Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

the "fake error report & shut down apps" virus [Solved]

Started by geekatheart , Mar 14 2013 12:06 PM

  • This topic is locked This topic is locked

#1
geekatheart
Posted 14 March 2013 - 12:06 PM

geekatheart

    New Member

  • Member
  • Pip
  • 6 posts
(i would appriciate any help and i thank anyone who is even reading this in advance)

So, I am freaking out and beating myself with a club because i was fooled into clicking on a link
(my friend's hacked profile sent me a "faceook camera" app)
http://tiny.cc/facebook_camera
*here is the link of the app, the download itself does nothing, but i wouldn't joke around with starting the actual programme...again >.<



My cheap-[bleep] antivirus (avast) blocked the downloaded programme, but I could tell that something happened to the system right away, some stalling and glitching... and once it calmed down (5 mins) it desplayed a "error report" on google chrome (was online)

of course closed it, started up chrome agaoin, same thing... CPU usage is non-exsistant, the error shows up immediatley... but google chrome was actualy functional-unless i click send-don't send report option, then it just shuts down immediatley
at that moment i did not realise the danger so i just kind of run chrome then put the error report window in a corner and kept on internet-surfing...

Next time i turned on my computer, did i have a surprise: EVERY single application/proggrame whatever theyre called is error-reported and IMMEDIATLEY stopped (not like before, now chrome is not working for example), again EVERY programme/app like my router manager, my soundtrek audio card or whatever, my "internet connection" built in manager, my everything... can't even open control panel without getting an error (although can access it)
(oddly enough 2 things work: my antivirus and an ilegal version of SW:Jedi Academy game- go figure)

Are you an idiot - you may ask... just use the antivirus... BUT antivirus shows NO malware whatsoever at ALL, and it ignores the fact that it blocked the app that gave me the virus too...

so there, thanx for at least hearing my story
Geek-At-Heart

Edited by geekatheart, 14 March 2013 - 12:11 PM.

  • 0

Advertisements

#2
Essexboy
Posted 14 March 2013 - 12:36 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi lets have a look see at the system

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    winsock.*
    /md5stop
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
geekatheart
Posted 14 March 2013 - 02:53 PM

geekatheart

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Wow, that was fast

ok, did it to the letter, here are the txt.'s

thanx for helping :)

OTL logfile created on: 14.3.2013 21:34:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Ivan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000081A | Country: Serbia and Montenegro | Language: SRL | Date Format: d.M.yyyy

503,42 Mb Total Physical Memory | 392,97 Mb Available Physical Memory | 78,06% Memory free
1,20 Gb Paging File | 0,99 Gb Available in Paging File | 82,19% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 15,80 Gb Free Space | 21,20% Space Free | Partition Type: NTFS
Drive G: | 3,65 Gb Total Space | 2,66 Gb Free Space | 72,88% Space Free | Partition Type: FAT32

Computer Name: BLOK-A6B504F92E | User Name: Ivan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.03.14 20:13:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ivan\Desktop\OTL.exe
PRC - [2013.03.11 21:09:37 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012.11.18 02:59:29 | 000,582,272 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe
PRC - [2012.10.23 11:17:40 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012.10.23 11:17:40 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010.07.28 16:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2010.02.17 17:25:12 | 000,152,064 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
PRC - [2010.02.09 14:55:52 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
PRC - [2008.04.14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.04.14 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dwwin.exe
PRC - [2005.11.11 14:07:40 | 000,090,112 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe


========== Modules (No Company Name) ==========

MOD - [2013.03.14 09:35:59 | 002,074,112 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13031401\algo.dll
MOD - [2013.03.13 19:48:16 | 002,066,432 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13031301\algo.dll
MOD - [2012.11.18 02:59:29 | 000,582,272 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe
MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010.07.28 16:34:04 | 000,022,424 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2010.02.17 17:25:12 | 000,152,064 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
MOD - [2010.02.17 17:25:12 | 000,132,096 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkLocalBackup.dll
MOD - [2010.02.09 14:55:52 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe


========== Services (SafeList) ==========

SRV - [2013.03.11 21:09:37 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012.11.18 02:59:29 | 000,582,272 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe -- (IBUpdaterService)
SRV - [2012.10.23 11:17:40 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.04.30 19:22:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.07.28 16:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010.02.17 17:25:12 | 000,152,064 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
SRV - [2010.02.09 14:55:52 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50)
DRV - [2012.10.23 11:18:34 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.10.23 11:18:34 | 000,360,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.10.23 11:18:34 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.10.23 11:18:34 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012.10.23 11:18:33 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012.10.23 11:18:32 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012.10.23 11:18:32 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.02.14 00:34:12 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010.06.23 17:12:50 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2010.03.02 13:52:08 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010.03.02 13:52:08 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010.03.02 13:52:08 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010.02.22 09:06:42 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.06.22 15:50:00 | 000,246,936 | ---- | M] (silex technology, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sxuptp.sys -- (sxuptp)
DRV - [2008.12.02 06:05:34 | 000,118,656 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008.04.13 23:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2005.11.22 14:44:22 | 003,804,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM)
DRV - [2005.11.17 17:20:12 | 000,037,888 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2005.11.17 17:20:02 | 000,060,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2005.10.18 16:53:00 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005.10.18 16:52:00 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005.10.18 16:52:00 | 000,242,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005.09.12 10:49:44 | 003,298,432 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51)
DRV - [2005.09.05 21:20:56 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1078081533-1580436667-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1078081533-1580436667-1177238915-1003\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1078081533-1580436667-1177238915-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3220468
IE - HKU\S-1-5-21-1078081533-1580436667-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Ivan\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Ivan\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)


