"=hex:5e,00,31,00,00,00,00,00,61,36,39,33,10,00,57,49,34,44,46,36,7e,31,00,
00,46,00,03,00,04,00,ef,be,61,36,39,33,98,37,41,98,14,00,00,00,57,00,69,00,\
"50"=hex:6a,00,31,00,00,00,00,00,2e,38,aa,13,10,00,54,45,43,48,4e,49,7e,31,00,
00,52,00,03,00,04,00,ef,be,2e,38,aa,13,2f,38,dc,2e,14,00,00,00,54,00,65,00,\
"51"=hex:3a,00,31,00,00,00,00,00,30,38,26,a6,10,00,50,4b,57,41,52,45,00,00,24,
00,03,00,04,00,ef,be,30,38,26,a6,30,38,28,a6,14,00,00,00,50,00,4b,00,57,00,\
"52"=hex:52,00,31,00,00,00,00,00,33,38,85,91,10,00,44,41,53,53,41,55,7e,31,00,
00,3a,00,03,00,04,00,ef,be,33,38,85,91,33,38,99,91,14,00,00,00,44,00,61,00,\
"53"=hex:40,00,31,00,00,00,00,00,0b,35,8b,a8,10,00,44,61,74,61,4c,6f,64,65,00,
00,28,00,03,00,04,00,ef,be,0b,35,8b,a8,33,38,22,95,14,00,00,00,44,00,61,00,\
"54"=hex:4e,00,31,00,00,00,00,00,e5,36,63,41,10,00,4d,4f,5a,49,4c,4c,7e,31,00,
00,36,00,03,00,04,00,ef,be,e5,36,29,3e,33,38,22,95,14,00,00,00,4d,00,6f,00,\
"55"=hex:50,00,31,00,00,00,00,00,33,38,8b,90,10,00,4e,4f,42,4c,45,44,7e,31,00,
00,38,00,03,00,04,00,ef,be,31,38,a7,29,33,38,8b,90,14,00,00,00,4e,00,6f,00,\
"56"=hex:3c,00,31,00,00,00,00,00,11,35,8f,8e,10,00,54,4f,53,48,49,42,41,00,26,
00,03,00,04,00,ef,be,f3,34,26,b6,33,38,b3,a1,14,00,00,00,54,00,4f,00,53,00,\
"57"=hex:3a,00,31,00,00,00,00,00,34,38,7a,0d,10,00,48,51,75,6f,74,65,00,00,24,
00,03,00,04,00,ef,be,34,38,65,0d,34,38,0a,1a,14,00,00,00,48,00,51,00,75,00,\
"58"=hex:44,00,31,00,00,00,00,00,34,38,95,9c,10,00,43,4f,4e,56,45,52,7e,31,00,
00,2c,00,03,00,04,00,ef,be,34,38,94,9c,34,38,95,9c,14,00,00,00,43,00,6f,00,\
"60"=hex:36,00,31,00,00,00,00,00,bb,36,b1,a4,10,00,43,6f,72,65,6c,00,22,00,03,
00,04,00,ef,be,9b,36,c1,14,35,38,35,0f,14,00,00,00,43,00,6f,00,72,00,65,00,\
"61"=hex:50,00,31,00,00,00,00,00,37,38,ec,4c,10,00,53,55,50,45,52,41,7e,31,00,
00,38,00,03,00,04,00,ef,be,37,38,8b,44,38,38,81,0d,14,00,00,00,53,00,55,00,\
"62"=hex:40,00,31,00,00,00,00,00,54,36,ec,18,10,00,53,79,6d,61,6e,74,65,63,00,
00,28,00,03,00,04,00,ef,be,54,36,d5,18,38,38,59,0d,14,00,00,00,53,00,79,00,\
"63"=hex:54,00,31,00,00,00,00,00,38,38,af,0d,10,00,53,59,4d,41,4e,54,7e,31,00,
00,3c,00,03,00,04,00,ef,be,54,36,d0,18,38,38,af,0d,14,00,00,00,53,00,79,00,\
"64"=hex:46,00,31,00,00,00,00,00,37,38,99,25,10,00,54,52,45,4e,44,4d,7e,31,00,
00,2e,00,03,00,04,00,ef,be,37,38,99,25,39,38,4f,85,14,00,00,00,54,00,72,00,\
"65"=hex:52,00,31,00,00,00,00,00,39,38,a8,8e,10,00,45,53,45,54,4f,4e,7e,31,00,
00,3a,00,03,00,04,00,ef,be,39,38,45,8e,39,38,a2,8e,14,00,00,00,45,00,73,00,\
"66"=hex:3c,00,31,00,00,00,00,00,37,38,5a,2d,10,00,47,72,69,73,6f,66,74,00,26,
00,03,00,04,00,ef,be,37,38,5a,2d,3b,38,a6,80,14,00,00,00,47,00,72,00,69,00,\
"67"=hex:4a,00,31,00,00,00,00,00,0b,35,0b,aa,10,00,44,45,53,4b,54,4f,7e,31,00,
00,32,00,03,00,04,00,ef,be,0b,35,0b,aa,3b,38,ef,81,14,00,00,00,44,00,65,00,\
"68"=hex:5a,00,31,00,00,00,00,00,6e,36,88,42,10,00,56,41,4c,55,45,4c,7e,31,00,
00,42,00,03,00,04,00,ef,be,6e,36,88,42,3b,38,ef,81,14,00,00,00,56,00,61,00,\
"69"=hex:4c,00,31,00,00,00,00,00,3b,38,0b,5a,10,00,53,50,59,57,41,52,7e,31,00,
00,34,00,03,00,04,00,ef,be,3b,38,07,5a,3b,38,50,8b,14,00,00,00,53,00,70,00,\
"70"=hex:54,00,31,00,00,00,00,00,3e,38,da,05,10,00,52,45,47,49,53,54,7e,31,2e,
30,00,00,3a,00,03,00,04,00,ef,be,3e,38,6d,03,3e,38,95,a3,14,00,00,00,52,00,\
"71"=hex:5c,00,31,00,00,00,00,00,45,38,8d,2e,10,00,42,41,53,45,4d,45,7e,31,00,
00,44,00,03,00,04,00,ef,be,45,38,8d,2e,45,38,8d,2e,14,00,00,00,42,00,61,00,\
"72"=hex:3a,00,31,00,00,00,00,00,92,36,52,29,10,00,43,69,74,72,69,78,00,00,24,
00,03,00,04,00,ef,be,92,36,52,29,48,38,47,03,14,00,00,00,43,00,69,00,74,00,\
"73"=hex:48,00,31,00,00,00,00,00,45,38,92,15,10,00,4d,4c,44,4f,57,4e,7e,31,00,
00,30,00,03,00,04,00,ef,be,44,38,aa,33,47,38,9d,26,14,00,00,00,4d,00,4c,00,\
"74"=hex:4c,00,31,00,00,00,00,00,4d,38,0c,25,10,00,47,45,43,4b,4f,53,7e,31,00,
00,34,00,03,00,04,00,ef,be,4d,38,0c,25,4d,38,0d,25,14,00,00,00,47,00,65,00,\
"75"=hex:40,00,31,00,00,00,00,00,3c,36,c5,1a,10,00,56,42,36,43,43,52,53,45,00,
00,28,00,03,00,04,00,ef,be,3c,36,c3,1a,4d,38,bc,12,14,00,00,00,56,00,42,00,\
"76"=hex:5a,00,31,00,00,00,00,00,5d,38,2b,89,10,00,54,55,4e,45,55,50,7e,31,00,
00,42,00,03,00,04,00,ef,be,3e,38,29,06,5d,38,2b,89,14,00,00,00,54,00,75,00,\
"77"=hex:4e,00,31,00,00,00,00,00,67,38,28,a0,10,00,4d,45,44,49,41,52,7e,31,00,
00,36,00,03,00,04,00,ef,be,36,38,5c,2f,69,38,d6,1c,14,00,00,00,4d,00,65,00,\
"78"=hex:4c,00,31,00,00,00,00,00,69,38,c5,26,10,00,47,49,50,4f,40,55,7e,31,00,
00,34,00,03,00,04,00,ef,be,69,38,c5,26,69,38,c5,26,14,00,00,00,47,00,69,00,\
"79"=hex:4e,00,31,00,00,00,00,00,9c,37,6d,7f,10,00,4d,49,43,52,4f,53,7e,31,2e,
4e,45,54,00,00,32,00,03,00,04,00,ef,be,9c,37,6d,7f,8b,38,1d,1f,14,00,00,00,\
"80"=hex:4c,00,31,00,00,00,00,00,67,38,24,2c,10,00,41,4c,57,49,4c,53,7e,31,00,
00,34,00,03,00,04,00,ef,be,67,38,24,2c,8b,38,c2,2b,14,00,00,00,41,00,6c,00,\
"81"=hex:56,00,31,00,00,00,00,00,66,38,56,9c,10,00,50,41,54,53,4a,54,7e,31,00,
00,3e,00,03,00,04,00,ef,be,64,38,8d,a4,8b,38,c3,2b,14,00,00,00,50,00,41,00,\
"82"=hex:44,00,31,00,00,00,00,00,3a,36,5a,9f,10,00,49,4e,54,45,52,56,7e,31,00,
00,2c,00,03,00,04,00,ef,be,0b,35,30,ac,a2,38,01,2c,14,00,00,00,49,00,6e,00,\
"83"=hex:4a,00,31,00,00,00,00,00,9c,37,d7,2d,10,00,41,43,45,52,45,41,7e,31,00,
00,32,00,03,00,04,00,ef,be,9c,37,d4,2d,a2,38,c1,2c,14,00,00,00,41,00,63,00,\
"84"=hex:50,00,31,00,00,00,00,00,3c,36,f7,1c,10,00,56,49,44,45,4f,53,7e,31,00,
00,38,00,03,00,04,00,ef,be,3c,36,ed,1c,c3,38,db,0b,14,00,00,00,56,00,69,00,\
"85"=hex:30,00,31,00,00,00,00,00,1e,39,85,9b,10,00,44,4e,41,00,1e,00,03,00,04,
00,ef,be,d6,38,50,1c,63,39,81,15,14,00,00,00,44,00,4e,00,41,00,00,00,12,00,\
"86"=hex:3a,00,31,00,00,00,00,00,63,39,64,2c,10,00,57,69,6e,52,41,52,00,00,24,
00,03,00,04,00,ef,be,63,39,50,2b,63,39,64,2c,14,00,00,00,57,00,69,00,6e,00,\
"87"=hex:5c,00,31,00,00,00,00,00,64,39,3d,26,10,00,42,45,41,52,53,48,7e,31,00,
00,44,00,03,00,04,00,ef,be,64,39,3d,26,64,39,3d,26,14,00,00,00,42,00,65,00,\
"88"=hex:c9,00,31,00,00,00,00,00,e8,38,55,1b,10,00,41,64,6f,62,65,00,22,00,03,
00,04,00,ef,be,f4,34,09,07,65,39,d6,3b,14,00,00,00,41,00,64,00,6f,00,62,00,\
"89"=hex:3a,00,31,00,00,00,00,00,65,39,36,2a,10,00,57,69,6e,61,6d,70,00,00,24,
00,03,00,04,00,ef,be,65,39,e0,29,67,39,84,4b,14,00,00,00,57,00,69,00,6e,00,\
"90"=hex:56,00,31,00,00,00,00,00,a8,36,97,0d,10,00,4d,49,43,52,4f,53,7e,31,00,
00,3e,00,03,00,04,00,ef,be,f3,34,bd,14,67,39,77,54,14,00,00,00,6d,00,69,00,\
"91"=hex:36,00,31,00,00,00,00,00,f3,34,bd,14,10,00,78,65,72,6f,78,00,22,00,03,
00,04,00,ef,be,f3,34,bd,14,92,39,50,90,14,00,00,00,78,00,65,00,72,00,6f,00,\
"92"=hex:3a,00,31,00,00,00,00,00,94,39,08,9a,10,00,54,56,41,6e,74,73,00,00,24,
00,03,00,04,00,ef,be,94,39,01,9a,94,39,08,9a,14,00,00,00,54,00,56,00,41,00,\
"93"=hex:64,00,31,00,00,00,00,00,96,39,ea,0b,10,00,4d,41,4c,57,41,52,7e,31,00,
00,4c,00,03,00,04,00,ef,be,96,39,db,0b,99,39,c3,02,14,00,00,00,4d,00,61,00,\
"94"=hex:3c,00,31,00,00,00,00,00,92,39,31,97,10,00,45,53,54,73,6f,66,74,00,26,
00,03,00,04,00,ef,be,92,39,31,97,4d,3a,83,ad,14,00,00,00,45,00,53,00,54,00,\
"95"=hex:30,00,31,00,00,00,00,00,26,3a,dc,91,10,00,4e,4f,53,00,1e,00,03,00,04,
00,ef,be,26,3a,10,2f,4d,3a,63,ae,14,00,00,00,4e,00,4f,00,53,00,00,00,12,00,\
"96"=hex:50,00,31,00,00,00,00,00,4d,3a,94,b3,10,00,41,41,41,53,43,52,7e,31,00,