[2012.12.02 15:41:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\extensions
[2012.12.02 15:41:09 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Ivan\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Ivan\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Ivan\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: EA Battlefield Heroes Updater (Enabled) = C:\Documents and Settings\Ivan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh\5.0.199.0_0\npBFHUpdater.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Ivan\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U15 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - Extension: FaBo = C:\Documents and Settings\Ivan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\abfadojjifciggpfkkelnfgdgpggccca\1.2.5_1\
CHR - Extension: YouTube = C:\Documents and Settings\Ivan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Battlefield Heroes = C:\Documents and Settings\Ivan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh\5.0.199.0_0\
CHR - Extension: Google \u043F\u0440\u0435\u0442\u0440\u0430\u0433\u0430 = C:\Documents and Settings\Ivan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Gmail = C:\Documents and Settings\Ivan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1078081533-1580436667-1177238915-1003\..\Toolbar\WebBrowser: (uTorrentControl_v2 Toolbar) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe File not found
O4 - HKU\S-1-5-21-1078081533-1580436667-1177238915-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 3518887414 = 50 4B 03 04 D5 45 F2 60 F6 F5 BD D1 98 17 00 00 00 50 00 00 86 87 59 DE 0D 38 6F 5A 8D 9B 08 42 FE 93 3C D0 49 37 40 E3 B2 AF 97 4A 32 9C C8 EA C5 52 2F 50 DE E1 47 63 15 72 F2 70 08 0E 76 22 47 46 DF 9B 0C D8 04 1C 90 B5 DC D1 F7 F7 28 BC 2E DE 42 4A 05 87 0E D5 B9 41 05 4D 5B E6 2C C7 25 9B DB 67 23 69 D6 89 47 20 91 A3 8F 11 CB 36 A6 26 C1 66 1B 12 49 BE 7A E0 A8 AA A9 95 64 A1 7F EC 91 D7 0C 6F 6E 09 63 36 90 C9 0A 5D 6E DA DF 19 7F 04 B7 EB D6 2E 2E 8D E2 83 CA E5 AF E7 B4 54 B2 AC 36 0F 39 22 20 27 05 7A 63 92 B8 65 A4 59 B4 22 6C DE EB 32 6A F9 25 C6 22 E1 28 06 0C 1E A0 14 C3 FF 11 6D 8E 85 7C 3C 8C 6F BC 14 6B 28 27 12 FE F6 06 2F 31 78 E1 2C E9 0D 2B 20 C2 2C F0 14 8F 85 E3 E4 2B A1 72 BE BD CC AE 41 86 7C 7C E4 DA 60 45 55 E6 56 E3 27 34 CF 19 C3 F6 00 5B DB 52 76 55 BF F8 DD 6B 4E D1 64 52 1E 66 87 76 F2 80 D0 5B D7 3F 7B 31 F2 60 06 8A C7 34 31 CC 67 ED 04 9E 20 88 25 C4 7B 48 E0 11 C4 AB B4 54 26 0E B0 40 90 28 55 1D C8 1C 13 5B 7F 71 14 86 FE 72 85 96 32 2F CC 50 3F 63 0B 01 05 11 59 82 35 6B 08 A7 97 8A AC 5A CF 15 EE 78 D2 8F 0B 03 07 04 1C E8 77 67 EB 09 F3 50 D0 33 68 F4 0B C3 3B A1 EB F8 3B F4 D4 1C CB 98 C5 79 E2 F3 B7 49 FD 6C E6 D5 CD A0 13 74 03 AF CB F6 A0 0C 3E B0 2E 20 6E 23 99 FB 58 99 47 19 91 33 AB 39 6A 31 B6 06 35 FA A7 08 37 C6 46 53 E7 F8 DC 8D 70 C5 42 46 70 60 AF 2A DE 54 21 DE A7 A5 FC 42 5D 5A 8B B6 29 D9 17 2F 07 7B 40 59 DA BF 5C 13 5E B3 5B 17 D5 1A CB C9 DC 28 C2 45 06 58 81 AE 43 17 F9 7D 38 C7 F6 74 E3 AC FF 70 06 92 1F 27 1E B5 B4 5B 2D 83 C4 27 3F 43 EC 38 C1 85 13 4C B3 83 BB FC 5E BC 2A 3D 8E 80 12 DC BC 54 EA 24 A5 C0 C6 AD 79 0B 21 61 E0 42 F3 45 18 07 AA 33 19 7D 0E 5D F7 CF D2 9C 03 D0 84 5D A5 8B E2 C6 A3 0F 88 81 88 E5 F0 70 26 AE 95 E2 3B 50 3A FF 5A 90 0F 35 06 44 E0 C3 40 6F E0 7E 2E 05 C7 24 ED 27 4D 16 D3 6E DB 55 D8 75 68 07 3D B4 FF 41 AA D0 4E FC 38 C1 9D 9E 53 F5 42 64 88 4F 4F 02 E7 1C 62 06 DA FE 15 37 48 18 CF 81 BA 88 BC 07 60 FA C6 7F 13 07 78 10 2E 2B 97 5E A5 BD 8C D5 C5 F9 D0 64 94 82 D2 2D 3C AD D5 49 59 9C E7 58 99 D6 4E E8 E7 64 A7 76 46 93 6A 0C DE AA 80 21 E1 CF C2 83 61 F1 D8 61 40 7F A0 97 6B AF B7 21 D5 6C 9F 08 C9 5A 8C 39 70 4D 73 E1 4E E4 BD ED F8 AE E2 6F 55 DC B1 D6 82 90 DB 8F 34 CB FE F0 DB DA 02 D0 8A EE C0 AF 62 B2 75 E8 45 90 31 49 F6 A9 86 9C FC F5 61 A6 9D 96 B3 05 84 A3 45 A7 18 37 71 2E 6E 75 92 45 E7 8F 3A 8E 6C 61 C1 A3 05 39 A4 5D C0 74 31 77 2D B9 64 5E 3F A6 9F 08 57 25 37 B0 CF DC F8 1E B6 8F 02 8E 68 3A E4 EB C5 F0 45 8C FD 68 4B D0 9C 0F CB 7A 8C AD 62 A6 CA 70 6F EF E4 DB CD FB 8F 5B 07 41 5B E0 6B 2A B1 77 72 01 23 07 58 AD CE 59 B7 E1 C5 75 09 86 B8 04 CF C5 A1 C6 3E EC AE B3 75 DB FA 2B 39 93 E7 7A C4 5F 82 12 9B BB 1C 0A 44 C0 72 94 16 3F 54 EE B0 B9 CC 9F C2 C6 9D F6 D7 59 63 AC 38 0C D4 5A 4B 90 3A 46 28 A1 46 D3 59 FD B5 0F CD 17 AE 52 0B DA 53 6C BE 3E 24 AB F7 6F E8 87 62 A5 15 16 4F B9 74 32 28 93 DF 47 62 12 44 00 8D 2C CE 47 12 3E F4 06 1D 50 0C 34 E9 1C 92 D3 9C EC 4B 02 42 EF 02 75 5D C3 AF 0F 2E 8C 49 53 7A 31 71 8D A3 8E E7 7F 35 51 65 BA 35 26 4E 1E 5D 18 41 72 1B 01 5C 73 3C 20 2F 88 5A AB 60 C8 AC 42 F0 5F FC B2 1F B2 6F 55 B4 23 FB A8 AE B8 6A CC C2 D0 37 84 AF B9 DB 84 CA 6A 4F 8E 02 D5 BC 95 8E 5C C7 80 FE 41 BC 27 CC 06 B1 28 8A 00 06 EF 95 70 17 5B D1 D0 96 C5 59 C2 20 C9 88 CA 68 22 97 48 CF 76 BD 36 5B DC 55 19 C4 36 43 D8 93 D5 54 21 D1 A1 72 CC F9 04 6B 8F 47 EC DE 9D A9 C1 8A 4A E3 6E EE 52 A0 61 38 71 68 BA 1D A1 7A CD B8 37 11 93 E5 64 77 C2 82 83 31 CB 30 A1 90 CC AC 83 B3 40 0E FA 09 B4 59 36 6B 71 31 59 E5 E6 6C A6 48 09 49 49 63 12 34 7E 77 BC 0A 0C 0E DD 7B 53 33 2B E1 FD 07 1C AE 05 3A E0 00 D9 70 A8 C4 3C 01 B7 9E 48 3F 4B 7B 25 FF 4C 0F D3 10 65 52 75 5A 66 C3 C8 91 AC 71 81 23 AB CF 09 A5 B6 27 B2 4E CE 1C 68 09 49 71 91 9D AE AF 59 3E 8D 48 E4 02 36 05 F2 96 18 BC E4 8E 45 75 AE D6 73 D2 52 9D 46 17 E4 7F 1F C9 6D A8 05 4D AC 4D 25 6E F4 71 15 58 E1 38 5C CA E5 28 AA 6D 34 F5 AE D2 85 BD 43 B1 1B DC 7E A4 84 20 C3 4E 9A 8A 6D 20 B6 6A 05 0C 5F D9 2C 39 ED 78 85 74 8E 53 0E 64 3F D2 D0 4D 61 F0 4D 36 0D A7 E0 0D 1A 9E 92 ED BB 8E B5 8B 89 EF 6F C1 99 D0 CF A1 36 6B 9A F1 88 39 B2 BB DD 9C AA D1 1F 75 4D 8A 4E B2 7E 8F 0E 5C 1A 9B F6 EC 7F 4E F4 5F 52 02 11 BC E0 14 AF D4 DF 03 E9 03 01 3A DF 99 41 B4 71 2F D0 AB E2 D5 BE 25 56 C8 DF 18 09 4F 0C 58 CC A0 FF 09 17 CF A0 A8 FE 23 A1 42 15 FC F1 99 92 F8 38 C1 E9 08 57 F5 87 90 2E E3 8D 41 1F 1E F1 41 64 19 91 28 B9 22 CD AC 71 21 C1 2F 76 21 C2 7A 27 C6 4F 43 81 12 1D 07 EE 84 F2 DF 7A 2D 0B 99 28 E7 CA B5 F9 8C D3 62 EA 40 B4 1B 3C 5C 76 63 FD C4 87 DA B4 3B 5D 27 6E 65 02 A0 D9 87 87 65 3F 61 88 55 CF 74 AA EC 69 60 AC 86 7A A4 71 0D B2 91 0D EC 73 D2 46 CC 88 1F CF E9 3A E5 81 30 32 A4 BC FF 0C 0B AC 11 F7 65 81 31 92 83 9E 02 E4 4E 3C 02 14 A5 0B 72 8F 4A 84 3F 12 82 81 EF 84 05 54 25 DE 9F 95 82 00 53 6D 07 60 FF 2F A6 1A 08 D2 B7 01 42 52 54 DF 99 09 D6 6C 1D D5 21 B2 66 A1 28 5D 92 68 5F 5D 27 28 D8 27 1D FB 33 89 FD 4E 79 7C 9E E1 25 98 DE 6C 6E 3D E0 83 29 99 09 59 16 C1 F7 8C E9 7D 55 22 AE A5 53 55 05 5D A4 10 C1 76 92 09 3D F4 38 2C 01 41 61 AB 09 B6 46 D7 34 0A 2B 66 79 B9 F3 3A B8 8A C3 B7 2F 65 D4 52 05 21 5F F8 61 BE 84 1A D7 A3 51 2A 08 32 78 91 5D E5 5B 6B F9 37 14 B7 07 1D 0B 3F 81 DE EC 68 EC 8C DC C9 C7 34 C5 C5 51 FF 41 2F 31 EF 8B 16 A0 5D BC 4B 68 8D 3A 2E 60 96 70 1F CE 68 35 82 4E EB 74 B9 80 AB E1 E3 D6 44 6E 1E E9 86 56 6F 07 79 4F C4 44 74 2C A9 37 B8 33 D5 DF 76 0B 62 7C 1A EC B9 D1 85 4E 19 C5 0D D6 54 EC 4A 04 98 F6 05 BC 26 AE FD 42 01 88 24 9C 7B 98 02 CF 6D B6 39 9E A7 78 5F 20 F7 6B 97 F3 50 2A 17 E8 2F CD 7A F7 C8 96 2F F0 DD 70 19 44 74 7A EE 8F 87 66 0C E6 D2 E8 BB 69 DD EA CD D7 43 E8 41 A4 AD F6 29 1D 89 13 72 01 67 87 CC 17 B8 12 49 5E D0 ED 41 F0 28 B2 46 F1 38 F1 4C 11 CC 6B 1D 69 63 CE 57 85 5D 48 BC 48 BF 30 AA E9 E6 31 6C 56 F0 72 A6 90 F7 5A 42 36 18 65 CF C4 11 B2 57 75 F6 58 97 39 70 E0 A9 70 E0 9C 5E F9 9A 73 8D 24 5F DE C7 05 2D 51 B8 49 41 1B 8D E4 B1 2E 2F 94 13 BF 2C AA C1 4E 7F 36 1E F1 B6 30 7C 9E F6 96 D0 4E 7A BA 8C 3A 81 0E FD 3C CD C3 FA 56 EB 7D A3 D6 E1 CE EF 44 71 57 84 85 C3 00 61 32 48 30 1C 3D 6A 3A B3 95 4F BD 1B C7 4C 09 BB C1 CB F0 28 35 0F 62 BA 74 5B 91 80 E8 55 1F A6 FB 5A A7 B6 1E FD FF 44 4F F4 36 79 DF 3A 2F 22 1E 22 65 56 AB B9 2F 0C 65 A6 2E 08 F0 DC 15 95 C3 0E 8D B6 78 5D F7 7B C4 E2 8E D2 5F 10 2E 54 B7 FE BE DE B4 00 82 D4 66 DD 5E 44 AE 4F B6 42 1A FE 5E 52 2E 6F 81 3B D6 50 5C 53 5C 84 11 DF 30 57 BE 98 0E FD CD 4A 5C D4 70 C1 E1 3E 95 FC 95 D2 B6 23 41 82 68 DC 76 78 89 80 94 83 CF A9 47 41 61 05 57 F4 CF C4 54 82 C1 AD E6 F6 16 72 60 3B 58 48 D7 56 5B 23 C7 F6 A4 46 17 6E 3D 01 03 B7 67 AC FE 36 F7 E0 11 DD 92 AB 2F B7 08 D6 B3 C5 39 16 5F A0 D8 00 B0 89 1A 72 64 6B C9 8B 60 5A 17 5F 73 42 F1 DF 1A 9A E4 46 3B 4B 1D 2F 0B 00 B5 83 34 EC DE D9 29 95 D8 8D DB 72 A5 A0 86 AE F3 CF 5D 94 02 DF 4A 58 E4 59 84 E1 8F FD 93 CE 6A 56 B7 69 A8 36 E2 4A BB 88 AD 11 23 F9 CE 1C E2 F8 6D 30 DA 8B 80 30 F4 DA 8A C5 A7 7D B7 81 A2 F0 FF A1 02 4A E6 2B 13 46 6C 94 96 80 AA B9 19 14 3B 66 E1 D0 8C AA A4 53 AE 50 B5 A4 22 FA E0 FB A2 EF 48 BE 9B 57 94 0C 5D F4 E2 76 61 62 2E 7B EF EB 61 D6 49 92 C9 3E 9E 7A D6 87 59 21 93 B7 27 F3 FD 5D B5 E1 53 F7 5F 91 88 B3 58 DC BF 8A FF 86 B0 18 C4 62 01 54 09 BF B9 B2 35 B9 58 A4 EF 96 FA B0 AA A2 34 3A 60 33 D2 AE D6 D8 1D DE 43 25 76 2D B2 B3 5E 52 D2 78 F1 4C AD B7 22 6D ED CB 99 0E 59 06 D0 ED A7 FC 16 BA A5 FD 78 DF 86 71 BA 25 E6 3D 16 05 76 98 FD 67 C5 24 04 FF E0 1F C9 76 CA A1 74 C4 2A 5F 91 9E D5 AF 55 8C 26 BC FF 66 32 26 94 EB 92 38 21 8B 8B 82 0D 2B A8 94 2B 