00,38,00,03,00,04,00,ef,be,4d,3a,94,b3,4d,3a,94,b3,14,00,00,00,41,00,41,00,\
"97"=hex:42,00,31,00,00,00,00,00,4d,3a,cc,b3,10,00,41,44,50,41,52,41,7e,31,00,
00,2a,00,03,00,04,00,ef,be,4d,3a,c3,b3,4d,3a,ce,b3,14,00,00,00,41,00,64,00,\
"98"=hex:3a,00,31,00,00,00,00,00,4d,3a,c3,b3,10,00,44,75,68,69,6b,69,00,00,24,
00,03,00,04,00,ef,be,4d,3a,c3,b3,4d,3a,c3,b3,14,00,00,00,44,00,75,00,68,00,\
"99"=hex:3c,00,31,00,00,00,00,00,93,38,c5,22,10,00,41,74,68,65,72,6f,73,00,26,
00,03,00,04,00,ef,be,93,38,c4,22,57,3a,6f,9e,14,00,00,00,41,00,74,00,68,00,\
"100"=hex:42,00,31,00,00,00,00,00,67,3a,0b,a8,10,00,47,4f,4c,46,4c,4f,7e,31,00,
00,2a,00,03,00,04,00,ef,be,67,3a,0b,a8,69,3a,8e,06,14,00,00,00,47,00,6f,00,\
"101"=hex:30,00,31,00,00,00,00,00,f3,34,0d,14,10,00,4d,53,4e,00,1e,00,03,00,04,
00,ef,be,f3,34,0d,14,75,3a,15,9c,14,00,00,00,4d,00,53,00,4e,00,00,00,12,00,\
"102"=hex:36,00,31,00,00,00,00,00,63,39,c5,44,10,00,45,52,55,4e,54,00,22,00,03,
00,04,00,ef,be,63,39,b9,44,75,3a,15,9c,14,00,00,00,45,00,52,00,55,00,4e,00,\
"103"=hex:5a,00,31,00,00,00,00,00,63,39,0a,45,10,00,4e,54,52,45,47,49,7e,31,00,
00,42,00,03,00,04,00,ef,be,63,39,0a,45,75,3a,15,9c,14,00,00,00,4e,00,54,00,\
"104"=hex:48,00,31,00,00,00,00,00,58,3a,ac,11,10,00,43,4f,4d,4d,4f,4e,7e,31,00,
00,30,00,03,00,04,00,ef,be,f2,34,90,9b,85,3a,6a,09,14,00,00,00,43,00,6f,00,\
"105"=hex:3a,00,31,00,00,00,00,00,92,3a,7a,19,10,20,47,6f,6f,67,6c,65,00,00,24,
00,03,00,04,00,ef,be,f4,34,c4,11,95,3a,35,1f,14,00,00,00,47,00,6f,00,6f,00,\
"106"=hex:62,00,31,00,00,00,00,00,9d,3a,93,40,10,00,4e,4f,54,45,42,4f,7e,31,00,
00,4a,00,03,00,04,00,ef,be,9d,3a,8f,40,9e,3a,fc,23,14,00,00,00,4e,00,6f,00,\
"107"=hex:48,00,31,00,00,00,00,00,3d,38,f2,2b,10,00,53,50,59,57,41,52,7e,32,00,
00,30,00,03,00,04,00,ef,be,3b,38,c6,5a,1a,3b,31,ad,14,00,00,00,53,00,70,00,\
"108"=hex:3a,00,31,00,00,00,00,00,63,3a,11,26,10,00,43,4f,4d,4f,44,4f,00,00,24,
00,03,00,04,00,ef,be,3e,38,fa,a1,2b,3b,27,1d,14,00,00,00,43,00,4f,00,4d,00,\
"109"=hex:3c,00,31,00,00,00,00,00,42,3b,61,34,10,00,42,6f,6e,6a,6f,75,72,00,26,
00,03,00,04,00,ef,be,42,3b,61,34,2c,3c,46,ab,14,00,00,00,42,00,6f,00,6e,00,\
"110"=hex:3a,00,31,00,00,00,00,00,35,3c,45,41,10,00,47,49,4d,50,2d,32,00,00,24,
00,03,00,04,00,ef,be,35,3c,32,41,35,3c,45,41,14,00,00,00,47,00,49,00,4d,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\3]
@DACL=(02 0000)
"NodeSlot"=dword:00000045
"MRUListEx"=hex:02,00,00,00,03,00,00,00,00,00,00,00,01,00,00,00,ff,ff,ff,ff
"0"=hex:5c,00,31,00,00,00,00,00,3a,36,b9,a1,11,00,4d,59,4d,55,53,49,7e,31,00,
00,28,00,03,00,04,00,ef,be,3a,36,97,a1,3a,36,01,aa,14,00,00,00,4d,00,79,00,\
"1"=hex:46,00,31,00,00,00,00,00,3a,36,b4,ae,10,00,4d,59,4e,4f,54,45,7e,31,00,
00,2e,00,03,00,04,00,ef,be,3a,36,b4,ae,3a,36,c5,bc,14,00,00,00,4d,00,79,00,\
"2"=hex:46,00,31,00,00,00,00,00,6e,36,63,41,10,00,44,41,44,27,53,46,7e,31,00,
00,2e,00,03,00,04,00,ef,be,3c,36,99,16,6e,36,96,41,14,00,00,00,44,00,61,00,\
"3"=hex:36,00,31,00,00,00,00,00,9b,36,0d,06,10,00,57,65,62,45,78,00,22,00,03,
00,04,00,ef,be,9b,36,0d,06,18,37,3a,be,14,00,00,00,57,00,65,00,62,00,45,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\4]
@DACL=(02 0000)
"0"=hex:54,00,31,00,00,00,00,00,f3,34,6a,14,11,00,4d,59,4d,55,53,49,7e,31,00,
00,3c,00,03,00,04,00,ef,be,f3,34,5c,14,3a,36,07,b2,14,00,26,00,4d,00,79,00,\
"MRUListEx"=hex:03,00,00,00,00,00,00,00,02,00,00,00,01,00,00,00,ff,ff,ff,ff
"1"=hex:46,00,31,00,00,00,00,00,f3,34,e2,15,10,00,52,45,43,4f,52,44,7e,31,00,
00,2e,00,03,00,04,00,ef,be,f3,34,37,15,3a,36,59,bd,14,00,00,00,52,00,65,00,\
"2"=hex:4a,00,31,00,00,00,00,00,f4,34,d0,14,10,00,41,4f,4c,44,4f,57,7e,31,00,
00,32,00,03,00,04,00,ef,be,f4,34,d0,14,3a,36,93,bd,14,00,00,00,41,00,4f,00,\
"3"=hex:5a,00,31,00,00,00,00,00,f3,34,78,14,11,00,4d,59,50,49,43,54,7e,31,00,
00,42,00,03,00,04,00,ef,be,f3,34,17,14,3a,36,93,bd,14,00,2c,00,4d,00,79,00,\
"NodeSlot"=dword:00000050
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\5]
@DACL=(02 0000)
"0"=hex:84,00,32,00,4e,b3,5a,19,38,36,ca,00,01,00,53,41,56,43,45,5f,7e,32,2e,
5a,49,50,00,00,68,00,03,00,04,00,ef,be,38,36,ca,00,00,00,00,00,14,00,00,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1]
@DACL=(02 0000)
@SACL=
"NodeSlot"=dword:00000022
"MRUListEx"=hex:02,00,00,00,00,00,00,00,08,00,00,00,11,00,00,00,09,00,00,00,12,
00,00,00,14,00,00,00,04,00,00,00,18,00,00,00,0d,00,00,00,0e,00,00,00,15,00,\
"0"=hex:40,00,31,00,00,00,00,00,3b,36,0c,00,10,00,4d,59,4d,55,53,49,7e,31,00,
00,28,00,03,00,04,00,ef,be,3a,36,59,bf,3b,36,a7,1b,14,00,00,00,4d,00,79,00,\
"1"=hex:46,00,31,00,00,00,00,00,3a,36,b4,ae,10,00,4d,59,4e,4f,54,45,7e,31,00,
00,2e,00,03,00,04,00,ef,be,3a,36,b4,ae,3b,36,37,36,14,00,00,00,4d,00,79,00,\
"2"=hex:46,00,31,00,00,00,00,00,3c,36,f1,16,10,00,44,41,44,27,53,46,7e,31,00,
00,2e,00,03,00,04,00,ef,be,3c,36,99,16,3c,36,f2,16,14,00,00,00,44,00,61,00,\
"3"=hex:52,00,31,00,00,00,00,00,f4,34,c5,11,10,20,4d,59,47,4f,4f,47,7e,31,00,
00,3a,00,03,00,04,00,ef,be,3a,36,97,a1,3f,36,85,12,14,00,00,00,4d,00,79,00,\
"4"=hex:62,00,31,00,00,00,00,00,3a,36,b9,a1,11,00,4d,59,50,49,43,54,7e,31,00,
00,2e,00,03,00,04,00,ef,be,3a,36,97,a1,50,36,b7,b4,14,00,00,00,4d,00,79,00,\
"5"=hex:68,00,31,00,00,00,00,00,f4,34,55,16,11,00,4d,59,56,49,44,45,7e,31,00,
00,2a,00,03,00,04,00,ef,be,3a,36,97,a1,55,36,58,20,14,00,00,00,4d,00,79,00,\
"6"=hex:4e,00,31,00,00,00,00,00,f8,36,94,03,10,00,4d,4f,52,50,48,45,7e,31,00,
00,36,00,03,00,04,00,ef,be,f8,36,93,03,f8,36,94,03,14,00,00,00,4d,00,6f,00,\
"7"=hex:54,00,31,00,00,00,00,00,f8,36,94,03,10,00,4d,4f,52,50,48,45,7e,32,00,
00,3c,00,03,00,04,00,ef,be,f8,36,94,03,f8,36,94,03,14,00,00,00,4d,00,6f,00,\
"8"=hex:56,00,31,00,00,00,00,00,3f,36,a6,8a,10,00,4d,59,44,49,47,49,7e,31,00,
00,3e,00,03,00,04,00,ef,be,3f,36,a6,8a,f8,36,c5,03,14,00,00,00,4d,00,79,00,\
"9"=hex:48,00,31,00,00,00,00,00,bb,36,ec,a3,10,00,4d,59,50,53,50,46,7e,31,00,
00,30,00,03,00,04,00,ef,be,9b,36,5a,15,fd,36,9c,bd,14,00,00,00,4d,00,79,00,\
"10"=hex:52,00,31,00,00,00,00,00,9b,36,66,15,10,00,4d,59,53,4e,41,50,7e,31,00,
00,3a,00,03,00,04,00,ef,be,9b,36,66,15,04,37,81,99,14,00,00,00,4d,00,79,00,\
"11"=hex:40,00,31,00,00,00,00,00,68,38,68,10,10,00,4c,69,6d,65,57,69,72,65,00,
00,28,00,03,00,04,00,ef,be,68,38,4c,10,68,38,68,10,14,00,00,00,4c,00,69,00,\
"12"=hex:4e,00,31,00,00,00,00,00,69,38,b9,61,14,00,4d,59,44,41,54,41,7e,31,00,
00,36,00,03,00,04,00,ef,be,69,38,b9,61,71,38,1d,36,14,00,00,00,4d,00,79,00,\
"13"=hex:42,00,31,00,00,00,00,00,d6,38,02,b6,10,00,44,4f,57,4e,4c,4f,7e,31,00,
00,2a,00,03,00,04,00,ef,be,d6,38,02,b6,d6,38,02,b6,14,00,00,00,44,00,6f,00,\
"14"=hex:42,00,31,00,00,00,00,00,61,39,10,46,10,00,4d,59,45,42,4f,4f,7e,31,00,
00,2a,00,03,00,04,00,ef,be,3c,36,d3,16,61,39,30,46,14,00,00,00,4d,00,79,00,\
"15"=hex:42,00,31,00,00,00,00,00,64,39,b4,26,10,00,42,45,41,52,53,48,7e,31,00,
00,2a,00,03,00,04,00,ef,be,64,39,b4,26,67,39,31,4c,14,00,00,00,42,00,65,00,\
"16"=hex:36,00,31,00,00,00,00,00,9b,36,0d,06,10,00,57,65,62,45,78,00,22,00,03,
00,04,00,ef,be,9b,36,0d,06,68,39,47,bd,14,00,00,00,57,00,65,00,62,00,45,00,\
"17"=hex:4a,00,31,00,00,00,00,00,6a,39,c5,ad,10,00,43,4c,41,53,53,49,7e,31,00,
00,32,00,03,00,04,00,ef,be,58,37,b2,b8,6a,39,01,ae,14,00,00,00,43,00,6c,00,\
"18"=hex:34,00,31,00,00,00,00,00,b6,38,f3,13,10,00,54,65,6d,70,00,00,20,00,03,
00,04,00,ef,be,41,38,82,2e,6b,39,cc,1b,14,00,00,00,54,00,65,00,6d,00,70,00,\