56 A0 09 B9 17 94 E9 FF 31 A3 9D 56 34 8F DF D2 68 ED 5F 38 E8 56 AD 03 52 8C 2F 6B A1 B2 1A E1 FE B1 D9 60 AA DF 03 5F 10 F8 78 F2 E8 49 57 CB 74 47 E3 09 90 FB CD C5 2B BE C4 63 A0 30 8E 27 CB 4D 46 D8 37 CC B5 E6 F3 A3 48 73 B8 55 A7 51 23 56 6D B3 47 59 DF CB 99 B1 39 7D 4A 4E 62 86 4D 14 62 88 B5 4A A5 45 20 46 79 76 2E 6D 30 29 83 67 6D DB 74 33 E9 78 95 91 C9 35 44 DE 11 07 83 42 63 37 A7 4B DA 68 0D 8D 25 B1 97 38 51 2F DD 40 34 B8 D5 83 6F 38 C6 77 F0 5E 4E B4 FF DA AA 06 DC A0 C1 D2 D7 DF A7 FF 5B D6 49 52 28 59 E6 87 13 88 D1 7E 02 92 6A 28 50 82 C1 0F 82 EF 16 B7 10 88 B0 C6 36 97 8A AB AF 2E 6F 5B 1A 7F 23 B5 A6 53 99 17 24 D2 20 3A 23 54 01 F1 28 8C 18 7F C1 7D F3 68 91 78 CF 67 AC B9 91 19 C5 9F 8D 77 FE 54 0B 4F 79 22 62 F9 A4 A4 4F 97 20 93 28 06 75 C1 49 0F 5F 40 18 20 23 3F E8 F3 40 C4 6B 50 41 86 9E 5C EE 18 FF 56 D3 4A 71 45 56 97 E0 D5 EA E2 E3 64 4F 6C 5C D6 38 0A 34 0C CD 23 E9 0C 74 75 EB BE 4C 2E A3 41 B6 0C 61 0C 9E BD 64 6A ED 7B DC 5B 76 E4 19 AF 73 2B 15 63 4A E0 70 1A 30 16 F0 AF C5 96 B0 B6 0F A0 95 BF 14 A0 96 CE 16 80 4E 39 5D C8 C9 B9 1B 11 6C F9 DC 11 20 45 06 89 AB D2 89 B2 BA 4F 69 C2 BA 2A 9E E1 51 E4 7C 84 1D 11 89 A0 58 34 BD 09 24 15 FE 82 7E 15 BD 63 75 52 BE 42 6F 73 F2 D2 F6 37 C5 FC 47 DA 11 F2 ED B6 1E 2E 80 9A A1 6A 1D FB 40 CE 58 06 0D B7 56 13 BC 32 0D D1 88 C6 02 DC 34 31 67 69 07 E2 C4 CC D8 24 26 DD 3B 21 8E A0 1A F9 3A F6 EB 12 1B 0A 32 E3 DC 4D 6B 1A 88 AD C6 92 8B 86 E7 41 6B 25 B4 74 AE 12 B3 96 A8 DC 57 D3 88 3C 63 AF 88 03 50 79 21 77 50 C7 E7 B7 3C AF 7B D2 D1 AD A5 B0 43 13 B9 F2 5B 09 07 02 6F 8B E2 F4 41 D7 A3 B0 F2 DE D0 C2 4A AD E8 54 6E 2A 82 DC 6B 02 A2 97 9C 70 80 1E 4A 6A DC 95 45 89 56 CB 40 20 EE 7A 01 CC D5 AC 3E D4 17 8E 4E 26 14 BC B7 43 C6 FA 8D 00 85 92 E1 2C FA 42 43 BC E1 6E 0B 61 8E F8 F1 36 DB D6 2A 66 43 B7 15 13 36 D1 AE 27 61 65 3B 82 65 21 58 6D E8 9F 85 C5 93 0A 61 73 B1 07 71 C2 3E 12 6F 17 95 73 F4 22 87 E2 66 1F 24 49 DD 79 ED A7 FF ED F9 D7 02 DB A3 1C B9 B6 AE CF 1B CF 5D 6E A4 DB 09 88 35 1D 81 FB E3 89 19 FE 8F C6 0E CB 54 7E 0A C6 46 E6 F4 DB 41 94 D2 1C 2E 84 B0 DC CA 75 83 73 15 E3 97 84 04 5C B7 6D 2F B8 5D 3C 43 38 8D E9 30 31 8B 6C 49 F7 5C 04 E2 6F 99 77 2A 38 48 2E 15 AB A0 52 F6 B4 1F F4 A6 6C 03 22 FA 04 D0 55 01 C5 09 86 DC DE 4F 81 1F DF 4D 7F BB 41 92 FF 3D AE BE 31 95 5B 90 25 1D 00 4C 43 C0 F7 64 98 55 92 53 5C FB A0 73 EE E5 4F 77 9D 5B FA ED 20 90 32 0D 68 5D F2 5E 78 E9 30 17 AF 47 A1 17 62 9B 20 77 34 A3 41 57 2D B4 47 90 E7 DE 8F 24 7F E3 D5 EC DE 57 FF 82 F8 2D 93 00 7C A2 A9 C9 A3 5A C9 BA 17 41 16 7B C5 3F 54 C4 D5 6E E7 25 BC E9 A8 AA 87 93 54 7B F0 8D 72 34 31 1B 13 07 A0 4B 6D D7 7B 3A 3E 60 FC 13 1F 24 EF AD 9A C3 22 7B 18 5C E5 C8 3E 69 60 41 AC 62 A5 55 3E 21 68 B6 4C 5F C6 6B 96 D3 44 84 3A 9C 79 E1 94 D8 0C 9C A7 EF 54 BC 3E E8 7F 46 92 FB 5F 66 FC 76 03 1C 9F 04 B0 51 64 C0 01 D1 FC E8 33 5F 06 7A 2E 2E D1 4E C9 E6 1F AD 9D 65 A3 56 8B D1 30 C0 D9 46 4D 31 9F DC 5C B7 45 82 B6 C9 0D 2B F2 7F 2B 12 A8 AE CC AF F4 85 17 E5 47 8A 27 E2 35 A5 7E A0 9E 1B 9E 69 C1 A3 FE AA 94 20 DF 37 C2 2B 11 3C 80 BB B3 39 5B 6E EF C5 F6 AC DA 96 A8 2F 10 98 99 58 97 CB 2D B2 F1 64 E8 97 9C 71 AB A8 F4 2E E7 6E 00 CC D9 96 6E 2C 0F 22 D9 D4 9B CE 98 DC 7A B8 44 53 0E A7 C4 7B A7 C8 1B A1 D8 5C A9 30 A9 F9 7C D1 BE 28 9A 16 21 C7 55 58 06 8E DD 4B E3 F0 EB DC 5E 05 4F 54 F5 54 9A 90 C4 81 96 E0 D2 17 5D 2A 21 FB 46 03 54 64 1A E8 AC B5 D7 89 23 6F 3E 37 A4 A6 86 EA DD C5 B4 41 DB 62 CC BE B0 F4 3A BB 3B 3A 71 C2 17 8A 9A A2 60 C0 E8 9C 3F A8 5C 34 D7 CD A6 D8 FC 4C BE FF 58 35 75 52 4C 69 94 0D 9F 51 6B 2D 4E F6 14 24 54 0E B4 F9 49 45 AA 39 15 91 AA 5F CA A4 D4 1A E4 4A A8 7A B9 1B 24 4E 79 A6 8A 2A 17 C1 0E D7 28 16 2A 33 C5 E6 A2 D2 7A E7 F2 0B F2 77 17 E5 ED 6C 8D E4 09 4D 89 1B 8C D7 0B 24 5E 78 4B 2C 04 65 87 1C 13 4F BD 15 23 AB 4C 4E BD C6 46 AC BD 41 E4 E2 C2 11 32 2D EA 33 80 2F 36 D1 A2 5F D0 BA D4 0E 88 DF 8C 2F E4 31 B8 A6 77 A4 73 8A EE D3 4C 58 B1 2F FA 75 CD 22 79 DE 5C F8 42 BE 6E 14 47 30 7F 91 FF 49 7B E9 8D EE 1A 6E 03 48 77 5B E1 91 61 07 BE 78 F7 05 B7 29 06 F4 73 19 3D 7A 8E 13 1E DE E2 1A FF AD 80 9E 2F 3B 84 09 2B 69 0D DF 56 21 3B B9 2E 45 D8 81 8F 4A AF 4F 81 63 5F F5 E1 68 1A 60 E3 80 5D AE DF 23 7E 3D FE 2F 72 9B 86 B4 C0 BC C4 83 0D 54 69 A9 85 E2 82 44 62 F0 D0 C1 3F 27 C4 58 3A 2F E9 CE D0 50 40 85 28 DC B8 8F 90 E7 BB 02 59 FE C5 54 D0 48 AB 0D BC FE 95 E0 6B AC C6 41 9C CF B0 60 C9 BD C4 3B EF 22 B0 DE CB E1 85 12 8C 3D D1 D4 87 CC 58 BF 72 C8 9A 9B C1 68 47 7C E8 FA 42 1E 69 F9 BD 02 B7 A0 CA F5 4E A2 8E 56 2F 45 98 45 D8 51 8A 99 29 38 28 9E A6 46 2B E1 6E BA 85 55 71 3C A8 26 37 6A F8 A6 B9 A1 23 E3 01 56 5B 6F 4B A5 9F CF D2 F7 01 73 27 0E B7 F2 96 D2 66 B7 2F 33 DA 1D D0 CF 9E 62 1E 11 25 2B 9E 71 2A 20 D4 C9 DE DE CF 6A F7 08 29 D3 EC 2E 13 08 00 4F AC 98 1C F5 CF 04 0A A4 C9 F8 73 14 88 42 99 F9 A7 A2 CA 2F 52 9B 57 EE 10 C7 48 13 3C 31 75 F0 F7 DE 45 A9 F9 52 85 86 AD 22 8F 68 AB AE 03 DA CF BA 90 36 F7 30 38 04 3D E0 A1 48 49 42 89 06 81 06 A0 14 73 9A BC 1F 87 52 43 43 DE 28 10 59 F1 E6 4C 7B C9 0D 05 38 E8 79 B7 FF AC 56 8C 79 DD 05 1A 0A 9C 9A 2E 73 76 99 D2 49 69 1A CC A1 69 D6 B8 56 E3 FC 7D 98 CB 26 30 FF 6F BE 3B 35 38 F9 18 F9 3A 50 E1 5F EB A0 59 0C DD DD 19 9E 51 19 28 83 12 FE DA B8 3F 79 2E E0 E9 DB D8 57 81 AB 49 3B FE 7E 5B 91 E4 2F 9B E3 A7 95 D3 B7 D4 59 E3 B7 91 CB 30 EF 99 63 12 25 BA 95 5E FB 0E 85 99 B1 17 23 54 69 FD D2 5E 91 75 C2 94 98 A9 39 16 9C 7D 77 9B 9F 0E 79 24 42 B2 1B 92 CB 07 B5 3F C5 14 96 BE 4B AE BC 7F 99 EB 9A D6 69 67 34 EF 1B 1D 8C 2A F7 42 5C 0D F2 AF 4A 20 63 BB 2A 06 64 E3 F2 86 B2 C8 B4 94 28 35 E5 8A 30 AE 4E 73 F5 BB 98 B3 12 B1 31 6C A3 01 2E 25 97 9E 73 89 CA C5 6E 64 92 FF 78 A2 BA AB 81 AF 06 9A 4E 86 B4 35 C5 F2 BF 70 9D BC C5 49 F6 CB 1D 24 E7 2F 78 C6 99 58 3F 32 D4 6F E0 CE 4A 1D 2C CC B3 DB 5D 05 B7 43 3C 70 F0 9A BF CC 86 9F 60 59 C7 56 9D D9 EF 7C 34 96 8B CF 15 F6 C6 F0 82 36 74 01 E8 C2 21 4F 03 AA 49 4F BB FA 06 1B 27 04 E5 BB 0C B8 1A C7 78 05 29 2F 6D 23 5E E7 EF 5D F1 FD 77 45 C6 F8 C6 0C 03 F7 53 BD 1F 4B BD 46 F2 72 98 7C C6 52 B0 3F 58 53 86 AD C5 5D AF B6 B4 E3 3F 51 D9 B2 41 C3 AD 7E F6 F8 64 16 74 4B ED 7C D8 C9 43 03 D1 16 C7 6B BB FF 86 E8 70 ED 2A D3 CA DC 6D 5F 4D F7 7F 64 7E 7C 1B 19 D3 04 5F E6 C0 C1 80 FD D5 8F 9F 7F 86 FB 78 43 C5 90 04 87 7A EB 7F 19 3F 23 AC 1D 59 51 19 56 DE 7D A2 A9 93 6F 16 D7 63 12 B6 E4 83 4F 21 ED C6 B2 51 17 CE AB F2 BD E8 62 3F 3D 2A 04 9F 89 0F 4D 1C B9 57 2C 47 E6 A8 07 E6 FC 53 0F 5D CD 5A 53 BF CB 96 BA F2 42 C0 60 E3 1F 5D AC 87 F5 89 3C 10 A3 F1 18 05 85 75 8C A2 35 C7 E4 F3 74 C5 08 B2 57 0F ED 46 EB 04 5C AA B2 60 96 19 00 16 E5 5B 45 58 1B B9 D9 66 2B D4 6A 04 A0 B6 20 37 61 A0 63 AC AC C7 03 18 B9 29 8B DB 5A 34 05 5F B3 69 A2 03 FA 65 59 21 8A 00 33 9D 7F AE AE 0F 86 CD AC 13 64 DE DC BD 49 C3 A9 8B 4A AD E6 13 1D 99 6E BD 38 37 41 88 34 3E 2E 43 DB 2A CD 06 F9 09 FE 52 DA 9E 60 ED CF 70 27 9A 1A 07 54 AD F8 2B 2E 22 94 22 B4 F1 84 35 2C 1D FE C3 F1 B4 8F 54 11 28 74 37 3F 60 BC 59 DD BE A3 4C 6D A4 36 19 5A E0 E1 F1 EC 65 2C 2B 2E A5 62 48 67 B8 5A 28 25 F2 25 E8 F5 06 3C 52 8B A5 59 40 B0 37 1F 86 DF FD B9 24 71 4F 2C B7 62 C0 52 98 27 38 61 67 78 37 91 71 BC D1 C7 50 E9 FE 2F 23 2E 26 7F EB 96 D7 86 67 13 46 F9 13 3A 0E 5A 76 D3 12 4A 52 05 4A D5 C9 97 7D 02 9C EE 5D 00 A2 B2 DE 3C 40 5E 4F 82 DD C1 C9 F8 77 89 9F FE 96 84 4C E9 62 26 C4 0A D2 1C E2 7B EB 1C ED 9C 34 5C 44 47 CA 26 65 A1 B3 78 5C 99 71 43 BB 11 D2 DC 75 9E 55 B3 17 1B DA C1 9E EF 7E 55 84 4F 8F D3 A5 14 B9 4B 40 6F A2 61 41 3A E4 7A 5E 70 D1 94 1C C9 D1 F3 FB 5C 72 3C 7D 81 4D B9 16 E1 D4 4D 9A 06 CF F0 69 E8 7F 2B 3C F6 59 8B 90 00 A3 AA 75 DE 21 ED 83 0F 80 48 2E 40 97 C1 EA 33 CE 2D 81 94 53 20 87 E1 98 2A A3 85 89 18 76 D8 14 B6 8C D1 8D 73 84 24 90 3E F3 A4 95 6D 43 48 B8 2C 4B 49 8D 9E DB 4E 6D E2 AD 24 AD 97 99 48 EE 9E 8B 33 0C 44 1D 30 6D 24 62 D4 4E C1 B9 D7 2C D5 6D 28 96 3E 25 A0 FE FA D9 E3 D1 16 DC D0 C5 21 AC D0 F8 52 C2 D6 EB 84 7A 4C E6 3B 58 D0 D0 82 0F 49 D8 97 68 7B 64 E1 12 F2 B7 A6 D0 B3 01 03 05 0C 30 AE FD E8 4E C3 00 99 36 DD 7F 10 30 52 17 DC 1D 18 22 50 FA 4F 1A FE 82 A3 F8 3D 56 3B 4D CA D1 00 DC 8D C4 7C 1B 7B E1 A6 0F 32 A1 10 9B 28 A2 C0 BD 39 61 0D 49 22 31 15 AF 1A 33 29 DB B3 E0 65 AA 51 3C DE 4C 5D 22 B0 BF DE F4 89 50 C5 19 AC 95 E0 3E A1 42 60 58 8C 17 37 94 8C 68 83 98 35 3F 62 65 1E AC C2 B3 9F 56 77 D7 42 F5 FF 61 B1 F1 F2 10 F1 68 DB DF 87 5F 73 33 3E DF 5C 38 C4 E9 1C 65 2A 2D D4 1A 0C 83 FB 6C 91 31 C3 D0 6B 7D CB 95 BF 6E 6E 7C 3A 45 0F BD F2 3E 27 40 98 C1 9D 53 63 3A CF 7B 6F C9 D7 4F 79 FE 29 B0 DF 90 9F 65 51 94 56 16 76 1C 30 3A A8 B5 C2 FF 6B C0 0B 92 76 CF C2 00 3B A7 09 69 C4 55 1A 4E A1 0C 37 1E A8 A1 B1 43 01 7D 79 A5 99 5A BF 0C F6 45 8B 6F B4 26 FC 81 81 A4 FF 4A 55 C5 7B 5A 0F CD C9 C3 3C 3E CB 09 44 83 62 2A 3E 8B 14 A2 6B 11 55 C7 08 6D 8B D2 25 FE FE FF 36 4A 28 7E 66 1A FC 13 F7 70 83 69 9E D3 E5 20 E0 3A D5 3A 98 FF BA 6C DA 35 73 E5 C5 10 96 EA F4 75 CE 3E 12 97 62 5C 8C 81 71 F4 45 8C 7B AB 0F ED 53 5E 9A AF 0E A6 15 F4 5E B3 A2 D0 35 28 0A 2F 8A C4 2F 86 46 53 79 A8 0E 82 79 53 AF B7 37 A8 CC C2 9A