"19"=hex:3a,00,31,00,00,00,00,00,8d,39,47,27,10,00,41,75,64,69,6f,73,00,00,24,
00,03,00,04,00,ef,be,8d,39,26,27,8d,39,47,27,14,00,00,00,41,00,75,00,64,00,\
"20"=hex:4c,00,31,00,00,00,00,00,8d,39,47,27,10,00,43,4c,41,53,53,49,7e,32,00,
00,34,00,03,00,04,00,ef,be,8d,39,26,27,8d,39,3c,28,14,00,00,00,43,00,6c,00,\
"21"=hex:52,00,31,00,00,00,00,00,64,39,b4,26,10,00,4d,59,52,45,43,45,7e,31,00,
00,3a,00,03,00,04,00,ef,be,64,39,b4,26,93,39,95,1b,14,00,00,00,4d,00,79,00,\
"22"=hex:4e,00,31,00,00,00,00,00,96,39,6a,07,10,00,53,59,53,52,45,53,7e,31,00,
00,36,00,03,00,04,00,ef,be,96,39,53,07,96,39,fa,10,14,00,00,00,53,00,79,00,\
"23"=hex:42,00,31,00,00,00,00,00,67,3a,1a,a8,10,00,47,4f,4c,46,4c,4f,7e,31,00,
00,2a,00,03,00,04,00,ef,be,67,3a,18,a8,69,3a,e4,02,14,00,00,00,47,00,6f,00,\
"24"=hex:3e,00,31,00,00,00,00,00,65,37,ea,28,10,00,4d,59,57,45,42,53,7e,31,00,
00,26,00,03,00,04,00,ef,be,65,37,ea,28,c9,3a,d0,69,14,00,00,00,4d,00,79,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\0]
@DACL=(02 0000)
"NodeSlot"=dword:00000069
"MRUListEx"=hex:01,00,00,00,00,00,00,00,03,00,00,00,02,00,00,00,ff,ff,ff,ff
"0"=hex:48,00,31,00,00,00,00,00,a1,36,8b,1e,10,00,4d,59,50,4c,41,59,7e,31,00,
00,30,00,03,00,04,00,ef,be,a1,36,8b,1e,a1,36,8b,1e,14,00,00,00,4d,00,79,00,\
"1"=hex:3a,00,31,00,00,00,00,00,b7,36,85,2d,10,00,69,54,75,6e,65,73,00,00,24,
00,03,00,04,00,ef,be,54,36,79,0c,04,37,81,99,14,00,00,00,69,00,54,00,75,00,\
"2"=hex:42,00,31,00,00,00,00,00,64,39,b4,26,10,00,42,45,41,52,53,48,7e,31,00,
00,2a,00,03,00,04,00,ef,be,64,39,b4,26,64,39,b4,26,14,00,00,00,42,00,65,00,\
"3"=hex:4a,00,31,00,00,00,00,00,1f,3b,fc,03,10,00,41,4c,42,55,4d,41,7e,31,00,
00,32,00,03,00,04,00,ef,be,1d,3b,dc,33,21,3b,cf,22,14,00,00,00,41,00,6c,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\1]
@DACL=(02 0000)
"NodeSlot"=dword:0000006b
"MRUListEx"=hex:01,00,00,00,03,00,00,00,02,00,00,00,00,00,00,00,ff,ff,ff,ff
"0"=hex:40,00,31,00,00,00,00,00,3a,36,b4,ae,10,00,50,65,72,73,6f,6e,61,6c,00,
00,28,00,03,00,04,00,ef,be,3a,36,b4,ae,3b,36,a7,1b,14,00,00,00,50,00,65,00,\
"1"=hex:3c,00,31,00,00,00,00,00,3a,36,b4,ae,10,00,43,6c,61,73,73,65,73,00,26,
00,03,00,04,00,ef,be,3a,36,b4,ae,03,37,c7,16,14,00,00,00,43,00,6c,00,61,00,\
"2"=hex:40,00,31,00,00,00,00,00,3a,36,b4,ae,10,00,50,72,6f,6a,65,63,74,73,00,
00,28,00,03,00,04,00,ef,be,3a,36,b4,ae,03,37,c7,16,14,00,00,00,50,00,72,00,\
"3"=hex:40,00,31,00,00,00,00,00,91,38,84,a9,10,00,57,68,69,70,6c,61,73,68,00,
00,28,00,03,00,04,00,ef,be,3c,36,a5,16,71,39,ef,3c,14,00,00,00,57,00,68,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\10]
@DACL=(02 0000)
"NodeSlot"=dword:00000209
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\11]
@DACL=(02 0000)
"NodeSlot"=dword:00000305
"MRUListEx"=hex:00,00,00,00,03,00,00,00,01,00,00,00,02,00,00,00,ff,ff,ff,ff
"0"=hex:4e,00,31,00,00,00,00,00,68,38,68,10,10,00,53,54,4f,52,45,50,7e,31,00,
00,36,00,03,00,04,00,ef,be,68,38,68,10,68,38,68,10,14,00,00,00,53,00,74,00,\
"1"=hex:36,00,31,00,00,00,00,00,63,39,5b,be,10,00,53,61,76,65,64,00,22,00,03,
00,04,00,ef,be,5e,39,8d,25,63,39,72,be,14,00,00,00,53,00,61,00,76,00,65,00,\
"2"=hex:44,00,31,00,00,00,00,00,64,39,09,00,10,00,49,4e,43,4f,4d,50,7e,31,00,
00,2c,00,03,00,04,00,ef,be,63,39,13,09,64,39,09,00,14,00,00,00,49,00,6e,00,\
"3"=hex:3a,00,31,00,00,00,00,00,63,39,13,09,10,00,53,68,61,72,65,64,00,00,24,
00,03,00,04,00,ef,be,63,39,13,09,63,39,cd,bb,14,00,00,00,53,00,68,00,61,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\12]
@DACL=(02 0000)
"NodeSlot"=dword:00000320
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\13]
@DACL=(02 0000)
"NodeSlot"=dword:00000356
"MRUListEx"=hex:02,00,00,00,05,00,00,00,01,00,00,00,04,00,00,00,00,00,00,00,03,
00,00,00,ff,ff,ff,ff
"0"=hex:44,00,31,00,00,00,00,00,5f,39,a4,4c,10,00,54,48,45,50,52,49,7e,31,00,
00,2c,00,03,00,04,00,ef,be,5f,39,a4,4c,5f,39,a4,4c,14,00,00,00,54,00,68,00,\
"1"=hex:4c,00,31,00,00,00,00,00,5f,39,59,52,10,00,54,48,45,41,52,54,7e,31,00,
00,34,00,03,00,04,00,ef,be,5f,39,59,52,5f,39,59,52,14,00,00,00,54,00,68,00,\
"2"=hex:3a,00,31,00,00,00,00,00,63,39,d0,06,10,00,4d,6f,76,69,65,73,00,00,24,
00,03,00,04,00,ef,be,63,39,d0,06,63,39,81,15,14,00,00,00,4d,00,6f,00,76,00,\
"3"=hex:52,00,31,00,00,00,00,00,63,39,67,2d,10,00,57,49,4e,52,41,52,7e,31,2e,
36,5f,46,00,00,36,00,03,00,04,00,ef,be,63,39,66,2d,63,39,67,2d,14,00,00,00,\
"4"=hex:4c,00,31,00,00,00,00,00,64,39,9b,2a,10,00,41,54,4c,41,53,53,7e,31,00,
00,34,00,03,00,04,00,ef,be,64,39,9b,2a,64,39,a0,2a,14,00,00,00,41,00,74,00,\
"5"=hex:44,00,31,00,00,00,00,00,92,39,24,95,10,00,52,41,52,4d,4f,56,7e,31,00,
00,2c,00,03,00,04,00,ef,be,92,39,24,95,92,39,24,95,14,00,00,00,72,00,61,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\14]
@DACL=(02 0000)
"NodeSlot"=dword:00000372
"MRUListEx"=hex:01,00,00,00,00,00,00,00,ff,ff,ff,ff
"0"=hex:40,00,31,00,00,00,00,00,7d,36,5b,8b,10,00,49,6e,74,65,72,6e,65,74,00,
00,28,00,03,00,04,00,ef,be,3c,36,d4,16,61,39,30,46,14,00,00,00,49,00,6e,00,\
"1"=hex:78,00,31,00,00,00,00,00,61,39,59,46,10,00,49,49,4e,48,45,52,7e,31,00,
00,60,00,03,00,04,00,ef,be,3c,36,d5,16,64,39,44,00,14,00,00,00,49,00,20,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\15]
@DACL=(02 0000)
"NodeSlot"=dword:000003b2
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\16]
@DACL=(02 0000)
"NodeSlot"=dword:000003cf
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\17]
@DACL=(02 0000)
"NodeSlot"=dword:000003dc
"MRUListEx"=hex:0f,00,00,00,12,00,00,00,09,00,00,00,00,00,00,00,0d,00,00,00,10,
00,00,00,05,00,00,00,0e,00,00,00,02,00,00,00,04,00,00,00,0c,00,00,00,03,00,\
"0"=hex:44,00,31,00,00,00,00,00,6b,39,5b,bb,10,00,50,48,49,4c,4f,53,7e,31,00,
00,2c,00,03,00,04,00,ef,be,6b,39,d8,ba,6b,39,5b,bb,14,00,00,00,50,00,68,00,\
"1"=hex:44,00,31,00,00,00,00,00,6b,39,ce,bc,10,00,4e,45,57,46,4f,4c,7e,31,00,
00,2c,00,03,00,04,00,ef,be,6b,39,ce,bc,6b,39,ce,bc,14,00,00,00,4e,00,65,00,\
"2"=hex:52,00,31,00,00,00,00,00,6b,39,dd,bc,10,00,44,45,54,45,43,54,7e,31,00,
00,3a,00,03,00,04,00,ef,be,6b,39,dd,bc,6b,39,dd,bc,14,00,00,00,44,00,65,00,\
"3"=hex:42,00,31,00,00,00,00,00,6c,39,13,00,10,00,41,44,56,45,4e,54,7e,31,00,
00,2a,00,03,00,04,00,ef,be,6b,39,12,ba,6c,39,13,00,14,00,00,00,41,00,64,00,\
"4"=hex:4a,00,31,00,00,00,00,00,6b,39,ed,be,10,00,43,52,49,4d,45,46,7e,31,00,
00,32,00,03,00,04,00,ef,be,6b,39,e6,be,6b,39,ed,be,14,00,00,00,43,00,72,00,\
"5"=hex:3a,00,31,00,00,00,00,00,6c,39,43,01,10,00,48,6f,72,72,6f,72,00,00,24,
00,03,00,04,00,ef,be,6c,39,43,01,6c,39,43,01,14,00,00,00,48,00,6f,00,72,00,\
"6"=hex:4e,00,31,00,00,00,00,00,6b,39,16,be,10,00,4d,59,53,54,45,52,7e,32,00,
00,36,00,03,00,04,00,ef,be,6b,39,80,bd,6b,39,16,be,14,00,00,00,4d,00,79,00,\
"7"=hex:42,00,31,00,00,00,00,00,6b,39,bb,ba,10,00,4d,59,53,54,45,52,7e,31,00,
00,2a,00,03,00,04,00,ef,be,6b,39,bb,ba,6b,39,bb,ba,14,00,00,00,4d,00,79,00,\
"8"=hex:50,00,31,00,00,00,00,00,6c,39,c0,00,10,00,48,41,52,56,41,52,7e,31,00,
00,38,00,03,00,04,00,ef,be,6b,39,6a,bf,6c,39,c0,00,14,00,00,00,48,00,61,00,\
"9"=hex:40,00,31,00,00,00,00,00,6b,39,b4,ba,10,00,50,6f,6c,69,74,69,63,73,00,
00,28,00,03,00,04,00,ef,be,6b,39,b4,ba,6b,39,b4,ba,14,00,00,00,50,00,6f,00,\
"10"=hex:4c,00,31,00,00,00,00,00,6c,39,d8,03,10,00,4e,4f,56,45,4c,53,7e,31,00,
00,34,00,03,00,04,00,ef,be,6c,39,d8,03,6c,39,e7,03,14,00,00,00,4e,00,6f,00,\