D3 41 B4 C3 31 08 95 04 6F 99 EC CA 1E B9 19 67 9F 2D 5C E6 F1 FC BE EF F0 83 5B CD DB FE A1 DF 7B BB F0 3A A7 50 B8 C4 64 37 F2 DA 5C E0 79 86 9D F9 75 86 F5 2D D4 2B 4A 29 2E CF 9C 0B 96 AE C7 92 F2 91 65 35 71 37 31 33 FF 3D DD E8 5E CB 6D 4D E2 F3 49 E7 1F 89 3A F2 FA 42 A6 8F E1 9A 5B 02 E5 BE 78 1C 03 53 12 D9 12 90 6E 6F 98 0E AB 54 54 29 72 67 73 75 F5 FA 6A 63 16 4F F6 07 B2 6D 43 5B 90 3D 68 17 98 63 F0 2C 3B E9 CC 56 37 3E 8A 54 C7 B2 34 92 96 C8 5C 3D A7 A4 8B F7 7B D4 B5 A0 77 61 EB 7E D8 80 E9 F4 BF E1 94 99 71 BA 35 BC BD 28 05 F6 1F 57 2C C2 09 E4 BE 34 F6 A7 81 A5 A2 A7 9E 72 8A C6 FC 7E 51 6F F3 42 B3 80 37 63 30 88 4F 64 55 22 75 A7 A3 02 45 46 33 26 67 2F 56 FE 04 F5 60 48 C6 45 01 D6 0F FC 30 9E 99 76 FE F7 93 1C E6 71 EF 69 63 DC 01 5D 56 C3 08 2C 92 30 AE AF 70 72 53 3D DF A1 B1 9D BF E0 01 26 6D 8A 09 DB F2 42 70 25 E9 B5 95 01 F0 60 F7 5D 45 E0 74 87 00 FA 26 B9 2C 52 C8 F7 13 10 DD BB 1D FB 2E 23 D4 70 92 43 FC 4C A1 A5 98 40 DC 07 F4 32 54 8F 00 75 BF AF E9 84 0C 57 54 BE 5C FC CF 97 F4 8E 78 B5 94 93 9E 9A 9D 73 7B 3E 7D BC 36 43 06 BD 30 9F 47 9D EF EB 03 C0 9F CD E7 DB 9A 4F F1 D3 58 65 E6 B4 62 23 1F DF 5F A7 43 1C FE 3A 68 B5 D7 15 2B 02 1E 86 C6 4A 5A 51 BE A3 FF 81 BA 9A A5 27 EC DE 12 33 05 C4 71 B3 F2 B6 D6 88 77 82 C2 20 8A F2 FD 56 55 F9 EE 58 EB C1 26 A0 17 CB C0 0E 25 55 A1 17 22 B4 53 4C 2E F3 17 E8 11 06 60 2E FA 8E 81 12 72 89 C9 DF 32 21 5F 25 7F 59 4D 4A F9 31 F7 16 F0 78 5D 77 6E 44 B7 1D 86 36 E3 4D 5D B4 DF 15 F1 E3 81 B6 0F 37 60 8F 0A 2C 23 45 52 AE A4 44 B4 EE 28 DD 79 B9 AA C0 BB 62 FE 2A 10 05 54 16 3D E1 04 7B 37 0F DD 77 85 65 D8 83 [Binary data over 200 bytes]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 3212083974 = 50 4B 03 04 E8 34 CB C2 06 83 74 BF B5 11 00 00 00 40 00 00 86 87 59 DE 0D 38 6F 5A 8D 9B 08 42 FE 93 3C D0 49 37 40 E3 B2 9F 97 4A 32 9C C8 EA C5 52 2F 50 DE E1 47 63 15 72 F2 70 08 0E 76 22 47 46 DF 9B 0C D8 04 1C 90 B5 DC D1 F7 F7 28 BC 2E DE 42 4A 05 87 0E D5 B9 41 05 4D 5B E6 2C C7 25 9B DB 67 23 69 D6 89 B3 61 CF 72 8F F0 B3 CA CB 48 3F 7D 3D FB 51 C4 98 FF BF F1 4D 7E 58 06 04 87 E6 B3 AD 5A 11 DB 96 EA 85 84 07 C6 97 A3 EE 06 35 5D 0A 5D 02 E2 2A E1 BA 4C 53 E1 88 F8 61 7C 14 F3 1A 63 36 7E 54 0A AA 01 B1 EB 67 68 43 52 7B 71 ED 92 78 F5 CA A8 89 5D FC E2 96 4A 95 8A 43 B8 21 BB A0 2F 84 BE E7 C5 01 C8 F4 00 2F 88 ED 46 35 04 21 27 E6 44 DB 9F 41 46 63 C7 27 96 34 7E 2E 97 A9 7B 21 5B 36 A7 40 D3 EF 37 1A 86 B2 C4 CE 68 3B 59 A6 ED A3 5F 86 A7 6D F0 E6 7A 4C C2 2A 46 2B D9 8A 63 E6 3A 97 A7 45 56 3F E7 CD FF 53 86 B8 BE 9C 0B 63 F4 88 9A 27 BC 24 90 8C 86 AC B4 47 B4 3B C5 47 12 3C F8 F6 59 0A 5C C3 83 3A EA 4E 25 0C 6D 65 19 13 22 C1 C4 02 6B 0A 3D 6C F9 58 EB AA 7D B2 58 E4 42 02 D1 69 AD D3 1F F1 59 F2 5C FC FF 0C D2 7A 29 7F B7 F8 35 A0 5E 9B B5 28 86 FA FC 6B AC 2E 10 03 CB 8C 46 81 85 A3 AD 18 5C AE 9E FE 9E 1C BE 79 C0 B9 63 78 A4 46 00 E0 26 91 38 D7 E0 C1 B5 25 2A 5E 35 A6 42 F9 D0 50 DE 29 49 24 9C 48 76 51 3F 18 63 87 29 7E 24 86 FF 36 05 EE FE D0 16 ED 95 30 68 6D B3 DA 00 52 53 C7 5E 29 9E 33 EC C4 CB 6C BA 85 EE 7F F3 57 2F BD DE 9E CE E4 6B 94 52 C6 C8 B3 44 23 E8 F4 81 21 86 C3 36 39 12 D5 32 16 6B B8 A9 CD 57 A4 45 3D 20 2C 57 99 25 E0 3F FF 40 5B 10 A1 CD 0E 8B EF 6F AC E1 D2 7C D7 52 70 A6 40 F4 7E 10 4F E8 CE 41 00 F0 38 04 E1 34 ED 37 DC 31 D7 68 0F 2C 72 D0 2D BE D8 EB 77 D0 8C A0 11 B1 3C 3E 34 35 1D 10 7D E3 84 3A DE 58 B4 9B AB 78 AC FC FB 34 97 9B CB DF 3F 22 26 BB D8 F8 8F 89 4C 3C 25 74 D1 91 60 56 D0 DC 43 0B AE D7 2B 9E 80 45 FE 43 2F FB 90 F5 DA 5E 33 0D 80 49 E6 24 03 88 55 99 AF 01 07 41 B1 C7 8D B6 EC B6 00 D6 4C 00 3B CA F4 5C 16 1B F6 A3 74 6A 16 05 5C 08 8B AD 43 3D 76 CF F9 8E 4D BB 73 D3 DA 9A 78 DC EF 3D 4C EB 3F 5B B3 55 73 59 87 F5 95 4A 12 F6 C1 66 89 B1 49 91 A4 3F 41 C3 0F CF D0 8E E6 AA CB A0 89 E2 BC 74 00 E5 D9 AF DA 38 33 BD AF 8D 29 58 48 93 C0 00 78 B9 2A 62 7B E0 FF A5 F4 56 22 E4 94 A8 27 E8 2F AD 84 37 CC CF 92 FF D1 9E DE DD C2 08 CB EA B4 D7 BE AE F4 F8 CD E9 45 43 DF 78 7C A3 7F E9 97 39 F5 E1 58 78 C7 2B FC 66 D8 94 6E E3 7C 25 60 A6 93 1B FD F7 80 B8 A7 A8 19 86 EC 01 11 51 3D 61 E8 E9 C6 21 E5 5D FB 32 55 21 61 96 01 97 8A 12 EB E4 10 54 B9 FE 76 0A EF 6E 47 EE 81 13 33 D9 CC 27 D7 C3 79 F9 E8 9C 6F 69 F7 AA 55 60 76 05 05 EB D8 E5 2B B4 31 BE 19 32 6A A1 58 4C 55 57 00 84 2F AB 93 E1 E3 7B FD 21 CB CC 6A E1 D9 7E 4F 3D 74 04 29 75 AF AF 59 E6 14 CE C8 D7 21 4A A5 18 E0 A6 5B BE 4A 10 00 04 08 BB A7 F8 10 C7 13 5B 3E 75 BE 88 F2 02 8C 11 0A 9E DF 36 D2 80 14 5A 24 81 A1 31 AF 02 A9 E6 3E 11 CA FE B1 8A 1E F4 17 55 47 80 CC 55 F6 A0 60 E9 76 9F F0 63 06 0B 49 78 A3 E9 C2 18 6F 63 7B C9 8A 16 49 41 0B 47 AD E1 38 91 18 3F 25 7A 40 CD E8 E3 B9 8A A7 05 E5 19 B9 04 FD 15 87 CC 33 83 DC 29 A7 E1 C7 54 AB A9 AC 13 FB 0B D4 C9 80 89 D4 9B A9 DD 3B FB 98 F8 56 58 30 D3 35 9A 46 DF C3 ED E4 94 87 1B 12 96 F8 BA 91 E9 C0 6F E0 2F 30 11 D0 43 3F A6 25 97 B5 38 6E 89 82 31 6D 3F CE 8D B0 6E A4 C5 A0 CA E1 74 A4 CD 41 AC D7 9C 90 92 1F 72 0C 4C C0 6F 47 22 58 C1 6A CC 20 F3 44 54 4F 1F 75 30 AC 47 30 B1 20 57 93 11 4E 09 3E 96 D6 C7 A9 A3 44 A8 D1 72 FA D5 0E 45 79 D2 3E CE 46 1E D1 9B F0 51 40 0E 3E 3A BE E2 02 C8 E7 37 EB 66 EE 41 BE 22 9A 89 36 DB 17 2B E4 79 E6 FE 21 AE C2 99 4E D8 55 6A 5C 1E D0 FA 10 74 2F 87 96 64 F2 7D 64 59 F8 CE 3B 36 FD E2 E9 F0 DD 8B B0 52 01 0D 44 5B 0B B2 17 4D 01 96 DE EF 0F 38 E5 D4 E5 DD 3A 0B BD BC D7 F8 18 9E 62 4F 39 6D 00 19 7A C1 DA EF B3 10 B1 57 B2 C1 5D EB C9 B5 EB 3D 25 F8 0B 29 E0 46 C3 60 8B 0A A2 00 82 93 89 6C 6A A7 41 AA 6A 6A F2 FE 7F FE 68 76 B4 86 0F 57 7B A2 74 AE CC 8E F6 22 4E F2 6D BF E8 7D 50 2F 22 56 5B 34 E6 79 E5 DA 43 CE C0 68 1D A2 7E 92 06 25 AB F9 7F 65 AA 2F 7A A6 5F 82 FF 2C 5B 26 A4 CF A9 5C 17 F8 A2 46 D8 4E 55 50 36 38 85 D2 ED 28 4D CE 5F EE A5 EB 8D 01 9F 85 F1 CC AE B6 27 91 96 E4 40 67 BF 8B 7A 9D 56 33 B0 AC CB 79 52 7C 91 33 18 9B 41 00 75 B5 CB 7E 91 90 C6 8F 0E 63 BF 68 6A E7 F5 08 34 D7 30 29 10 C5 43 23 5F D5 DA 2D 1A 61 E3 17 E2 F4 93 61 F3 04 78 03 B1 E4 DF 4A 65 C5 FE EA 96 17 7B C2 A1 78 E0 50 8E AF 81 42 38 8C BC 1D A0 BC AB A4 DF 9D 62 83 5B 22 F5 CA 34 8D 33 5C CA E7 0A B0 2F 71 1C 95 1F 41 D2 7D 76 F7 FF 5C 76 29 DD 37 21 AA 95 FA 90 64 B1 B5 95 72 C6 5D 72 11 54 8D 26 70 8D 53 19 64 E9 C4 0D 29 1A 3D 93 FE 63 C1 7E D0 2C A0 9C EE 13 4D DC 3F 6C B0 C3 7C AC 98 83 28 9D 43 76 47 6A 03 A8 72 BB C0 F3 1B 1B B8 08 05 B2 3D F9 85 93 AB 0B DA B5 23 40 BD A5 52 FC 20 97 FA DC F1 F8 83 DC B0 BD E0 9D FD BD B6 CB 8F 2D 09 46 C9 94 C0 A0 9A 45 85 25 87 3C DE 2B 26 39 5B AF C0 BE 80 64 42 47 0A 45 90 B2 A1 3D 14 E9 C7 14 14 E7 56 C5 C9 7D D9 FE F8 6F C5 54 32 4B 2C 5E 7C B1 9F B8 5C C8 42 8E 07 22 67 9E 68 CD 0B 0C E0 83 2F 96 60 C9 1F 68 A9 8C 09 A0 F8 05 6F 7E 58 45 02 EC B2 F0 89 57 5D 4F 42 F3 2C A9 F9 14 B8 5C A4 85 93 ED D4 DE F1 7C 04 6D 40 0F 59 06 8F 01 26 4E 98 82 D6 16 FF B4 D7 B7 AF 56 09 90 B3 43 1B 3E 2F B4 E8 86 BC 4C E3 4B 16 E0 22 A8 67 38 7D 66 DE 24 16 A6 16 7A 9E B1 30 98 04 3D 12 85 87 31 8B FB E0 1F 6A 00 1F BF 21 2E C0 B9 D2 0B C8 70 E7 42 30 D5 A6 4F 16 33 C6 65 8D D8 22 C2 FF D2 83 27 61 AF 18 11 22 FB 6F 74 81 47 20 E3 65 19 15 8B A8 20 F6 74 45 71 70 D7 D0 51 D7 40 0D 93 9F 46 41 7A 10 83 BA 1B 83 8F 24 C6 FB CA B2 2D CD E1 5F 83 BE 8D A6 64 15 16 DA 9A AF BF C6 97 D0 0D FC A2 4B 90 53 2D 73 11 17 36 58 6A 15 3C D9 A1 08 AE 84 A1 16 16 3C 99 E3 43 AE 83 D5 66 2D CB FC 26 32 C5 9E 20 4E DA AC A9 16 F6 66 BD 8E 1B BE 72 88 4A 93 F3 1E 8C D0 24 EF 14 38 3C 42 81 78 5E AE 11 F3 6F E0 EB 7C 1C E0 CD 7D D9 65 D5 2B 72 4A D7 27 96 8C B2 25 11 30 2B 5D 8F A1 42 12 AC 45 CA DE B7 AA 6D 51 A1 20 AB A6 06 DB C8 3C FB F3 1A 78 5E 46 50 94 72 9B 6D 2E 4B 33 FC 6C EE 3A 5E 49 62 94 E7 F8 54 34 B2 E7 C0 81 46 FD 73 36 C5 9B 18 7F 73 E6 38 66 74 D3 04 62 E9 37 C3 18 17 82 92 8D D3 8B DF B8 C6 6B 20 49 69 7C 76 82 BB FC 15 C2 DD 23 86 FE 5C 21 9A 32 40 CB 07 61 11 28 9F 68 89 33 C2 4A B6 F3 D9 34 19 70 26 7A 7F 85 6E 92 6C 2C C7 06 38 F7 1A A8 A7 E0 3D 39 3D 26 92 F6 7E BE 2C 0C 96 AD 2A 73 72 2B 66 99 16 A0 22 DA DB 43 D1 D1 90 70 E8 E4 FD 42 BF 99 2C 4C BD E1 27 EE 28 25 B7 71 82 66 22 7A 29 B5 E0 C1 B7 DA A1 96 23 A0 19 F1 AF 08 CC 9D C8 54 45 76 8E B0 71 08 57 1D ED A9 C6 7A 17 A5 C5 A1 29 EE 53 B7 02 34 C6 10 FE F7 68 3D 0D A1 AE 0B DA 77 0E B6 14 10 DE DF 5E BE B3 84 4F 48 B2 99 4E 57 43 F9 97 17 DC 69 7A A7 70 11 AA 36 BE 4B 1C 68 D1 41 06 21 84 EA 88 A9 77 DE 59 F0 2C F3 8D D6 51 18 47 78 85 5F 1C D4 0F B2 D4 41 3E 77 54 BE 76 5F 92 81 65 CA C3 14 18 67 DD 1A F0 63 0A 3F BA BC 78 1F B7 C6 36 7C A8 DA 47 91 B5 A5 B1 AC 2F F3 11 86 94 C0 2A 99 6B DE 2A A8 2F 7B 4E 68 81 CD 32 56 66 95 F9 F7 BA C9 4B 54 62 21 8E 0D 21 86 DE A5 1C 2C 33 96 B1 49 5E 0D 4E AA F1 87 D6 12 22 A1 B3 31 A6 91 F9 9F 1E 04 0A 27 51 F3 14 72 71 D1 7B 9C AB DB 17 77 28 FB 95 D2 1B 68 AF E5 A8 A9 95 F3 5E 5F 6C C0 71 A9 C0 CC 64 C3 E5 B2 4F 17 68 9E A1 59 35 66 04 C5 14 94 9E E0 DF 33 D3 33 30 FB 5B 50 BD 05 C4 64 62 09 BB F6 0C 4B CD A5 21 CD ED A9 7D BF 59 EE 18 6B 8F AC 2F A8 FE F4 E9 A5 D2 8B CF 44 7D E3 F9 1F CD 98 54 B8 7F A6 D7 C9 58 43 35 FA AC 30 09 9B E8 55 C2 75 CB 96 E9 8B 5D 5E F9 9C A1 