"11"=hex:54,00,31,00,00,00,00,00,6c,39,0e,04,10,00,4c,49,54,45,52,41,7e,31,00,
00,3c,00,03,00,04,00,ef,be,6c,39,d8,03,6c,39,23,04,14,00,00,00,4c,00,69,00,\
"12"=hex:58,00,31,00,00,00,00,00,6c,39,c0,00,10,00,43,4c,41,53,53,49,7e,31,00,
00,40,00,03,00,04,00,ef,be,6b,39,6a,bf,6c,39,8d,06,14,00,00,00,43,00,6c,00,\
"13"=hex:5c,00,31,00,00,00,00,00,6c,39,0e,04,10,00,4c,49,54,45,52,41,7e,31,00,
00,44,00,03,00,04,00,ef,be,6c,39,d8,03,6c,39,07,07,14,00,00,00,4c,00,69,00,\
"14"=hex:42,00,31,00,00,00,00,00,6c,39,04,03,10,00,45,43,4f,4e,4f,4d,7e,31,00,
00,2a,00,03,00,04,00,ef,be,6c,39,e8,02,6c,39,04,03,14,00,00,00,45,00,63,00,\
"15"=hex:30,00,31,00,00,00,00,00,6c,39,80,03,10,00,57,61,72,00,1e,00,03,00,04,
00,ef,be,6c,39,73,03,6c,39,80,03,14,00,00,00,57,00,61,00,72,00,00,00,12,00,\
"16"=hex:36,00,31,00,00,00,00,00,6c,39,21,09,10,00,48,75,6d,6f,72,00,22,00,03,
00,04,00,ef,be,6c,39,9b,08,6e,39,5d,b8,14,00,00,00,48,00,75,00,6d,00,6f,00,\
"17"=hex:4c,00,31,00,00,00,00,00,6c,39,80,03,10,00,50,4f,4c,49,54,49,7e,31,00,
00,34,00,03,00,04,00,ef,be,6c,39,73,03,6f,39,2f,0c,14,00,00,00,50,00,6f,00,\
"18"=hex:3c,00,31,00,00,00,00,00,6f,39,d2,01,10,00,53,63,69,65,6e,63,65,00,26,
00,03,00,04,00,ef,be,6f,39,c7,01,70,39,39,01,14,00,00,00,53,00,63,00,69,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\18]
@DACL=(02 0000)
"NodeSlot"=dword:000003e3
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:34,00,31,00,00,00,00,00,6b,39,27,1c,10,00,37,34,2d,68,00,00,20,00,03,
00,04,00,ef,be,6b,39,25,1c,6b,39,27,1c,14,00,00,00,37,00,34,00,2d,00,68,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\19]
@DACL=(02 0000)
"NodeSlot"=dword:00000404
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\2]
@DACL=(02 0000)
"0"=hex:42,00,31,00,00,00,00,00,3c,36,d4,16,10,00,4d,59,45,42,4f,4f,7e,31,00,
00,2a,00,03,00,04,00,ef,be,3c,36,d3,16,3c,36,d4,16,14,00,00,00,4d,00,79,00,\
"MRUListEx"=hex:14,00,00,00,22,00,00,00,2f,00,00,00,2a,00,00,00,20,00,00,00,02,
00,00,00,2e,00,00,00,23,00,00,00,10,00,00,00,0a,00,00,00,2c,00,00,00,29,00,\
"NodeSlot"=dword:00000084
"1"=hex:48,00,31,00,00,00,00,00,3c,36,a5,16,10,00,57,4f,4f,44,43,41,7e,31,00,
00,30,00,03,00,04,00,ef,be,3c,36,a5,16,3f,36,aa,12,14,00,00,00,57,00,6f,00,\
"2"=hex:3c,00,31,00,00,00,00,00,3c,36,d8,16,10,00,4d,65,64,69,63,61,6c,00,26,
00,03,00,04,00,ef,be,3c,36,d5,16,3f,36,aa,12,14,00,00,00,4d,00,65,00,64,00,\
"3"=hex:3c,00,31,00,00,00,00,00,3c,36,d3,16,10,00,4f,70,74,69,6f,6e,73,00,26,
00,03,00,04,00,ef,be,3c,36,d0,16,3f,36,a9,3b,14,00,00,00,4f,00,70,00,74,00,\
"4"=hex:3c,00,31,00,00,00,00,00,3c,36,e1,16,10,00,46,75,74,75,72,65,73,00,26,
00,03,00,04,00,ef,be,3c,36,dd,16,3f,36,8d,8a,14,00,00,00,46,00,75,00,74,00,\
"5"=hex:40,00,31,00,00,00,00,00,3f,36,4e,8c,10,00,43,75,72,72,65,6e,63,79,00,
00,28,00,03,00,04,00,ef,be,3f,36,01,8c,3f,36,66,a9,14,00,00,00,43,00,75,00,\
"6"=hex:3c,00,31,00,00,00,00,00,3c,36,e1,16,10,00,46,69,6c,74,65,72,73,00,26,
00,03,00,04,00,ef,be,3c,36,e1,16,3f,36,c3,be,14,00,00,00,46,00,69,00,6c,00,\
"7"=hex:3a,00,31,00,00,00,00,00,3c,36,e9,16,10,00,43,61,6e,6e,6f,6e,00,00,24,
00,03,00,04,00,ef,be,3c,36,e8,16,49,36,3a,39,14,00,00,00,43,00,61,00,6e,00,\
"8"=hex:46,00,31,00,00,00,00,00,3c,36,aa,16,10,00,52,45,41,4c,45,53,7e,31,00,
00,2e,00,03,00,04,00,ef,be,3c,36,aa,16,49,36,24,59,14,00,00,00,52,00,65,00,\
"9"=hex:4e,00,31,00,00,00,00,00,3c,36,f0,16,10,00,42,55,53,49,4e,45,7e,31,00,
00,36,00,03,00,04,00,ef,be,3c,36,e9,16,4a,36,b2,2a,14,00,00,00,42,00,75,00,\
"10"=hex:3a,00,31,00,00,00,00,00,3c,36,f2,16,10,00,61,62,6a,6a,61,64,00,00,24,
00,03,00,04,00,ef,be,3c,36,f1,16,4c,36,5b,0e,14,00,00,00,61,00,62,00,6a,00,\
"11"=hex:dc,00,31,00,00,00,00,00,4d,36,5c,bf,10,00,4a,49,4d,43,52,41,7e,31,00,
00,c4,00,03,00,04,00,ef,be,4d,36,5c,bf,54,36,35,b2,14,00,00,00,bb,00,20,00,\
"12"=hex:3a,00,31,00,00,00,00,00,56,36,bd,13,10,00,53,74,6f,63,6b,73,00,00,24,
00,03,00,04,00,ef,be,3c,36,a9,16,56,36,bd,13,14,00,00,00,53,00,74,00,6f,00,\
"13"=hex:a0,00,31,00,00,00,00,00,67,36,8c,30,10,00,44,52,41,41,36,39,7e,31,2e,
4d,41,52,00,00,84,00,03,00,04,00,ef,be,66,36,73,33,69,36,4a,08,14,00,00,00,\
"14"=hex:3c,00,31,00,00,00,00,00,56,36,bd,13,10,00,54,72,61,64,69,6e,67,00,26,
00,03,00,04,00,ef,be,3c,36,a8,16,69,36,b6,12,14,00,00,00,54,00,72,00,61,00,\
"15"=hex:44,00,31,00,00,00,00,00,69,36,37,13,10,00,57,41,4c,4c,53,54,7e,31,00,
00,2c,00,03,00,04,00,ef,be,69,36,37,13,69,36,37,13,14,00,00,00,57,00,61,00,\
"16"=hex:42,00,31,00,00,00,00,00,6e,36,1a,2a,10,00,49,4e,56,45,53,54,7e,31,00,
00,2a,00,03,00,04,00,ef,be,6e,36,1a,2a,6e,36,1a,2a,14,00,00,00,49,00,6e,00,\
"17"=hex:5c,00,31,00,00,00,00,00,56,36,ca,13,10,00,50,41,59,50,41,4c,7e,31,00,
00,44,00,03,00,04,00,ef,be,3c,36,d0,16,6e,36,3d,38,14,00,00,00,50,00,61,00,\
"18"=hex:42,00,31,00,00,00,00,00,6e,36,08,43,10,00,56,41,4c,55,45,4c,7e,31,00,
00,2a,00,03,00,04,00,ef,be,6e,36,37,41,6e,36,08,43,14,00,00,00,56,00,61,00,\
"19"=hex:36,00,31,00,00,00,00,00,56,36,c1,13,10,00,50,6f,6b,65,72,00,22,00,03,
00,04,00,ef,be,3c,36,ab,16,75,36,d4,19,14,00,00,00,50,00,6f,00,6b,00,65,00,\
"20"=hex:42,00,31,00,00,00,00,00,56,36,cf,13,10,00,43,4f,4d,50,55,54,7e,31,00,
00,2a,00,03,00,04,00,ef,be,3c,36,e2,16,7d,36,f5,8a,14,00,00,00,43,00,6f,00,\
"21"=hex:3a,00,31,00,00,00,00,00,56,36,ce,13,10,00,47,72,61,6e,74,73,00,00,24,
00,03,00,04,00,ef,be,3c,36,dd,16,91,36,f2,33,14,00,00,00,47,00,72,00,61,00,\
"22"=hex:44,00,31,00,00,00,00,00,56,36,ce,13,10,00,48,4f,4d,45,2d,42,7e,31,00,
00,2c,00,03,00,04,00,ef,be,3c,36,db,16,94,36,51,26,14,00,00,00,48,00,6f,00,\
"23"=hex:40,00,31,00,00,00,00,00,56,36,bd,13,10,00,57,68,69,70,6c,61,73,68,00,
00,28,00,03,00,04,00,ef,be,3c,36,a5,16,44,37,8e,4d,14,00,00,00,57,00,68,00,\
"24"=hex:ac,00,31,00,00,00,00,00,1a,37,0d,a3,10,00,4d,55,53,49,43,52,7e,31,00,
00,94,00,03,00,04,00,ef,be,1a,37,0c,a3,44,37,8e,4d,14,00,00,00,4d,00,75,00,\
"25"=hex:46,00,31,00,00,00,00,00,4e,37,a7,b4,10,00,43,4f,4d,4d,4f,44,7e,31,00,
00,2e,00,03,00,04,00,ef,be,4e,37,6f,b4,4e,37,a7,b4,14,00,00,00,43,00,6f,00,\
"26"=hex:4c,00,31,00,00,00,00,00,4e,37,fc,bc,10,00,54,52,45,4e,44,46,7e,31,00,
00,34,00,03,00,04,00,ef,be,9b,36,06,1a,4e,37,20,bd,14,00,00,00,54,00,72,00,\
"27"=hex:34,00,31,00,00,00,00,00,5c,37,5c,34,10,00,42,6f,6f,6b,00,00,20,00,03,
00,04,00,ef,be,58,37,b2,b8,61,37,7b,b5,14,00,00,00,42,00,6f,00,6f,00,6b,00,\
"28"=hex:42,00,31,00,00,00,00,00,34,38,03,9b,10,00,4d,45,54,41,53,54,7e,31,00,
00,2a,00,03,00,04,00,ef,be,34,38,b2,9a,34,38,0d,9b,14,00,00,00,4d,00,65,00,\
"29"=hex:4a,00,31,00,00,00,00,00,56,36,cc,13,10,00,4d,41,52,43,48,4d,7e,31,00,
00,32,00,03,00,04,00,ef,be,3c,36,d8,16,35,38,81,00,14,00,00,00,4d,00,61,00,\
"30"=hex:34,00,31,00,00,00,00,00,41,38,82,2e,10,00,54,65,6d,70,00,00,20,00,03,
00,04,00,ef,be,41,38,82,2e,41,38,82,2e,14,00,00,00,54,00,65,00,6d,00,70,00,\
"31"=hex:3c,00,31,00,00,00,00,00,3e,38,35,31,10,00,52,65,73,75,6d,65,73,00,26,
00,03,00,04,00,ef,be,3c,36,aa,16,48,38,ed,30,14,00,00,00,52,00,65,00,73,00,\
"32"=hex:40,00,31,00,00,00,00,00,58,38,5c,1b,10,00,50,69,63,74,75,72,65,73,00,
00,28,00,03,00,04,00,ef,be,58,38,5c,1b,58,38,5c,1b,14,00,00,00,50,00,69,00,\
"33"=hex:44,00,31,00,00,00,00,00,3e,38,34,31,10,00,43,4f,4d,50,54,49,7e,31,00,
00,2c,00,03,00,04,00,ef,be,3c,36,e2,16,88,38,b0,90,14,00,00,00,43,00,6f,00,\
"34"=hex:34,00,31,00,00,00,00,00,3e,38,34,31,10,00,49,72,61,71,00,00,20,00,03,
00,04,00,ef,be,3c,36,d8,16,91,38,e2,6c,14,00,00,00,49,00,72,00,61,00,71,00,\
"35"=hex:40,00,31,00,00,00,00,00,9b,36,5b,92,10,00,57,6f,6f,64,70,69,6c,65,00,
00,28,00,03,00,04,00,ef,be,93,36,bd,1b,cd,38,34,b0,14,00,00,00,57,00,6f,00,\
"36"=hex:44,00,31,00,00,00,00,00,3e,38,35,31,10,00,50,4f,4f,4c,53,2d,7e,31,00,
00,2c,00,03,00,04,00,ef,be,3c,36,aa,16,1c,39,23,79,14,00,00,00,50,00,6f,00,\
"37"=hex:36,00,31,00,00,00,00,00,cd,38,58,b0,10,00,42,6f,6f,6b,73,00,22,00,03,
00,04,00,ef,be,58,37,b2,b8,67,39,3a,4c,14,00,00,00,42,00,6f,00,6f,00,6b,00,\
"38"=hex:4a,00,31,00,00,00,00,00,67,39,f8,5e,10,00,43,4c,41,53,53,49,7e,31,00,
00,32,00,03,00,04,00,ef,be,58,37,b2,b8,67,39,62,6e,14,00,00,00,43,00,6c,00,\
"39"=hex:3a,00,31,00,00,00,00,00,87,39,9d,2c,10,00,41,75,64,69,6f,73,00,00,24,
00,03,00,04,00,ef,be,3c,36,e9,16,87,39,e6,2c,14,00,00,00,41,00,75,00,64,00,\
"40"=hex:52,00,31,00,00,00,00,00,87,39,17,2d,10,00,4d,4f,54,49,56,41,7e,31,00,
00,3a,00,03,00,04,00,ef,be,3c,36,e9,16,8d,39,6c,28,14,00,00,00,4d,00,6f,00,\
"41"=hex:46,00,31,00,00,00,00,00,92,39,70,06,10,00,4d,59,4e,4f,54,45,7e,31,00,
00,2e,00,03,00,04,00,ef,be,3a,36,b4,ae,92,39,f2,06,14,00,00,00,4d,00,79,00,\
"42"=hex:44,00,31,00,00,00,00,00,92,39,86,32,10,00,4d,4f,54,49,56,41,7e,31,00,
00,2c,00,03,00,04,00,ef,be,3c,36,e9,16,93,39,a2,08,14,00,00,00,4d,00,6f,00,\
"43"=hex:5c,00,31,00,00,00,00,00,4a,3a,55,3e,10,00,50,4f,4c,49,54,49,7e,31,00,
00,44,00,03,00,04,00,ef,be,4a,3a,10,3e,4a,3a,55,3e,14,00,00,00,50,00,6f,00,\
"44"=hex:34,00,31,00,00,00,00,00,67,3a,9d,a6,10,00,47,6f,6c,66,00,00,20,00,03,
00,04,00,ef,be,67,3a,9d,a6,67,3a,9d,a6,14,00,00,00,47,00,6f,00,6c,00,66,00,\
"45"=hex:40,00,31,00,00,00,00,00,1d,3b,db,33,11,00,4d,59,4d,55,53,49,7e,31,00,
00,28,00,03,00,04,00,ef,be,1d,3b,51,33,1d,3b,dc,33,14,00,00,00,4d,00,79,00,\
"46"=hex:34,00,31,00,00,00,00,00,0f,3b,31,ba,10,00,42,6c,6f,67,00,00,20,00,03,
00,04,00,ef,be,0f,3b,31,ba,29,3b,2f,39,14,00,00,00,42,00,6c,00,6f,00,67,00,\
"47"=hex:34,00,31,00,00,00,00,00,9d,3c,36,aa,10,00,55,53,4d,43,00,00,20,00,03,
00,04,00,ef,be,9d,3c,51,a7,9d,3c,36,aa,14,00,00,00,55,00,53,00,4d,00,43,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\20]
@DACL=(02 0000)
"NodeSlot"=dword:00000405
"MRUListEx"=hex:03,00,00,00,02,00,00,00,00,00,00,00,01,00,00,00,ff,ff,ff,ff
"0"=hex:4c,00,31,00,00,00,00,00,8d,39,47,27,10,00,54,48,45,41,52,54,7e,31,00,
00,34,00,03,00,04,00,ef,be,8d,39,43,27,8d,39,66,27,14,00,00,00,54,00,68,00,\
"1"=hex:4c,00,31,00,00,00,00,00,8d,39,4a,27,10,00,41,54,4c,41,53,53,7e,31,00,
00,34,00,03,00,04,00,ef,be,8d,39,47,27,8e,39,25,26,14,00,00,00,41,00,74,00,\
"2"=hex:44,00,31,00,00,00,00,00,8d,39,43,27,10,00,54,48,45,50,52,49,7e,31,00,
00,2c,00,03,00,04,00,ef,be,8d,39,36,27,93,39,97,1b,14,00,00,00,54,00,68,00,\
"3"=hex:4a,00,31,00,00,00,00,00,8c,3a,e0,2a,10,00,43,4c,41,53,53,49,7e,31,00,
00,32,00,03,00,04,00,ef,be,58,37,b2,b8,96,3a,54,06,14,00,00,00,43,00,6c,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\21]
@DACL=(02 0000)
"NodeSlot"=dword:00000418
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\22]
@DACL=(02 0000)
"NodeSlot"=dword:00000433
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\23]
@DACL=(02 0000)
"NodeSlot"=dword:00000468
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:40,00,31,00,00,00,00,00,67,3a,1a,a8,10,00,43,6f,75,72,73,65,73,30,00,
00,28,00,03,00,04,00,ef,be,67,3a,1a,a8,67,3a,1a,a8,14,00,00,00,43,00,6f,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\24]
@DACL=(02 0000)
"NodeSlot"=dword:000004a4
"MRUListEx"=hex:03,00,00,00,01,00,00,00,02,00,00,00,00,00,00,00,ff,ff,ff,ff
"0"=hex:40,00,31,00,00,00,00,00,65,37,ea,28,10,00,5f,70,72,69,76,61,74,65,00,
00,28,00,03,00,04,00,ef,be,65,37,ea,28,c9,3a,63,4e,14,00,00,00,5f,00,70,00,\
"1"=hex:40,00,31,00,00,00,00,00,65,37,ea,28,12,00,5f,76,74,69,5f,70,76,74,00,
00,28,00,03,00,04,00,ef,be,65,37,ea,28,c9,3a,63,4e,14,00,00,00,5f,00,76,00,\
"2"=hex:40,00,31,00,00,00,00,00,65,37,ea,28,12,00,5f,76,74,69,5f,63,6e,66,00,
00,28,00,03,00,04,00,ef,be,65,37,ea,28,c9,3a,63,4e,14,00,00,00,5f,00,76,00,\
"3"=hex:3a,00,31,00,00,00,00,00,65,37,ea,28,10,00,69,6d,61,67,65,73,00,00,24,
00,03,00,04,00,ef,be,65,37,ea,28,c9,3a,63,4e,14,00,00,00,69,00,6d,00,61,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\3]
@DACL=(02 0000)
"NodeSlot"=dword:00000086
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\4]
@DACL=(02 0000)
"NodeSlot"=dword:000000aa
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:40,00,31,00,00,00,00,00,30,37,f1,a8,10,00,4d,59,4d,55,53,49,7e,31,00,
00,28,00,03,00,04,00,ef,be,3a,36,59,bf,30,37,22,a9,14,00,00,00,4d,00,79,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\5]
@DACL=(02 0000)
"NodeSlot"=dword:000000ef
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:58,00,31,00,00,00,00,00,64,39,8c,3e,10,00,52,45,41,4c,50,4c,7e,31,00,
00,40,00,03,00,04,00,ef,be,5f,39,39,13,27,3b,5c,1e,14,00,00,00,52,00,65,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\6]
@DACL=(02 0000)
"NodeSlot"=dword:000001f6
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\7]
@DACL=(02 0000)
"NodeSlot"=dword:000001f7
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\8]
@DACL=(02 0000)
"NodeSlot"=dword:000001f8
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\9]
@DACL=(02 0000)
"NodeSlot"=dword:00000207
"MRUListEx"=hex:16,00,00,00,17,00,00,00,15,00,00,00,14,00,00,00,13,00,00,00,12,
00,00,00,11,00,00,00,10,00,00,00,0f,00,00,00,0e,00,00,00,0d,00,00,00,0c,00,\
"0"=hex:3c,00,31,00,00,00,00,00,9b,36,5c,15,10,00,42,72,75,73,68,65,73,00,26,
00,03,00,04,00,ef,be,9b,36,5c,15,92,39,2e,bb,14,00,00,00,42,00,72,00,75,00,\
"1"=hex:42,00,31,00,00,00,00,00,9b,36,5c,15,10,00,42,55,4d,50,4d,41,7e,31,00,
00,2a,00,03,00,04,00,ef,be,9b,36,5c,15,92,39,2e,bb,14,00,00,00,42,00,75,00,\
"2"=hex:4a,00,31,00,00,00,00,00,9b,36,5c,15,10,00,43,4d,59,4b,50,52,7e,31,00,
00,32,00,03,00,04,00,ef,be,9b,36,5c,15,92,39,2e,bb,14,00,00,00,43,00,4d,00,\
"3"=hex:50,00,31,00,00,00,00,00,9b,36,5c,15,10,00,44,45,46,4f,52,4d,7e,31,00,
00,38,00,03,00,04,00,ef,be,9b,36,5c,15,92,39,2e,bb,14,00,00,00,44,00,65,00,\
"4"=hex:52,00,31,00,00,00,00,00,9b,36,5c,15,10,00,44,49,53,50,4c,41,7e,31,00,
00,3a,00,03,00,04,00,ef,be,9b,36,5c,15,92,39,2e,bb,14,00,00,00,44,00,69,00,\
"5"=hex:50,00,31,00,00,00,00,00,9b,36,5c,15,10,00,45,4e,56,49,52,4f,7e,31,00,
00,38,00,03,00,04,00,ef,be,9b,36,5c,15,92,39,2e,bb,14,00,00,00,45,00,6e,00,\
"6"=hex:42,00,31,00,00,00,00,00,9b,36,5c,15,10,00,47,52,41,44,49,45,7e,31,00,
00,2a,00,03,00,04,00,ef,be,9b,36,5c,15,92,39,2e,bb,14,00,00,00,47,00,72,00,\
"7"=hex:36,00,31,00,00,00,00,00,9b,36,5c,15,10,00,4d,61,73,6b,73,00,22,00,03,
00,04,00,ef,be,9b,36,5c,15,92,39,2e,bb,14,00,00,00,4d,00,61,00,73,00,6b,00,\
"8"=hex:46,00,31,00,00,00,00,00,9b,36,5c,15,10,00,4d,49,58,45,52,50,7e,31,00,
00,2e,00,03,00,04,00,ef,be,9b,36,5c,15,92,39,2e,bb,14,00,00,00,4d,00,69,00,\
"9"=hex:50,00,31,00,00,00,00,00,9b,36,5c,15,10,00,4d,4f,4e,49,54,4f,7e,31,00,
00,38,00,03,00,04,00,ef,be,9b,36,5c,15,92,39,2e,bb,14,00,00,00,4d,00,6f,00,\
"10"=hex:40,00,31,00,00,00,00,00,9b,36,5c,15,10,00,50,61,6c,65,74,74,65,73,00,
00,28,00,03,00,04,00,ef,be,9b,36,5c,15,92,39,2e,bb,14,00,00,00,50,00,61,00,\
"11"=hex:40,00,31,00,00,00,00,00,9b,36,5c,15,10,00,50,61,74,74,65,72,6e,73,00,
00,28,00,03,00,04,00,ef,be,9b,36,5c,15,92,39,2e,bb,14,00,00,00,50,00,61,00,\