86 1B 77 07 AE C6 18 C5 F6 56 77 7D E6 37 73 96 60 94 FD CC A4 F9 4C 16 C6 F3 BF 52 95 C8 E1 7F EE CD 91 5D 3A EA 06 75 06 2B 2B 0D 70 38 35 C3 45 28 D5 4D FD 7B 53 A0 52 5F A1 06 1B 25 D4 AA 84 5C 5F D1 E7 06 20 BE 53 11 B5 B3 C8 28 C6 E4 F2 43 78 ED AA FE 10 01 A7 3C FB D4 E9 AE 61 2C 79 F2 C3 8D DA 17 2D 60 C1 CE B3 43 EE EC 07 65 30 18 AF 8B 37 0E C6 11 5C E0 C4 C0 F1 59 D6 27 7B 1E 24 64 CF A3 29 70 1A 8F 37 5C 6D 45 D7 78 EE 13 37 75 AA E0 B9 E6 BD 7F B5 47 45 AA 48 F8 8A 32 6B C6 58 91 A5 70 C3 93 D8 C2 43 4F 78 A0 3E 06 51 F8 6A 39 14 43 F0 BA 02 8C D7 DB 0F 0D BB 90 56 B8 53 54 D7 81 1B 20 0C 23 3B 32 D6 40 9F AA B4 9D 8F 1C 89 A1 2A 2C C4 F8 6C 7D FB BB D6 AD 9B 18 65 46 14 11 A4 41 67 CD 12 D9 09 2B B5 30 6F 72 4D 89 47 7A 0C 3D F8 E0 EC BC 0C 68 59 B0 05 88 4B 0D CE 10 9B 5D F8 BA DE 08 9B F8 A5 1A 9C 67 7D 59 B6 8D FE ED C9 33 CC EF 11 5E 2A 16 E5 75 42 7F D4 81 AA 50 B0 58 64 0F E2 CE 81 A4 7D 2D 80 66 CB 22 09 24 E6 8B 12 99 3D F8 38 07 4B E1 6D AB EA 63 53 CB 20 89 57 B9 AA 6F 45 BC CF D4 4E D0 42 3F C5 01 00 83 EF 80 39 BC 76 21 58 2D 45 D5 8F 04 B1 2E 8A BC 34 95 01 AA D5 6A A1 01 D3 11 CB 9E 34 7D 9C E5 C0 5D 36 58 7B 27 42 80 E1 84 8F C4 54 9E 91 19 76 E3 13 F1 F8 17 78 4F D1 A3 52 28 2B 70 E2 32 31 76 86 1A F1 7A 36 38 57 69 9C C0 1B E4 06 E3 70 F7 B3 8D 14 66 CB 1A B1 07 BB 3B CB F3 AA 6A EF CF D8 5B 0D 82 9A 72 5C 72 73 28 88 D7 F2 18 F7 49 11 ED 2C C1 77 F5 91 91 2C 26 60 18 38 B0 3F BC EF 50 FD 84 B4 27 06 A6 0E 88 45 81 A2 8B 0A 35 33 D4 F1 BF 12 E2 BB E4 91 0A E8 34 72 BC 91 50 B6 A1 38 20 6D B3 AE 0C BE B6 A6 1E 9A 41 52 CF CA C3 DE 9C A0 42 B8 B3 A8 69 24 9A 89 FD 67 EF 2C E1 06 CE 6F 93 4B 22 44 B9 B3 25 A4 B6 AE BA 22 46 EC A9 52 DF 55 72 F0 19 84 33 F8 63 CF 2B D6 D1 E6 3B 9D 4E 36 F5 EF 3B 19 27 7C 3D 65 BA BE 63 F9 51 D3 DF 20 0B 7D BD 0F 28 4A C5 96 2D 43 CE AB A6 9B DF C4 03 86 70 8A 58 51 12 C9 05 F5 06 BC 04 79 CB 67 F6 14 41 3A 02 F6 7E 92 81 65 51 F0 56 D3 66 BC 5F 45 3C AF 6F 44 BF D3 31 9F 40 39 48 C4 D2 26 46 EC C7 40 D1 E3 85 34 EB 35 62 64 4C 26 37 07 47 96 AD AF A6 F6 38 3B E4 92 23 BA 2E 95 12 20 5F 7A 22 28 11 6E 6F 4C 1C 80 E2 77 38 FB AB 3B F4 3C 3E 06 02 CA BB 70 CC D9 97 A2 D0 2B 70 AB 82 E8 22 1D 49 A4 DA BE CA 60 5F 4D AD A1 B6 8D 02 B3 32 29 58 7C 7C DB 97 36 07 9E 32 71 E2 BE 76 58 30 16 7E 2E C5 98 3F B3 08 AE E7 7D 88 8B CA 46 71 5A BF 19 9F 04 F2 9E BC 09 F0 BE F1 7C 09 EA E0 17 10 4C 5F E3 C5 DE 26 1B 78 E0 CA 1E 91 83 C7 96 98 0C E2 74 23 35 09 A2 B0 11 60 38 86 F3 EF 91 01 F1 56 6B 77 9A 12 FA E7 98 C1 1E B8 08 BE A9 15 DF C9 C0 8E B4 49 70 75 77 9F 38 86 FA 93 0D BA 81 7C 5D AF 4B FE 1A D8 15 39 E8 D4 F5 93 7C EA E6 A2 C9 DF CC 37 81 49 01 A4 95 5E 3A CC 50 01 B5 43 F3 AC 62 20 14 6D 6E 79 E2 9F 60 10 C7 EC 2B 04 66 67 32 2B BC 8B 6B CB E7 C0 0A CC 8E 65 63 A5 D4 73 5C DB 9B AF 68 54 75 A5 D3 54 24 81 67 88 5C 3F 6A EF BF 95 18 4D B8 33 B3 32 93 E0 AB A1 AD 02 EC 23 2D 47 6F E1 DA A4 29 00 71 8C 04 D7 18 2B A2 A3 E7 79 BB 52 18 62 38 D2 0B 10 CE 9F C5 01 FF 1F F3 C3 17 87 6A C8 4D 51 74 D3 C6 25 3E 49 5E E9 7C BB 9F B4 1F 26 25 24 F9 5C C1 26 7F 3B F9 EB 00 33 C7 85 3E 0F 1B 64 E5 0B 7C DD 2A 9D 74 32 A5 09 6C 2F 01 45 E0 F1 06 11 F3 E5 05 D2 9A 45 7A D0 93 20 72 20 82 9E 2B CF A2 41 19 C2 9F FF E1 DC 7C 16 80 59 2A DE E8 EA 06 60 5D 90 C9 53 29 09 52 59 9F 80 48 3E 3A 85 40 F3 A2 F3 7C 7C 8F CB A1 71 2E 9F 5D 09 70 BF 4B 38 E7 E4 0D FC BC 97 07 35 C5 25 31 8C B1 60 09 90 68 C5 18 D9 02 2F BD D5 DC CD 8E 62 37 35 B9 AF A3 7F 8C 19 26 B8 7D D6 BE B9 B9 64 4B 62 D9 7E 19 63 27 6A 67 A3 DE 28 D7 71 69 14 89 31 73 A0 67 47 DF 96 71 42 13 16 0E 7E DA C7 9E 43 08 81 E8 94 6A 9B B4 7B D2 88 BE CB 9B DC 5B 74 6F 0A FA F3 D4 C0 E8 C5 05 51 59 0D 28 2A C2 16 17 6F 56 F4 4B A8 F2 06 28 62 E6 E8 04 94 59 7C A6 4A 60 2F A9 96 10 43 84 87 68 7A FC 6A 0F B8 66 ED 2C 9F 0F 38 14 BC D6 3E 7D 2F 78 E6 8F 02 C4 54 13 80 12 E3 42 86 1C 78 2A 6F 88 4E FD 5B 31 7C 8B CE C5 61 67 A4 CE D8 0B 0B 1C 14 57 22 5D 8D 40 4C 08 23 87 BB 99 C6 0E 1A 18 AA 5D 63 84 0B 0A 9D FF F4 87 20 26 3A 9C F5 52 9E E1 DA CB 35 B0 0E 66 43 C5 34 99 7B D8 4F 0F 32 E8 F5 CF 1A 0E 22 3B 95 85 57 9B 61 3E EF E4 37 CB D2 C7 3F 5A 39 03 6D FE D4 C5 9E 5C E9 B0 91 87 26 3F BE E3 79 ED 43 2D 15 BA DA D2 C8 A2 18 CF 31 45 A5 99 F6 82 E7 D8 BC 1D FC 56 4C 39 17 1B 3B 85 4A 89 24 9C 61 8D 63 51 E0 BF 58 E6 6E E1 2C CF 78 47 E5 13 DC BD 92 33 CA 33 3C 54 FC 69 97 0D 7C DA 32 81 88 9C 46 27 C2 C9 DE D2 10 43 9F 8A 21 EF F8 0A 54 39 37 CD F6 76 33 47 14 55 46 FF F9 42 0A 68 39 A0 BA C0 5E CC 3C F2 8C E3 61 DF 23 AC A4 6B E5 38 85 7A 07 FF 12 67 68 86 AE D7 C5 C1 6A DB A4 C9 E3 02 21 73 35 73 55 FE BF 5B A4 53 A1 67 8A DC 17 71 E8 25 09 61 73 C2 4C 50 6D 2C 78 B8 B9 D0 96 64 E6 A9 69 17 54 AC 5F 05 FE 6D C7 92 40 6F E5 3E 8F 4C E6 C6 56 20 F6 67 8A DD 5C DD 8F 15 26 0B 2C D6 AF 99 65 38 65 85 9E BC 17 08 A7 E6 A2 E1 13 6C 5A 3D 90 76 41 81 AE C9 D6 D7 03 3E 73 94 D9 D6 D4 0D 0F DD 4C 8A 88 76 23 3B F5 60 96 27 A0 6C 1F C1 7A 7B 7D 69 39 BF A9 B0 A7 9B 73 0C 3B CF 4C 20 F8 3F B4 E5 73 E1 BC 5D 32 C6 32 32 F9 0C 08 8F 10 1C 7C A9 4B CA 69 B0 36 7B 92 49 ED 5F A4 8B 9E 21 95 39 95 CC D1 B0 59 2D 85 17 CE 5F 2D 6C AB 48 E7 2C 9D F2 BC F1 F5 59 42 60 01 96 71 5D E4 7E 7A D0 F3 DC BF F9 68 D0 31 4C 66 E9 0A 63 1E B4 63 08 E0 A3 0E AB 71 47 BB 9A 37 57 00 C3 64 6E 67 86 2E E5 C1 FC F0 3F 02 52 E0 7A 0B F2 BD 20 17 A9 49 D6 BD 02 33 FD 9A AA 2D EA 09 71 9A B3 88 BB 9C DC AC 09 15 7A 63 5B 6A 18 28 EB B3 A0 22 B6 3B 2B DD 75 A4 51 6B B8 74 F9 D6 1F D2 5B 1B 97 C8 C2 0B 71 44 FF 88 59 3D 25 CA 28 62 FA C9 25 BE A8 86 9F 1B EA 6A 2C 6B 2F D3 E8 10 A4 4F 8F 78 87 5E 74 23 25 A5 16 F8 BC 21 2D F0 B4 C9 42 04 4E EE 6D C7 44 12 96 71 3B E7 3F 7A 73 0C D6 0A 3F 45 45 D5 05 0E 3D B5 2B 51 C4 80 6C 2C 3F D7 7E C7 3A 5D E9 92 40 F3 6D F1 63 3E 7F B3 52 0A 64 FD AD 15 7D 73 72 1C CF 28 24 AD 4C 79 7C 91 14 1D 78 13 F0 43 3D F8 D8 44 07 D2 B4 80 7A AE A3 71 09 3B BA AC 8C B1 68 34 A3 CB BC 76 E8 C3 23 DA ED CB A3 35 50 73 38 6F B5 E9 9F 0B F2 40 4E E1 14 FD 47 63 98 17 6D 8B 5E E1 96 DA C5 0F FA 41 0F 8C E3 5D A4 59 B0 00 DD 47 81 F3 04 7D A7 74 44 05 A5 FA 87 72 58 AF B5 56 C0 4B D7 C6 DE E3 42 43 4D F4 86 84 B0 62 BB 74 A7 1F 5F 70 80 9C 88 18 CE 52 2F 47 93 20 FD A1 E4 79 E5 D2 3F E4 E8 5A 81 2B 56 14 6B 98 BA F0 C4 4A D6 D3 45 2C 45 A8 F1 6D AF 7D BF 4B 80 4A 59 AB E6 AF ED 1B BF 65 FA 18 C9 0F 91 EA [Binary data over 200 bytes]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 1781466620 = 50 4B 03 04 28 0C 19 52 FC 05 2F 6A 12 04 00 00 00 30 00 00 86 87 59 DE 0D 38 6F 5A 8D 9B 08 42 FE 93 3C D0 49 37 40 E3 B2 AF 97 4A 32 9C C8 EA C5 52 2F 50 DE E1 47 63 15 72 F2 70 08 0E 76 22 47 46 DF 9B 0C D8 04 1C 90 B5 DC D1 F7 F7 28 BC 2E DE 42 4A 05 87 0E D5 B9 41 05 4D 5B E6 2C C7 25 9B DB 67 23 69 D6 89 47 20 91 A3 8F 11 CB 36 2D F5 C2 66 1B 12 49 BE 7A E0 A8 AA A9 95 7C 82 4D EC 21 CF 14 8F 77 12 D6 85 8D E8 09 1B 43 F7 8E 39 22 38 CB 41 7E 70 19 F4 16 37 7D 80 53 AE 40 34 51 C7 03 E5 5F 64 30 D1 A6 61 73 27 01 85 49 61 7E 3F 6B 0A 3C A9 01 1F 73 2E 02 C9 97 36 F5 26 39 DD FF 33 C8 1D 8D 4B 20 2B 85 6C B0 62 F8 78 6B FF 78 F6 27 BD BA 61 E3 AC B5 52 75 F9 48 63 E9 08 27 81 F3 38 2B 71 72 DA 84 BD DF D9 CA 0A AE 09 70 7B E1 39 42 8F 5B 9C 1A E2 0B 9F 76 8C 79 2C 16 26 6E 59 EE 25 4A 9E C1 D5 42 F6 0B 05 9A 4E C1 97 41 DD F9 D8 B5 6E 45 91 8A EC 4C 76 7B F6 05 98 E7 55 4D 19 4F F3 3D 84 7C 9B CA DF 7C 2A 6F E1 8E E4 78 68 A1 88 7D 9F D2 0D B1 DF 6B E7 AF EC D2 E3 9A 69 BD 2C E1 5D 76 98 7B A4 7C 7D 66 D3 6B A9 1E AC 24 9D 85 37 F6 A4 12 2B AA 33 F1 97 44 68 0C 89 65 9F 2B AA FA 1F 3F 90 50 5C C0 F8 DE 16 5C F6 F1 BD A6 46 C9 AE 93 4D 1B D3 A9 BC 8C D7 25 0B 9B 88 82 5B 41 9A 44 DB 49 72 06 29 BA E8 42 37 E8 FC AF 33 D6 1F C7 D0 F0 1C F6 9F 84 3B 97 F1 8F A7 E1 8E 1D 01 CC F4 89 4A 43 45 CB 51 08 B6 A0 D6 58 47 6C 00 1A EA 38 F7 AB A6 25 73 D9 AB DA EA AA 37 72 13 12 79 53 1C B2 F2 9D 58 80 C0 82 5B 37 74 C4 BD 28 92 69 CF DC 69 EE 65 D4 78 D6 2F 1A 20 77 C6 42 C9 C0 F8 D3 8F 65 DB 01 0D 27 8F 28 58 9D 04 05 D1 74 17 C7 E6 B0 CC 6B 89 E0 E3 D4 07 A3 D6 02 BC B2 19 39 B8 C7 E2 A0 F8 CA CF C2 EE E6 D8 0E BD A5 20 47 60 3E 74 E9 FE 9C EA D1 4D 05 F6 6E BB 3C 6F 4F D5 1F 6A 0A AF 2C AC C2 3F B3 4A 09 B3 10 5A CA 18 45 88 A9 14 26 58 7B 50 46 15 3A 86 A7 50 33 AD B7 9C 24 AD FC 04 7C 47 54 FE C3 CB 13 44 55 01 F6 4A A5 1C A9 B4 39 9A 31 03 36 94 5B 5A DA 82 04 CA 4B 71 89 0F 72 A1 D5 BA 49 D3 F8 78 08 F6 41 9D B5 BA AA 0E 20 A2 10 38 6A 67 F7 07 13 2E 84 2E FF 52 1F 7F 1C AC 1E EC F7 99 42 7A EC 54 99 CB 96 73 18 09 EE BE 77 20 DA 0B DE 66 99 DA F2 2B 9B 7E A8 A6 0D A6 A2 AA 6A 1C BC B5 DE 6A 91 23 8D 18 78 B7 3A BE 9C 85 78 B4 1C 9E 0A BD FF 4B 43 93 B4 BF 3D 9C F7 0D 08 F1 ED 2D BD 79 71 5C 67 C0 E4 E7 2F 29 C5 E1 62 A3 FB 52 AC 08 74 4C 2C 8D 66 E2 82 F0 DF 0D 91 B3 6A 37 E4 E1 E8 AF 8B EC 23 56 CC BD FD 1F F6 87 80 48 C1 96 1C 57 06 C8 21 A6 11 85 CA 79 6D C8 39 02 1A BD EB 93 5A 8E 9E 9C 05 2A 4C 56 78 FA 29 A0 9B 0E D4 6C 5E D7 40 46 E8 15 83 DE ED DC E6 81 A4 69 1F BE 5C 44 28 55 72 38 BE 7E 1D E1 C1 D2 DF 88 69 5D 71 45 6A DC 7B 55 EC 3E C2 82 D7 A0 A1 55 91 A2 B2 D9 B0 B9 0F 71 BC 0A 73 89 82 17 BB 8D 89 28 33 C3 77 B1 7F 1A 8F 80 60 7A 5A 47 AE AB F2 AC 3A A9 5A 4D 3A BF 81 B6 2F 85 DA 68 FA AA 60 F0 FF 19 DC D8 9C 8F A0 D8 74 ED F4 7C 11 49 A9 03 95 66 51 BF 0C 4F F8 FB 74 8E B8 A5 ED 35 B7 86 CF 91 4D A6 D7 5B 63 E1 CB 7C 63 4F ED 82 67 55 D5 4D A8 A5 42 2A FD BB 52 E1 8B B2 FD 0A A0 91 52 85 96 0B 13 0D AD 52 09 F4 AD 75 96 FB A3 8A 86 9F B7 F1 69 30 15 A5 EC 6D 66 D7 00 01 3E 65 43 E2 FB 8B AD CB A8 98 90 1F 2C FF D6 98 6F AA 82 9F DA 79 14 06 86 D1 8F 31 41 BC CC 88 62 01 D1 2D F0 5D E5 ED 34 9A A0 E1 A3 57 78 EE [Binary data over 200 bytes]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 50 4 = Reg Error: Value error. File not found