"12"=hex:4c,00,31,00,00,00,00,00,9b,36,5c,15,10,00,50,49,43,54,55,52,7e,32,00,
00,34,00,03,00,04,00,ef,be,9b,36,5c,15,92,39,2e,bb,14,00,00,00,50,00,69,00,\
"13"=hex:4a,00,31,00,00,00,00,00,9b,36,5c,15,10,00,50,49,43,54,55,52,7e,31,00,
00,32,00,03,00,04,00,ef,be,9b,36,5c,15,92,39,2e,bb,14,00,00,00,50,00,69,00,\
"14"=hex:4a,00,31,00,00,00,00,00,9b,36,5c,15,10,00,50,52,45,53,45,54,7e,31,00,
00,32,00,03,00,04,00,ef,be,9b,36,5c,15,92,39,2e,bb,14,00,00,00,50,00,72,00,\
"15"=hex:3c,00,31,00,00,00,00,00,9b,36,5c,15,10,00,50,72,65,73,65,74,73,00,26,
00,03,00,04,00,ef,be,9b,36,5c,15,92,39,2e,bb,14,00,00,00,50,00,72,00,65,00,\
"16"=hex:4e,00,31,00,00,00,00,00,9b,36,5c,15,10,00,50,52,49,4e,54,54,7e,31,00,
00,36,00,03,00,04,00,ef,be,9b,36,5c,15,92,39,2e,bb,14,00,00,00,50,00,72,00,\
"17"=hex:54,00,31,00,00,00,00,00,9b,36,5c,15,10,00,53,43,52,49,50,54,7e,31,00,
00,3c,00,03,00,04,00,ef,be,9b,36,5c,15,92,39,2e,bb,14,00,00,00,53,00,63,00,\
"18"=hex:4e,00,31,00,00,00,00,00,9b,36,5c,15,10,00,53,43,52,49,50,54,7e,32,00,
00,36,00,03,00,04,00,ef,be,9b,36,5c,15,92,39,2e,bb,14,00,00,00,53,00,63,00,\
"19"=hex:44,00,31,00,00,00,00,00,9b,36,5c,15,10,00,53,45,4c,45,43,54,7e,31,00,
00,2c,00,03,00,04,00,ef,be,9b,36,5c,15,92,39,2e,bb,14,00,00,00,53,00,65,00,\
"20"=hex:48,00,31,00,00,00,00,00,9b,36,5c,15,10,00,53,54,59,4c,45,44,7e,31,00,
00,30,00,03,00,04,00,ef,be,9b,36,5c,15,92,39,2e,bb,14,00,00,00,53,00,74,00,\
"21"=hex:40,00,31,00,00,00,00,00,9b,36,5c,15,10,00,53,77,61,74,63,68,65,73,00,
00,28,00,03,00,04,00,ef,be,9b,36,5c,15,92,39,2e,bb,14,00,00,00,53,00,77,00,\
"22"=hex:44,00,31,00,00,00,00,00,9b,36,67,15,10,00,57,4f,52,4b,53,50,7e,31,00,
00,2c,00,03,00,04,00,ef,be,9b,36,5c,15,92,39,2e,bb,14,00,00,00,57,00,6f,00,\
"23"=hex:40,00,31,00,00,00,00,00,9b,36,5c,15,10,00,54,65,78,74,75,72,65,73,00,
00,28,00,03,00,04,00,ef,be,9b,36,5c,15,92,39,2e,bb,14,00,00,00,54,00,65,00,\
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\2]
@DACL=(02 0000)
@SACL=
"NodeSlot"=dword:00000024
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\1]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\10]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\11]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\12]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\13]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\14]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\15]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\16]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\17]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\18]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\19]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\2]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\20]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\21]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\22]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\23]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\24]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\25]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\26]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\27]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\28]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\29]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\3]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\30]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\31]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\32]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\33]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\34]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\35]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\36]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\37]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\38]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\39]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\4]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\40]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\41]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\42]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\43]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\44]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\45]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\46]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\47]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\48]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\49]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\5]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\50]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\51]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\52]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\53]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\54]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\55]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\56]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\57]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\58]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\59]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\6]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\60]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\61]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\62]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\63]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\64]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\65]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\66]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\7]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\8]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-105615621-1584330953-2930943117-1005\Software\Microsoft\Windows\ShellNoRoam\Bags\9]
@DACL=(02 0000)
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]
@DACL=(02 0000)
@SACL=
@=""
"waol.exe"=dword:00000001
"cs.exe"=dword:00000001
"wm.exe"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\MLS]
@DACL=(02 0000)
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\services]
@DACL=(02 0000)
@SACL=
"NoServices"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Realtek Semiconductor Corp.\Realtek High Definition Audio Driver]
@DACL=(02 0000)
@SACL=
.
[HKEY_LOCAL_MACHINE\software\TOSHIBA\Power Saver\Policies]
@DACL=(02 0000)
@SACL=
"MachinePolicies"=hex:01,00,00,00,04,00,00,00,04,00,00,00,04,00,00,00,04,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,32,32,00,00,02,00,00,00,\
"UserPolicies"=hex:01,00,00,00,00,00,00,00,03,00,00,00,00,00,00,00,00,00,00,00,
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,32,32,00,00,04,00,00,00,04,\
"ProcessorPolicies"=hex:01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,03,00,
00,00,a0,86,01,00,a0,86,01,00,a0,86,01,00,28,32,00,00,02,00,00,00,a0,86,01,\
.
[HKEY_LOCAL_MACHINE\software\Yahoo\YMP\InstallHistory\1.1.1.026]
@DACL=(02 0000)
@SACL=
@="2006.06.22.1"
"InstallTime"="08/11/06 14:36"
.
Completion time: 2011-12-21 14:52:34
ComboFix-quarantined-files.txt 2011-12-21 22:52
.
Pre-Run: 31,670,501,376 bytes free
Post-Run: 31,646,580,736 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - AAEBC0DD6CD55CEF6813AECC3AF44CA4