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-1580436667-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1329081801343 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F945CDC1-747C-4255-930B-E768E2F90022}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.02.11 16:24:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.04.14 22:54:30 | 000,000,166 | ---- | M] () - G:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{21cf65f3-558f-11e1-b843-000fb0cbc457}\Shell - "" = AutoRun
O33 - MountPoints2\{21cf65f3-558f-11e1-b843-000fb0cbc457}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{21cf65f3-558f-11e1-b843-000fb0cbc457}\Shell\AutoRun\command - "" = E:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013.03.14 21:22:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ivan\Desktop\OTL.exe
[2013.03.11 21:10:05 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013.03.11 21:10:05 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013.03.11 21:09:53 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013.03.11 21:09:53 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013.03.11 21:09:53 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013.03.11 21:09:27 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.03.08 03:03:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ivan\Desktop\JA Mods
[2013.03.03 03:00:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ivan\Local Settings\Application Data\DOSBox
[2013.03.03 03:00:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DOSBox-0.74
[2013.03.03 03:00:47 | 000,000,000 | ---D | C] -- C:\Program Files\DOSBox-0.74
[2013.02.27 15:25:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ivan\Recent
[2013.02.22 01:57:36 | 000,000,000 | ---D | C] -- C:\Program Files\directx
[2013.02.22 01:56:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ivan\Start Menu\Programs\Codemasters
[2013.02.22 01:27:12 | 000,000,000 | ---D | C] -- C:\Codemasters
[2013.02.19 04:56:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ivan\Start Menu\Programs\Hero Editor
[2013.02.19 04:56:15 | 000,000,000 | ---D | C] -- C:\Program Files\Hero Editor
[2013.02.17 17:04:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ivan\Start Menu\Programs\Diablo II
[2013.02.17 16:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Diablo II
[2013.02.17 16:38:01 | 000,094,208 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\DIIUnin.exe
[2013.02.17 16:32:00 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo II
[2008.04.14 13:00:00 | 000,042,496 | -HS- | C] (G Data Software AG) -- C:\Documents and Settings\All Users\dxojdlv.exe
[2008.04.14 13:00:00 | 000,042,496 | -HS- | C] (G Data Software AG) -- C:\Documents and Settings\All Users\dxldxpc.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.03.14 21:06:01 | 000,001,016 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1580436667-1177238915-1003UA.job
[2013.03.14 20:20:49 | 000,472,800 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.03.14 20:20:49 | 000,075,728 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.03.14 20:16:12 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013.03.14 20:15:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.03.14 20:13:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ivan\Desktop\OTL.exe
[2013.03.13 18:17:25 | 000,002,295 | ---- | M] () -- C:\Documents and Settings\Ivan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013.03.13 18:17:25 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Ivan\Desktop\Google Chrome.lnk
[2013.03.13 03:06:01 | 000,000,964 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1580436667-1177238915-1003Core.job
[2013.03.12 19:03:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.03.11 21:09:38 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013.03.11 21:09:35 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013.03.11 21:09:35 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013.03.11 21:09:35 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013.03.11 21:09:35 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013.03.11 21:09:34 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013.03.11 21:09:34 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013.03.06 08:57:01 | 000,069,426 | ---- | M] () -- C:\Documents and Settings\Ivan\Desktop\raspored.pdf
[2013.03.03 03:00:48 | 000,001,581 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DOSBox 0.74.lnk
[2013.03.01 16:05:58 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe
[2013.02.27 18:42:03 | 000,109,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.02.22 01:58:01 | 000,004,096 | ---- | M] () -- C:\WINDOWS\d3dx.dat
[2013.02.22 01:46:38 | 000,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
[2013.02.22 01:46:38 | 000,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
[2013.02.22 01:46:38 | 000,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
[2013.02.19 04:55:55 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE
[2013.02.17 17:29:12 | 000,035,486 | ---- | M] () -- C:\WINDOWS\DIIUnin.dat
[2013.02.17 16:38:02 | 000,002,829 | ---- | M] () -- C:\WINDOWS\DIIUnin.pif
[2013.02.17 16:38:01 | 000,094,208 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\DIIUnin.exe
[2013.02.15 16:59:41 | 000,549,969 | ---- | M] () -- C:\Documents and Settings\Ivan\Desktop\menadzment ceo.Pdf
[2013.02.15 15:16:33 | 000,996,029 | ---- | M] () -- C:\Documents and Settings\Ivan\Desktop\VIP - Oko novca svet se vrti-cutmp3.net.mp3
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.03.06 08:56:58 | 000,069,426 | ---- | C] () -- C:\Documents and Settings\Ivan\Desktop\raspored.pdf
[2013.03.03 03:00:48 | 000,001,581 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DOSBox 0.74.lnk
[2013.02.27 18:42:03 | 000,109,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.02.22 01:58:01 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2013.02.17 17:06:14 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2013.02.17 17:06:14 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2013.02.17 17:06:14 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2013.02.17 16:38:05 | 000,035,486 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2013.02.17 16:38:02 | 000,002,829 | ---- | C] () -- C:\WINDOWS\DIIUnin.pif
[2013.02.15 16:59:39 | 000,549,969 | ---- | C] () -- C:\Documents and Settings\Ivan\Desktop\menadzment ceo.Pdf
[2013.02.15 15:16:33 | 000,996,029 | ---- | C] () -- C:\Documents and Settings\Ivan\Desktop\VIP - Oko novca svet se vrti-cutmp3.net.mp3
[2012.11.18 03:10:45 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012.10.11 18:27:48 | 000,001,455 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2012.08.20 17:53:29 | 000,139,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2012.08.20 17:53:28 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Ivan\Application Data\PnkBstrK.sys
[2012.08.20 17:53:03 | 000,270,240 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2012.08.20 17:52:56 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2012.04.23 16:00:56 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2012.04.23 16:00:56 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2012.04.17 16:01:18 | 000,064,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012.03.07 04:05:16 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2012.03.07 00:34:31 | 000,233,472 | R--- | C] () -- C:\WINDOWS\System32\MafiaSetup.exe
[2012.03.03 02:26:45 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2012.02.14 22:31:48 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\Ivan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.14 02:32:28 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2012.02.13 21:24:17 | 000,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll
[2012.02.13 21:08:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012.02.13 21:08:20 | 000,000,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2012.02.13 21:07:08 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2012.02.13 21:07:01 | 000,157,184 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2012.02.13 00:55:46 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.02.11 16:27:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.02.11 16:20:43 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012.02.11 06:58:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== ZeroAccess Check ==========

[2012.04.17 15:58:44 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011.11.01 21:35:20 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Base Services ==========
SRV - [2008.04.14 13:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008.04.14 13:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008.04.14 13:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2008.04.14 13:00:00 | 000,077,824 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008.04.14 13:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008.04.14 13:00:00 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009.04.20 18:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009.02.06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008.04.14 13:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009.07.28 00:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008.04.14 13:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008.04.14 05:41:56 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2008.04.14 13:00:00 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008.04.14 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008.04.14 13:00:00 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008.04.14 13:00:00 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008.04.14 13:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008.04.14 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008.04.14 13:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008.06.20 17:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009.02.06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010.08.17 14:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008.04.14 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008.04.14 13:00:00 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008.04.14 13:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009.02.09 13:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008.04.14 13:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008.04.14 13:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008.04.14 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008.04.14 13:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010.08.27 06:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (LanmanServer)
SRV - [2009.07.28 00:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008.04.14 13:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008.04.14 13:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008.04.14 13:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008.04.14 13:00:00 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008.04.14 13:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009.07.28 00:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008.04.14 13:00:00 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008.04.14 13:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008.04.14 13:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008.04.14 13:00:00 | 000,333,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008.04.14 13:00:00 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008.04.14 13:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009.02.09 13:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008.04.14 13:00:00 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008.04.14 13:00:00 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009.06.10 07:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008.04.14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008.04.14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SERVICES >
[2008.04.14 13:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.EXE >
[2009.02.06 12:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2009.02.06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009.02.06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

< MD5 for: SERVICES.LNK >
[2012.11.10 03:56:46 | 000,001,602 | ---- | M] () MD5=6C0342D46FE03237428C83E1F1CD4990 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2008.04.14 13:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SVCHOST.EXE >
[2008.04.14 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008.04.14 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008.04.14 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008.04.14 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINSOCK.DLL >
[2008.04.14 13:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\dllcache\winsock.dll
[2008.04.14 13:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\winsock.dll

< End of report >

Attached Files

  • Attached File  Extras.Txt   41.33KB   165 downloads
  • Attached File  OTL.Txt   147.69KB   162 downloads

  • 0

#4
Essexboy
Posted 14 March 2013 - 03:17 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm something new.. I am not sure if the first run will work due to the amount of data .. But, lets try it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
SRV - [2012.11.18 02:59:29 | 000,582,272 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe -- (IBUpdaterService)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 3518887414 = 50 4B 03 04 D5 45 F2 60 F6 F5 BD D1 98 17 00 00 00 50 00 00 86 87 59 DE 0D 38 6F 5A 8D 9B 08 42 FE 93 3C D0 49 37 40 E3 B2 AF 97 4A 32 9C C8 EA C5 52 2F 50 DE E1 47 63 15 72 F2 70 08 0E 76 22 47 46 DF 9B 0C D8 04 1C 90 B5 DC D1 F7 F7 28 BC 2E DE 42 4A 05 87 0E D5 B9 41 05 4D 5B E6 2C C7 25 9B DB 67 23 69 D6 89 47 20 91 A3 8F 11 CB 36 A6 26 C1 66 1B 12 49 BE 7A E0 A8 AA A9 95 64 A1 7F EC 91 D7 0C 6F 6E 09 63 36 90 C9 0A 5D 6E DA DF 19 7F 04 B7 EB D6 2E 2E 8D E2 83 CA E5 AF E7 B4 54 B2 AC 36 0F 39 22 20 27 05 7A 63 92 B8 65 A4 59 B4 22 6C DE EB 32 6A F9 25 C6 22 E1 28 06 0C 1E A0 14 C3 FF 11 6D 8E 85 7C 3C 8C 6F BC 14 6B 28 27 12 FE F6 06 2F 31 78 E1 2C E9 0D 2B 20 C2 2C F0 14 8F 85 E3 E4 2B A1 72 BE BD CC AE 41 86 7C 7C E4 DA 60 45 55 E6 56 E3 27 34 CF 19 C3 F6 00 5B DB 52 76 55 BF F8 DD 6B 4E D1 64 52 1E 66 87 76 F2 80 D0 5B D7 3F 7B 31 F2 60 06 8A C7 34 31 CC 67 ED 04 9E 20 88 25 C4 7B 48 E0 11 C4 AB B4 54 26 0E B0 40 90 28 55 1D C8 1C 13 5B 7F 71 14 86 FE 72 85 96 32 2F CC 50 3F 63 0B 01 05 11 59 82 35 6B 08 A7 97 8A AC 5A CF 15 EE 78 D2 8F 0B 03 07 04 1C E8 77 67 EB 09 F3 50 D0 33 68 F4 0B C3 3B A1 EB F8 3B F4 D4 1C CB 98 C5 79 E2 F3 B7 49 FD 6C E6 D5 CD A0 13 74 03 AF CB F6 A0 0C 3E B0 2E 20 6E 23 99 FB 58 99 47 19 91 33 AB 39 6A 31 B6 06 35 FA A7 08 37 C6 46 53 E7 F8 DC 8D 70 C5 42 46 70 60 AF 2A DE 54 21 DE A7 A5 FC 42 5D 5A 8B B6 29 D9 17 2F 07 7B 40 59 DA BF 5C 13 5E B3 5B 17 D5 1A CB C9 DC 28 C2 45 06 58 81 AE 43 17 F9 7D 38 C7 F6 74 E3 AC FF 70 06 92 1F 27 1E B5 B4 5B 2D 83 C4 27 3F 43 EC 38 C1 85 13 4C B3 83 BB FC 5E BC 2A 3D 8E 80 12 DC BC 54 EA 24 A5 C0 C6 AD 79 0B 21 61 E0 42 F3 45 18 07 AA 33 19 7D 0E 5D F7 CF D2 9C 03 D0 84 5D A5 8B E2 C6 A3 0F 88 81 88 E5 F0 70 26 AE 95 E2 3B 50 3A FF 5A 90 0F 35 06 44 E0 C3 40 6F E0 7E 2E 05 C7 24 ED 27 4D 16 D3 6E DB 55 D8 75 68 07 3D B4 FF 41 AA D0 4E FC 38 C1 9D 9E 53 F5 42 64 88 4F 4F 02 E7 1C 62 06 DA FE 15 37 48 18 CF 81 BA 88 BC 07 60 FA C6 7F 13 07 78 10 2E 2B 97 5E A5 BD 8C D5 C5 F9 D0 64 94 82 D2 2D 3C AD D5 49 59 9C E7 58 99 D6 4E E8 E7 64 A7 76 46 93 6A 0C DE AA 80 21 E1 CF C2 83 61 F1 D8 61 40 7F A0 97 6B AF B7 21 D5 6C 9F 08 C9 5A 8C 39 70 4D 73 E1 4E E4 BD ED F8 AE E2 6F 55 DC B1 D6 82 90 DB 8F 34 CB FE F0 DB DA 02 D0 8A EE C0 AF 62 B2 75 E8 45 90 31 49 F6 A9 86 9C FC F5 61 A6 9D 96 B3 05 84 A3 45 A7 18 37 71 2E 6E 75 92 45 E7 8F 3A 8E 6C 61 C1 A3 05 39 A4 5D C0 74 31 77 2D B9 64 5E 3F A6 9F 08 57 25 37 B0 CF DC F8 1E B6 8F 02 8E 68 3A E4 EB C5 F0 45 8C FD 68 4B D0 9C 0F CB 7A 8C AD 62 A6 CA 70 6F EF E4 DB CD FB 8F 5B 07 41 5B E0 6B 2A B1 77 72 01 23 07 58 AD CE 59 B7 E1 C5 75 09 86 B8 04 CF C5 A1 C6 3E EC AE B3 75 DB FA 2B 39 93 E7 7A C4 5F 82 12 9B BB 1C 0A 44 C0 72 94 16 3F 54 EE B0 B9 CC 9F C2 C6 9D F6 D7 59 63 AC 38 0C D4 5A 4B 90 3A 46 28 A1 46 D3 59 FD B5 0F CD 17 AE 52 0B DA 53 6C BE 3E 24 AB F7 6F E8 87 62 A5 15 16 4F B9 74 32 28 93 DF 47 62 12 44 00 8D 2C CE 47 12 3E F4 06 1D 50 0C 34 E9 1C 92 D3 9C EC 4B 02 42 EF 02 75 5D C3 AF 0F 2E 8C 49 53 7A 31 71 8D A3 8E E7 7F 35 51 65 BA 35 26 4E 1E 5D 18 41 72 1B 01 5C 73 3C 20 2F 88 5A AB 60 C8 AC 42 F0 5F FC B2 1F B2 6F 55 B4 23 FB A8 AE B8 6A CC C2 D0 37 84 AF B9 DB 84 CA 6A 4F 8E 02 D5 BC 95 8E 5C C7 80 FE 41 BC 27 CC 06 B1 28 8A 00 06 EF 95 70 17 5B D1 D0 96 C5 59 C2 20 C9 88 CA 68 22 97 48 CF 76 BD 36 5B DC 55 19 C4 36 43 D8 93 D5 54 21 D1 A1 72 CC F9 04 6B 8F 47 EC DE 9D A9 C1 8A 4A E3 6E EE 52 A0 61 38 71 68 BA 1D A1 7A CD B8 37 11 93 E5 64 77 C2 82 83 31 CB 30 A1 90 CC AC 83 B3 40 0E FA 09 B4 59 36 6B 71 31 59 E5 E6 6C A6 48 09 49 49 63 12 34 7E 77 BC 0A 0C 0E DD 7B 53 33 2B E1 FD 07 1C AE 05 3A E0 00 D9 70 A8 C4 3C 01 B7 9E 48 3F 4B 7B 25 FF 4C 0F D3 10 65 52 75 5A 66 C3 C8 91 AC 71 81 23 AB CF 09 A5 B6 27 B2 4E CE 1C 68 09 49 71 91 9D AE AF 59 3E 8D 48 E4 02 36 05 F2 96 18 BC E4 8E 45 75 AE D6 73 D2 52 9D 46 17 E4 7F 1F C9 6D A8 05 4D AC 4D 25 6E F4 71 15 58 E1 38 5C CA E5 28 AA 6D 34 F5 AE D2 85 BD 43 B1 1B DC 7E A4 84 20 C3 4E 9A 8A 6D 20 B6 6A 05 0C 5F D9 2C 39 ED 78 85 74 8E 53 0E 64 3F D2 D0 4D 61 F0 4D 36 0D A7 E0 0D 1A 9E 92 ED BB 8E B5 8B 89 EF 6F C1 99 D0 CF A1 36 6B 9A F1 88 39 B2 BB DD 9C AA D1 1F 75 4D 8A 4E B2 7E 8F 0E 5C 1A 9B F6 EC 7F 4E F4 5F 52 02 11 BC E0 14 AF D4 DF 03 E9 03 01 3A DF 99 41 B4 71 2F D0 AB E2 D5 BE 25 56 C8 DF 18 09 4F 0C 58 CC A0 FF 09 17 CF A0 A8 FE 23 A1 42 15 FC F1 99 92 F8 38 C1 E9 08 57 F5 87 90 2E E3 8D 41 1F 1E F1 41 64 19 91 28 B9 22 CD AC 71 21 C1 2F 76 21 C2 7A 27 C6 4F 43 81 12 1D 07 EE 84 F2 DF 7A 2D 0B 99 28 E7 CA B5 F9 8C D3 62 EA 40 B4 1B 3C 5C 76 63 FD C4 87 DA B4 3B 5D 27 6E 65 02 A0 D9 87 87 65 3F 61 88 55 CF 74 AA EC 69 60 AC 86 7A A4 71 0D B2 91 0D EC 73 D2 46 CC 88 1F CF E9 3A E5 81 30 32 A4 BC FF 0C 0B AC 11 F7 65 81 31 92 83 9E 02 E4 4E 3C 02 14 A5 0B 72 8F 4A 84 3F 12 82 81 EF 84 05 54 25 DE 9F 95 82 00 53 6D 07 60 FF 2F A6 1A 08 D2 B7 01 42 52 54 DF 99 09 D6 6C 1D D5 21 B2 66 A1 28 5D 92 68 5F 5D 27 28 D8 27 1D FB 33 89 FD 4E 79 7C 9E E1 25 98 DE 6C 6E 3D E0 83 29 99 09 59 16 C1 F7 8C E9 7D 55 22 AE A5 53 55 05 5D A4 10 C1 76 92 09 3D F4 38 2C 01 41 61 AB 09 B6 46 D7 34 0A 2B 66 79 B9 F3 3A B8 8A C3 B7 2F 65 D4 52 05 21 5F F8 61 BE 84 1A D7 A3 51 2A 08 32 78 91 5D E5 5B 6B F9 37 14 B7 07 1D 0B 3F 81 DE EC 68 EC 8C DC C9 C7 34 C5 C5 51 FF 41 2F 31 EF 8B 16 A0 5D BC 4B 68 8D 3A 2E 60 96 70 1F CE 68 35 82 4E EB 74 B9 80 AB E1 E3 D6 44 6E 1E E9 86 56 6F 07 79 4F C4 44 74 2C A9 37 B8 33 D5 DF 76 0B 62 7C 1A EC B9 D1 85 4E 19 C5 0D D6 54 EC 4A 04 98 F6 05 BC 26 AE FD 42 01 88 24 9C 7B 98 02 CF 6D B6 39 9E A7 78 5F 20 F7 6B 97 F3 50 2A 17 E8 2F CD 7A F7 C8 96 2F F0 DD 70 19 44 74 7A EE 8F 87 66 0C E6 D2 E8 BB 69 DD EA CD D7 43 E8 41 A4 AD F6 29 1D 89 13 72 01 67 87 CC 17 B8 12 49 5E D0 ED 41 F0 28 B2 46 F1 38 F1 4C 11 CC 6B 1D 69 63 CE 57 85 5D 48 BC 48 BF 30 AA E9 E6 31 6C 56 F0 72 A6 90 F7 5A 42 36 18 65 CF C4 11 B2 57 75 F6 58 97 39 70 E0 A9 70 E0 9C 5E F9 9A 73 8D 24 5F DE C7 05 2D 51 B8 49 41 1B 8D E4 B1 2E 2F 94 13 BF 2C AA C1 4E 7F 36 1E F1 B6 30 7C 9E F6 96 D0 4E 7A BA 8C 3A 81 0E FD 3C CD C3 FA 56 EB 7D A3 D6 E1 CE EF 44 71 57 84 85 C3 00 61 32 48 30 1C 3D 6A 3A B3 95 4F BD 1B C7 4C 09 BB C1 CB F0 28 35 0F 62 BA 74 5B 91 80 E8 55 1F A6 FB 5A A7 B6 1E FD FF 44 4F F4 36 79 DF 3A 2F 22 1E 22 65 56 AB B9 2F 0C 65 A6 2E 08 F0 DC 15 95 C3 0E 8D B6 78 5D F7 7B C4 E2 8E D2 5F 10 2E 54 B7 FE BE DE B4 00 82 D4 66 DD 5E 44 AE 4F B6 42 1A FE 5E 52 2E 6F 81 3B D6 50 5C 53 5C 84 11 DF 30 57 BE 98 0E FD CD 4A 5C D4 70 C1 E1 3E 95 FC 95 D2 B6 23 41 82 68 DC 76 78 89 80 94 83 CF A9 47 41 61 05 57 F4 CF C4 54 82 C1 AD E6 F6 16 72 60 3B 58 48 D7 56 5B 23 C7 F6 A4 46 17 6E 3D 01 03 B7 67 AC FE 36 F7 E0 11 DD 92 AB 2F B7 08 D6 B3 C5 39 16 5F A0 D8 00 B0 89 1A 72 64 6B C9 8B 60 5A 17 5F 73 42 F1 DF 1A 9A E4 46 3B 4B 1D 2F 0B 00 B5 83 34 EC DE D9 29 95 D8 8D DB 72 A5 A0 86 AE F3 CF 5D 94 02 DF 4A 58 E4 59 84 E1 8F FD 93 CE 6A 56 B7 69 A8 36 E2 4A BB 88 AD 11 23 F9 CE 1C E2 F8 6D 30 DA 8B 80 30 F4 DA 8A C5 A7 7D B7 81 A2 F0 FF A1 02 4A E6 2B 13 46 6C 94 96 80 AA B9 19 14 3B 66 E1 D0 8C AA A4 53 AE 50 B5 A4 22 FA E0 FB A2 EF 48 BE 9B 57 94 0C 5D F4 E2 76 61 62 2E 7B EF EB 61 D6 49 92 C9 3E 9E 7A D6 87 59 21 93 B7 27 F3 FD 5D B5 E1 53 F7 5F 91 88 B3 58 DC BF 8A FF 86 B0 18 C4 62 01 54 09 BF B9 B2 35 B9 58 A4 EF 96 FA B0 AA A2 34 3A 60 33 D2 AE D6 D8 1D DE 43 25 76 2D B2 B3 5E 52 D2 78 F1 4C AD B7 22 6D ED CB 99 0E 59 06 D0 ED A7 FC 16 BA A5 FD 78 DF 86 71 BA 25 E6 3D 16 05 76 98 FD 67 C5 24 04 FF E0 1F C9 76 CA A1 74 C4 2A 5F 91 9E D5 AF 55 8C 26 BC FF 66 32 26 94 EB 92 38 21 8B 8B 82 0D 2B A8 94 2B 56 A0 09 B9 17 94 E9 FF 31 A3 9D 56 34 8F DF D2 68 ED 5F 38 E8 56 AD 03 52 8C 2F 6B A1 B2 1A E1 FE B1 D9 60 AA DF 03 5F 10 F8 78 F2 E8 49 57 CB 74 47 E3 09 90 FB CD C5 2B BE C4 63 A0 30 8E 27 CB 4D 46 D8 37 CC B5 E6 F3 A3 48 73 B8 55 A7 51 23 56 6D B3 47 59 DF CB 99 B1 39 7D 4A 4E 62 86 4D 14 62 88 B5 4A A5 45 20 46 79 76 2E 6D 30 29 83 67 6D DB 74 33 E9 78 95 91 C9 35 44 DE 11 07 83 42 63 37 A7 4B DA 68 0D 8D 25 B1 97 38 51 2F DD 40 34 B8 D5 83 6F 38 C6 77 F0 5E 4E B4 FF DA AA 06 DC A0 C1 D2 D7 DF A7 FF 5B D6 49 52 28 59 E6 87 13 88 D1 7E 02 92 6A 28 50 82 C1 0F 82 EF 16 B7 10 88 B0 C6 36 97 8A AB AF 2E 6F 5B 1A 7F 23 B5 A6 53 99 17 24 D2 20 3A 23 54 01 F1 28 8C 18 7F C1 7D F3 68 91 78 CF 67 AC B9 91 19 C5 9F 8D 77 FE 54 0B 4F 79 22 62 F9 A4 A4 4F 97 20 93 28 06 75 C1 49 0F 5F 40 18 20 23 3F E8 F3 40 C4 6B 50 41 86 9E 5C EE 18 FF 56 D3 4A 71 45 56 97 E0 D5 EA E2 E3 64 4F 6C 5C D6 38 0A 34 0C CD 23 E9 0C 74 75 EB BE 4C 2E A3 41 B6 0C 61 0C 9E BD 64 6A ED 7B DC 5B 76 E4 19 AF 73 2B 15 63 4A E0 70 1A 30 16 F0 AF C5 96 B0 B6 0F A0 95 BF 14 A0 96 CE 16 80 4E 39 5D C8 C9 B9 1B 11 6C F9 DC 11 20 45 06 89 AB D2 89 B2 BA 4F 69 C2 BA 2A 9E E1 51 E4 7C 84 1D 11 89 A0 58 34 BD 09 24 15 FE 82 7E 15 BD 63 75 52 BE 42 6F 73 F2 D2 F6 37 C5 FC 47 DA 11 F2 ED B6 1E 2E 80 9A A1 6A 1D FB 40 CE 58 06 0D B7 56 13 BC 32 0D D1 88 C6 02 DC 34 31 67 69 07 E2 C4 CC D8 24 26 DD 3B 21 8E A0 1A F9 3A F6 EB 12 1B 0A 32 E3 DC 4D 6B 1A 88 AD C6 92 8B 86 E7 41 6B 25 B4 74 AE 12 B3 96 A8 DC 57 D3 88 3C 63 AF 88 03 50 79 21 77 50 C7 E7 B7 3C AF 7B D2 D1 AD A5 B0 43 13 B9 F2 5B 09 07 02 6F 8B E2 F4 41 D7 A3 B0 F2 DE D0 C2 4A AD E8 54 6E 2A 82 DC 6B 02 A2 97 9C 70 80 1E 4A 6A DC 95 45 89 56 CB 40 20 EE 7A 01 CC D5 AC 3E D4 17 8E 4E 26 14 BC B7 43 C6 FA 8D 00 85 92 E1 2C FA 42 43 BC E1 6E 0B 61 8E F8 F1 36 DB D6 2A 66 43 B7 15 13 36 D1 AE 27 61 65 3B 82 65 21 58 6D E8 9F 85 C5 93 0A 61 73 B1 07 71 C2 3E 12 6F 17 95 73 F4 22 87 E2 66 1F 24 49 DD 79 ED A7 FF ED F9 D7 02 DB A3 1C B9 B6 AE CF 1B CF 5D 6E A4 DB 09 88 35 1D 81 FB E3 89 19 FE 8F C6 0E CB 54 7E 0A C6 46 E6 F4 DB 41 94 D2 1C 2E 84 B0 DC CA 75 83 73 15 E3 97 84 04 5C B7 6D 2F B8 5D 3C 43 38 8D E9 30 31 8B 6C 49 F7 5C 04 E2 6F 99 77 2A 38 48 2E 15 AB A0 52 F6 B4 1F F4 A6 6C 03 22 FA 04 D0 55 01 C5 09 86 DC DE 4F 81 1F DF 4D 7F BB 41 92 FF 3D AE BE 31 95 5B 90 25 1D 00 4C 43 C0 F7 64 98 55 92 53 5C FB A0 73 EE E5 4F 77 9D 5B FA ED 20 90 32 0D 68 5D F2 5E 78 E9 30 17 AF 47 A1 17 62 9B 20 77 34 A3 41 57 2D B4 47 90 E7 DE 8F 24 7F E3 D5 EC DE 57 FF 82 F8 2D 93 00 7C A2 A9 C9 A3 5A C9 BA 17 41 16 7B C5 3F 54 C4 D5 6E E7 25 BC E9 A8 AA 87 93 54 7B F0 8D 72 34 31 1B 13 07 A0 4B 6D D7 7B 3A 3E 60 FC 13 1F 24 EF AD 9A C3 22 7B 18 5C E5 C8 3E 69 60 41 AC 62 A5 55 3E 21 68 B6 4C 5F C6 6B 96 D3 44 84 3A 9C 79 E1 94 D8 0C 9C A7 EF 54 BC 3E E8 7F 46 92 FB 5F 66 FC 76 03 1C 9F 04 B0 51 64 C0 01 D1 FC E8 33 5F 06 7A 2E 2E D1 4E C9 E6 1F AD 9D 65 A3 56 8B D1 30 C0 D9 46 4D 31 9F DC 5C B7 45 82 B6 C9 0D 2B F2 7F 2B 12 A8 AE CC AF F4 85 17 E5 47 8A 27 E2 35 A5 7E A0 9E 1B 9E 69 C1 A3 FE AA 94 20 DF 37 C2 2B 11 3C 80 BB B3 39 5B 6E EF C5 F6 AC DA 96 A8 2F 10 98 99 58 97 CB 2D B2 F1 64 E8 97 9C 71 AB A8 F4 2E E7 6E 00 CC D9 96 6E 2C 0F 22 D9 D4 9B CE 98 DC 7A B8 44 53 0E A7 C4 7B A7 C8 1B A1 D8 5C A9 30 A9 F9 7C D1 BE 28 9A 16 21 C7 55 58 06 8E DD 4B E3 F0 EB DC 5E 05 4F 54 F5 54 9A 90 C4 81 96 E0 D2 17 5D 2A 21 FB 46 03 54 64 1A E8 AC B5 D7 89 23 6F 3E 37 A4 A6 86 EA DD C5 B4 41 DB 62 CC BE B0 F4 3A BB 3B 3A 71 C2 17 8A 9A A2 60 C0 E8 9C 3F A8 5C 34 D7 CD A6 D8 FC 4C BE FF 58 35 75 52 4C 69 94 0D 9F 51 6B 2D 4E F6 14 24 54 0E B4 F9 49 45 AA 39 15 91 AA 5F CA A4 D4 1A E4 4A A8 7A B9 1B 24 4E 79 A6 8A 2A 17 C1 0E D7 28 16 2A 33 C5 E6 A2 D2 7A E7 F2 0B F2 77 17 E5 ED 6C 8D E4 09 4D 89 1B 8C D7 0B 24 5E 78 4B 2C 04 65 87 1C 13 4F BD 15 23 AB 4C 4E BD C6 46 AC BD 41 E4 E2 C2 11 32 2D EA 33 80 2F 36 D1 A2 5F D0 BA D4 0E 88 DF 8C 2F E4 31 B8 A6 77 A4 73 8A EE D3 4C 58 B1 2F FA 75 CD 22 79 DE 5C F8 42 BE 6E 14 47 30 7F 91 FF 49 7B E9 8D EE 1A 6E 03 48 77 5B E1 91 61 07 BE 78 F7 05 B7 29 06 F4 73 19 3D 7A 8E 13 1E DE E2 1A FF AD 80 9E 2F 3B 84 09 2B 69 0D DF 56 21 3B B9 2E 45 D8 81 8F 4A AF 4F 81 63 5F F5 E1 68 1A 60 E3 80 5D AE DF 23 7E 3D FE 2F 72 9B 86 B4 C0 BC C4 83 0D 54 69 A9 85 E2 82 44 62 F0 D0 C1 3F 27 C4 58 3A 2F E9 CE D0 50 40 85 28 DC B8 8F 90 E7 BB 02 59 FE C5 54 D0 48 AB 0D BC FE 95 E0 6B AC C6 41 9C CF B0 60 C9 BD C4 3B EF 22 B0 DE CB E1 85 12 8C 3D D1 D4 87 CC 58 BF 72 C8 9A 9B C1 68 47 7C E8 FA 42 1E 69 F9 BD 02 B7 A0 CA F5 4E A2 8E 56 2F 45 98 45 D8 51 8A 99 29 38 28 9E A6 46 2B E1 6E BA 85 55 71 3C A8 26 37 6A F8 A6 B9 A1 23 E3 01 56 5B 6F 4B A5 9F CF D2 F7 01 73 27 0E B7 F2 96 D2 66 B7 2F 33 DA 1D D0 CF 9E 62 1E 11 25 2B 9E 71 2A 20 D4 C9 DE DE CF 6A F7 08 29 D3 EC 2E 13 08 00 4F AC 98 1C F5 CF 04 0A A4 C9 F8 73 14 88 42 99 F9 A7 A2 CA 2F 52 9B 57 EE 10 C7 48 13 3C 31 75 F0 F7 DE 45 A9 F9 52 85 86 AD 22 8F 68 AB AE 03 DA CF BA 90 36 F7 30 38 04 3D E0 A1 48 49 42 89 06 81 06 A0 14 73 9A BC 1F 87 52 43 43 DE 28 10 59 F1 E6 4C 7B C9 0D 05 38 E8 79 B7 FF AC 56 8C 79 DD 05 1A 0A 9C 9A 2E 73 76 99 D2 49 69 1A CC A1 69 D6 B8 56 E3 FC 7D 98 CB 26 30 FF 6F BE 3B 35 38 F9 18 F9 3A 50 E1 5F EB A0 59 0C DD DD 19 9E 51 19 28 83 12 FE DA B8 3F 79 2E E0 E9 DB D8 57 81 AB 49 3B FE 7E 5B 91 E4 2F 9B E3 A7 95 D3 B7 D4 59 E3 B7 91 CB 30 EF 99 63 12 25 BA 95 5E FB 0E 85 99 B1 17 23 54 69 FD D2 5E 91 75 C2 94 98 A9 39 16 9C 7D 77 9B 9F 0E 79 24 42 B2 1B 92 CB 07 B5 3F C5 14 96 BE 4B AE BC 7F 99 EB 9A D6 69 67 34 EF 1B 1D 8C 2A F7 42 5C 0D F2 AF 4A 20 63 BB 2A 06 64 E3 F2 86 B2 C8 B4 94 28 35 E5 8A 30 AE 4E 73 F5 BB 98 B3 12 B1 31 6C A3 01 2E 25 97 9E 73 89 CA C5 6E 64 92 FF 78 A2 BA AB 81 AF 06 9A 4E 86 B4 35 C5 F2 BF 70 9D BC C5 49 F6 CB 1D 24 E7 2F 78 C6 99 58 3F 32 D4 6F E0 CE 4A 1D 2C CC B3 DB 5D 05 B7 43 3C 70 F0 9A BF CC 86 9F 60 59 C7 56 9D D9 EF 7C 34 96 8B CF 15 F6 C6 F0 82 36 74 01 E8 C2 21 4F 03 AA 49 4F BB FA 06 1B 27 04 E5 BB 0C B8 1A C7 78 05 29 2F 6D 23 5E E7 EF 5D F1 FD 77 45 C6 F8 C6 0C 03 F7 53 BD 1F 4B BD 46 F2 72 98 7C C6 52 B0 3F 58 53 86 AD C5 5D AF B6 B4 E3 3F 51 D9 B2 41 C3 AD 7E F6 F8 64 16 74 4B ED 7C D8 C9 43 03 D1 16 C7 6B BB FF 86 E8 70 ED 2A D3 CA DC 6D 5F 4D F7 7F 64 7E 7C 1B 19 D3 04 5F E6 C0 C1 80 FD D5 8F 9F 7F 86 FB 78 43 C5 90 04 87 7A EB 7F 19 3F 23 AC 1D 59 51 19 56 DE 7D A2 A9 93 6F 16 D7 63 12 B6 E4 83 4F 21 ED C6 B2 51 17 CE AB F2 BD E8 62 3F 3D 2A 04 9F 89 0F 4D 1C B9 57 2C 47 E6 A8 07 E6 FC 53 0F 5D CD 5A 53 BF CB 96 BA F2 42 C0 60 E3 1F 5D AC 87 F5 89 3C 10 A3 F1 18 05 85 75 8C A2 35 C7 E4 F3 74 C5 08 B2 57 0F ED 46 EB 04 5C AA B2 60 96 19 00 16 E5 5B 45 58 1B B9 D9 66 2B D4 6A 04 A0 B6 20 37 61 A0 63 AC AC C7 03 18 B9 29 8B DB 5A 34 05 5F B3 69 A2 03 FA 65 59 21 8A 00 33 9D 7F AE AE 0F 86 CD AC 13 64 DE DC BD 49 C3 A9 8B 4A AD E6 13 1D 99 6E BD 38 37 41 88 34 3E 2E 43 DB 2A CD 06 F9 09 FE 52 DA 9E 60 ED CF 70 27 9A 1A 07 54 AD F8 2B 2E 22 94 22 B4 F1 84 35 2C 1D FE C3 F1 B4 8F 54 11 28 74 37 3F 60 BC 59 DD BE A3 4C 6D A4 36 19 5A E0 E1 F1 EC 65 2C 2B 2E A5 62 48 67 B8 5A 28 25 F2 25 E8 F5 06 3C 52 8B A5 59 40 B0 37 1F 86 DF FD B9 24 71 4F 2C B7 62 C0 52 98 27 38 61 67 78 37 91 71 BC D1 C7 50 E9 FE 2F 23 2E 26 7F EB 96 D7 86 67 13 46 F9 13 3A 0E 5A 76 D3 12 4A 52 05 4A D5 C9 97 7D 02 9C EE 5D 00 A2 B2 DE 3C 40 5E 4F 82 DD C1 C9 F8 77 89 9F FE 96 84 4C E9 62 26 C4 0A D2 1C E2 7B EB 1C ED 9C 34 5C 44 47 CA 26 65 A1 B3 78 5C 99 71 43 BB 11 D2 DC 75 9E 55 B3 17 1B DA C1 9E EF 7E 