Attached Files


Edited by papa_A_D, 21 December 2011 - 05:22 PM.

  • 0

#43
papa_A_D
Posted 21 December 2011 - 05:40 PM

papa_A_D

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Here is Step 3:

15:34:11.0796 2940 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31

15:34:13.0561 2940 ============================================================

15:34:13.0561 2940 Current date / time: 2011/12/21 15:34:13.0561

15:34:13.0561 2940 SystemInfo:

15:34:13.0561 2940

15:34:13.0561 2940 OS Version: 5.1.2600 ServicePack: 3.0

15:34:13.0561 2940 Product type: Workstation

15:34:13.0561 2940 ComputerName: WALLSTREAT

15:34:13.0561 2940 UserName: Hemphill

15:34:13.0561 2940 Windows directory: C:\WINDOWS

15:34:13.0561 2940 System windows directory: C:\WINDOWS

15:34:13.0561 2940 Processor architecture: Intel x86

15:34:13.0561 2940 Number of processors: 2

15:34:13.0561 2940 Page size: 0x1000

15:34:13.0561 2940 Boot type: Normal boot

15:34:13.0561 2940 ============================================================

15:34:16.0030 2940 Initialize success

15:36:39.0436 2884 ============================================================

15:36:39.0436 2884 Scan started

15:36:39.0436 2884 Mode: Manual;

15:36:39.0436 2884 ============================================================

15:36:39.0968 2884 Abiosdsk - ok

15:36:39.0983 2884 abp480n5 - ok

15:36:40.0061 2884 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

15:36:40.0077 2884 ACPI - ok

15:36:40.0093 2884 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

15:36:40.0093 2884 ACPIEC - ok

15:36:40.0124 2884 adpu160m - ok

15:36:40.0171 2884 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

15:36:40.0171 2884 aec - ok

15:36:40.0233 2884 AegisP (accd563bf09c4659b54143fde633b57d) C:\WINDOWS\system32\DRIVERS\AegisP.sys

15:36:40.0296 2884 AegisP - ok

15:36:40.0374 2884 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

15:36:40.0390 2884 AFD - ok

15:36:40.0655 2884 AgereSoftModem (4458fcb8a00da31fdcc086449274c40d) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

15:36:40.0686 2884 AgereSoftModem - ok

15:36:40.0733 2884 Aha154x - ok

15:36:40.0749 2884 aic78u2 - ok

15:36:40.0765 2884 aic78xx - ok

15:36:40.0796 2884 AliIde - ok

15:36:40.0827 2884 amsint - ok

15:36:40.0874 2884 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

15:36:40.0874 2884 Arp1394 - ok

15:36:40.0890 2884 asc - ok

15:36:40.0905 2884 asc3350p - ok

15:36:40.0936 2884 asc3550 - ok

15:36:41.0015 2884 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\ASPI32.sys

15:36:41.0015 2884 ASPI32 - ok

15:36:41.0202 2884 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

15:36:41.0202 2884 AsyncMac - ok

15:36:41.0249 2884 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

15:36:41.0249 2884 atapi - ok

15:36:41.0265 2884 Atdisk - ok

15:36:41.0311 2884 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

15:36:41.0311 2884 Atmarpc - ok

15:36:41.0358 2884 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

15:36:41.0358 2884 audstub - ok

15:36:41.0374 2884 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

15:36:41.0374 2884 Beep - ok

15:36:41.0577 2884 catchme - ok

15:36:41.0655 2884 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

15:36:41.0655 2884 cbidf2k - ok

15:36:41.0671 2884 cd20xrnt - ok

15:36:41.0733 2884 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

15:36:41.0733 2884 Cdaudio - ok

15:36:41.0890 2884 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

15:36:41.0890 2884 Cdfs - ok

15:36:41.0952 2884 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

15:36:41.0952 2884 Cdrom - ok

15:36:41.0983 2884 Changer - ok

15:36:42.0030 2884 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

15:36:42.0046 2884 CmBatt - ok

15:36:42.0061 2884 CmdIde - ok

15:36:42.0077 2884 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

15:36:42.0077 2884 Compbatt - ok

15:36:42.0124 2884 Cpqarray - ok

15:36:42.0140 2884 dac2w2k - ok

15:36:42.0171 2884 dac960nt - ok

15:36:42.0202 2884 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

15:36:42.0202 2884 Disk - ok

15:36:42.0280 2884 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

15:36:42.0311 2884 dmboot - ok

15:36:42.0374 2884 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

15:36:42.0390 2884 dmio - ok

15:36:42.0561 2884 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

15:36:42.0561 2884 dmload - ok

15:36:42.0608 2884 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

15:36:42.0608 2884 DMusic - ok

15:36:42.0640 2884 dpti2o - ok

15:36:42.0686 2884 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

15:36:42.0686 2884 drmkaud - ok

15:36:42.0733 2884 EMSCR (66029e6c4b19223c24d8710eed3aaeab) C:\WINDOWS\system32\DRIVERS\EMS7SK.sys

15:36:42.0733 2884 EMSCR - ok

15:36:42.0765 2884 ESDCR (9f0fa60836e1d1148cc0c1b6e67aa6f7) C:\WINDOWS\system32\DRIVERS\ESD7SK.sys

15:36:42.0765 2884 ESDCR - ok

15:36:42.0796 2884 ESMCR (d9da881be71b74b328471ccf28b5f0a9) C:\WINDOWS\system32\DRIVERS\ESM7SK.sys

15:36:42.0796 2884 ESMCR - ok

15:36:42.0827 2884 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

15:36:42.0843 2884 Fastfat - ok

15:36:42.0874 2884 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

15:36:42.0890 2884 Fdc - ok

15:36:42.0921 2884 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

15:36:42.0921 2884 Fips - ok

15:36:42.0952 2884 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

15:36:42.0952 2884 Flpydisk - ok

15:36:43.0030 2884 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

15:36:43.0030 2884 FltMgr - ok

15:36:43.0218 2884 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

15:36:43.0218 2884 Fs_Rec - ok

15:36:43.0233 2884 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

15:36:43.0249 2884 Ftdisk - ok

15:36:43.0296 2884 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

15:36:43.0296 2884 GEARAspiWDM - ok

15:36:43.0358 2884 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

15:36:43.0374 2884 Gpc - ok

15:36:43.0405 2884 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

15:36:43.0405 2884 HDAudBus - ok

15:36:43.0468 2884 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

15:36:43.0468 2884 HidUsb - ok

15:36:43.0499 2884 hpn - ok

15:36:43.0577 2884 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

15:36:43.0577 2884 HTTP - ok

15:36:43.0749 2884 i2omgmt - ok

15:36:43.0780 2884 i2omp - ok

15:36:43.0827 2884 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

15:36:43.0827 2884 i8042prt - ok

15:36:43.0983 2884 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

15:36:44.0015 2884 ialm - ok

15:36:44.0108 2884 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

15:36:44.0108 2884 Imapi - ok

15:36:44.0280 2884 ini910u - ok

15:36:44.0640 2884 IntcAzAudAddService (7385944d4f025bd8c498bfd97981e336) C:\WINDOWS\system32\drivers\RtkHDAud.sys

15:36:44.0968 2884 IntcAzAudAddService - ok

15:36:45.0171 2884 IntelIde - ok

15:36:45.0249 2884 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

15:36:45.0249 2884 intelppm - ok

15:36:45.0296 2884 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

15:36:45.0296 2884 Ip6Fw - ok

15:36:45.0327 2884 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

15:36:45.0327 2884 IpFilterDriver - ok

15:36:45.0358 2884 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

15:36:45.0358 2884 IpInIp - ok

15:36:45.0421 2884 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

15:36:45.0421 2884 IpNat - ok

15:36:45.0624 2884 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

15:36:45.0624 2884 IPSec - ok

15:36:45.0718 2884 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

15:36:45.0718 2884 IRENUM - ok

15:36:45.0765 2884 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

15:36:45.0765 2884 isapnp - ok

15:36:45.0827 2884 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys

15:36:45.0827 2884 Iviaspi - ok

15:36:45.0890 2884 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

15:36:45.0890 2884 Kbdclass - ok

15:36:45.0936 2884 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

15:36:45.0936 2884 kbdhid - ok

15:36:45.0983 2884 KLIF (ade4545fe3dd94d2e44678c745477dab) C:\WINDOWS\system32\drivers\klif.sys

15:36:48.0452 2884 KLIF - ok

15:36:48.0686 2884 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

15:36:48.0702 2884 kmixer - ok

15:36:48.0765 2884 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

15:36:48.0765 2884 KSecDD - ok

15:36:48.0827 2884 L8042Kbd (3c342af6b920d37fd9155877af2b4b4e) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys

15:36:48.0827 2884 L8042Kbd - ok

15:36:48.0858 2884 lbrtfdc - ok

15:36:48.0936 2884 LHidKe (952c825c2a3014d4d1648309c42d8718) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys

15:36:48.0936 2884 LHidKe - ok

15:36:48.0999 2884 LHidUsbK (01b150189a1406a67a9489f8c3ee6c23) C:\WINDOWS\system32\Drivers\LHidUsbK.Sys

15:36:48.0999 2884 LHidUsbK - ok

15:36:49.0202 2884 LMouKE (bb9cc32385c3320074009fe4b9b3b3b6) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys

15:36:49.0218 2884 LMouKE - ok

15:36:49.0233 2884 MBAMSwissArmy - ok

15:36:49.0265 2884 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys

15:36:49.0374 2884 meiudf - ok

15:36:49.0421 2884 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

15:36:49.0421 2884 MHNDRV - ok

15:36:49.0468 2884 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

15:36:49.0468 2884 mnmdd - ok

15:36:49.0530 2884 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

15:36:49.0530 2884 Modem - ok

15:36:49.0561 2884 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

15:36:49.0561 2884 Mouclass - ok

15:36:49.0608 2884 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

15:36:49.0608 2884 mouhid - ok

15:36:49.0671 2884 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

15:36:49.0671 2884 MountMgr - ok

15:36:49.0718 2884 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

15:36:49.0718 2884 MpFilter - ok

15:36:49.0827 2884 MpKslc33e629a - ok

15:36:49.0874 2884 MpKslf41c3a3f (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{03686EA9-E2C8-4DF7-AEDB-E7A9A3CB8F50}\MpKslf41c3a3f.sys

15:36:49.0890 2884 MpKslf41c3a3f - ok

15:36:50.0061 2884 mraid35x - ok

15:36:50.0140 2884 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

15:36:50.0155 2884 MRxDAV - ok

15:36:50.0233 2884 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

15:36:50.0249 2884 MRxSmb - ok

15:36:50.0280 2884 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

15:36:50.0280 2884 Msfs - ok

15:36:50.0343 2884 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

15:36:50.0343 2884 MSKSSRV - ok

15:36:50.0374 2884 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

15:36:50.0374 2884 MSPCLOCK - ok

15:36:50.0452 2884 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

15:36:50.0452 2884 MSPQM - ok

15:36:50.0608 2884 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

15:36:50.0608 2884 mssmbios - ok

15:36:50.0655 2884 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

15:36:50.0671 2884 Mup - ok

15:36:50.0733 2884 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

15:36:50.0733 2884 NDIS - ok

15:36:50.0811 2884 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

15:36:50.0811 2884 NdisTapi - ok

15:36:50.0858 2884 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

15:36:50.0858 2884 Ndisuio - ok

15:36:50.0874 2884 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

15:36:50.0890 2884 NdisWan - ok

15:36:50.0921 2884 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

15:36:50.0921 2884 NDProxy - ok

15:36:50.0983 2884 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

15:36:50.0983 2884 NetBIOS - ok

15:36:51.0140 2884 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

15:36:51.0140 2884 NetBT - ok

15:36:51.0171 2884 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys

15:36:51.0171 2884 Netdevio - ok

15:36:51.0374 2884 NETw3x32 (f886500c285af271fdd33bf8ba7b32ef) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys

15:36:51.0421 2884 NETw3x32 - ok

15:36:51.0655 2884 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

15:36:51.0655 2884 NIC1394 - ok

15:36:51.0702 2884 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

15:36:51.0702 2884 Npfs - ok

15:36:51.0765 2884 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

15:36:51.0780 2884 Ntfs - ok

15:36:51.0827 2884 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

15:36:51.0827 2884 Null - ok

15:36:51.0874 2884 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

15:36:51.0874 2884 NwlnkFlt - ok

15:36:51.0905 2884 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

15:36:51.0905 2884 NwlnkFwd - ok

15:36:51.0936 2884 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

15:36:51.0936 2884 ohci1394 - ok

15:36:51.0968 2884 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

15:36:51.0983 2884 Parport - ok

15:36:52.0171 2884 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

15:36:52.0171 2884 PartMgr - ok

15:36:52.0233 2884 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

15:36:52.0233 2884 ParVdm - ok

15:36:52.0249 2884 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

15:36:52.0265 2884 PCI - ok

15:36:52.0280 2884 PCIDump - ok

15:36:52.0296 2884 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

15:36:52.0296 2884 PCIIde - ok

15:36:52.0358 2884 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

15:36:52.0358 2884 Pcmcia - ok

15:36:52.0374 2884 PDCOMP - ok

15:36:52.0405 2884 PDFRAME - ok

15:36:52.0421 2884 PDRELI - ok

15:36:52.0452 2884 PDRFRAME - ok

15:36:52.0468 2884 perc2 - ok

15:36:52.0483 2884 perc2hib - ok

15:36:52.0530 2884 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys

15:36:52.0546 2884 Pfc - ok

15:36:52.0577 2884 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

15:36:52.0577 2884 PptpMiniport - ok

15:36:52.0608 2884 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

15:36:52.0624 2884 PSched - ok

15:36:52.0718 2884 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

15:36:52.0718 2884 Ptilink - ok

15:36:52.0749 2884 PxHelp20 - ok

15:36:52.0765 2884 ql1080 - ok

15:36:52.0796 2884 Ql10wnt - ok

15:36:52.0811 2884 ql12160 - ok

15:36:52.0843 2884 ql1240 - ok

15:36:52.0858 2884 ql1280 - ok

15:36:52.0905 2884 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

15:36:52.0905 2884 RasAcd - ok

15:36:52.0999 2884 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

15:36:52.0999 2884 Rasl2tp - ok

15:36:53.0171 2884 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

15:36:53.0171 2884 RasPppoe - ok

15:36:53.0218 2884 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

15:36:53.0218 2884 Raspti - ok

15:36:53.0280 2884 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

15:36:53.0280 2884 Rdbss - ok

15:36:53.0296 2884 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

15:36:53.0296 2884 RDPCDD - ok

15:36:53.0343 2884 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

15:36:53.0358 2884 rdpdr - ok

15:36:53.0421 2884 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

15:36:53.0421 2884 RDPWD - ok

15:36:53.0499 2884 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

15:36:53.0499 2884 redbook - ok

15:36:53.0640 2884 RTLE8023xp (0e74171ee80a8640de564b72dbbb397b) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

15:36:53.0640 2884 RTLE8023xp - ok

15:36:53.0780 2884 s24trans (d4661148e44816b6501be8f4466d65b0) C:\WINDOWS\system32\DRIVERS\s24trans.sys

15:36:53.0827 2884 s24trans - ok

15:36:53.0921 2884 SASKUTIL - ok

15:36:53.0999 2884 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

15:36:53.0999 2884 sdbus - ok

15:36:54.0061 2884 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

15:36:54.0061 2884 Secdrv - ok

15:36:54.0202 2884 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

15:36:54.0202 2884 Serial - ok

15:36:54.0311 2884 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

15:36:54.0311 2884 Sfloppy - ok

15:36:54.0343 2884 Simbad - ok

15:36:54.0374 2884 Sparrow - ok

15:36:54.0405 2884 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

15:36:54.0421 2884 splitter - ok

15:36:54.0452 2884 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

15:36:54.0452 2884 sr - ok

15:36:54.0546 2884 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

15:36:54.0546 2884 Srv - ok

15:36:54.0561 2884 SVRPEDRV - ok

15:36:54.0640 2884 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

15:36:54.0655 2884 swenum - ok

15:36:54.0780 2884 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

15:36:54.0780 2884 swmidi - ok

15:36:54.0811 2884 symc810 - ok

15:36:54.0843 2884 symc8xx - ok

15:36:54.0858 2884 sym_hi - ok

15:36:54.0874 2884 sym_u3 - ok

15:36:54.0968 2884 SynTP (a6cc8c28d5aad4179ef32f05bed55e91) C:\WINDOWS\system32\DRIVERS\SynTP.sys

15:36:54.0968 2884 SynTP - ok

15:36:55.0077 2884 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

15:36:55.0077 2884 sysaudio - ok

15:36:55.0155 2884 tapvpn (27a2c318cd28cfb3eb2200fd96af1e58) C:\WINDOWS\system32\DRIVERS\tapvpn.sys

15:36:55.0155 2884 tapvpn - ok

15:36:55.0218 2884 tbiosdrv (7147b0575bcc93a6ab7d5c90f47c0b9f) C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys

15:36:55.0218 2884 tbiosdrv - ok

15:36:55.0374 2884 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

15:36:55.0390 2884 Tcpip - ok

15:36:55.0436 2884 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys

15:36:55.0436 2884 TcUsb - ok

15:36:55.0515 2884 tdcmdpst (cc1d7bc6a3632c55ee6d8877e9b936f3) C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys

15:36:55.0546 2884 tdcmdpst - ok

15:36:55.0608 2884 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

15:36:55.0608 2884 TDPIPE - ok

15:36:55.0671 2884 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

15:36:55.0671 2884 TDTCP - ok

15:36:55.0796 2884 tdudf (09aa3cf863793f92276b39e74878c386) C:\WINDOWS\system32\DRIVERS\tdudf.sys

15:36:55.0905 2884 tdudf - ok

15:36:55.0952 2884 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

15:36:55.0952 2884 TermDD - ok

15:36:55.0999 2884 TosIde - ok

15:36:56.0046 2884 tosrfec (cc069342ee0eae55b32a0ae99cf6185c) C:\WINDOWS\system32\DRIVERS\tosrfec.sys

15:36:56.0077 2884 tosrfec - ok

15:36:56.0186 2884 TVALD (676db15ddf2e0ff6ec03068dea428b8b) C:\WINDOWS\system32\DRIVERS\NBSMI.sys

15:36:56.0202 2884 TVALD - ok

15:36:56.0233 2884 Tvs (546dfba6486569120d33f7ad6e94efdd) C:\WINDOWS\system32\DRIVERS\Tvs.sys

15:36:56.0280 2884 Tvs - ok

15:36:56.0327 2884 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

15:36:56.0343 2884 Udfs - ok

15:36:56.0358 2884 ultra - ok

15:36:56.0515 2884 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

15:36:56.0546 2884 Update - ok

15:36:56.0686 2884 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

15:36:56.0686 2884 usbccgp - ok

15:36:56.0733 2884 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

15:36:56.0733 2884 usbehci - ok

15:36:56.0796 2884 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

15:36:56.0811 2884 usbhub - ok

15:36:56.0858 2884 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

15:36:56.0858 2884 USBSTOR - ok

15:36:56.0936 2884 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

15:36:56.0936 2884 usbuhci - ok

15:36:56.0968 2884 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

15:36:56.0968 2884 VgaSave - ok

15:36:56.0999 2884 ViaIde - ok

15:36:57.0030 2884 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

15:36:57.0030 2884 VolSnap - ok

15:36:57.0077 2884 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

15:36:57.0077 2884 Wanarp - ok

15:36:57.0218 2884 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

15:36:57.0218 2884 wanatw - ok

15:36:57.0233 2884 WDICA - ok

15:36:57.0296 2884 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

15:36:57.0311 2884 wdmaud - ok

15:36:57.0436 2884 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

15:36:57.0436 2884 WudfPf - ok

15:36:57.0530 2884 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk0\DR0

15:36:57.0686 2884 \Device\Harddisk0\DR0 - ok

15:36:57.0702 2884 Boot (0x1200) (a6592f2a48b0a281db0e2bf06cea5495) \Device\Harddisk0\DR0\Partition0

15:36:57.0702 2884 \Device\Harddisk0\DR0\Partition0 - ok

15:36:57.0702 2884 ============================================================

15:36:57.0702 2884 Scan finished

15:36:57.0702 2884 ============================================================

15:36:57.0733 0688 Detected object count: 0

15:36:57.0733 0688 Actual detected object count: 0
  • 0

#44
maliprog
Posted 22 December 2011 - 12:04 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi papa_A_D,

Except IE History issue, is there any other problem?

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#45
papa_A_D
Posted 22 December 2011 - 03:05 PM

papa_A_D

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Other than the net being a little sluggish, that's seems to be it.

papa_A_D
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP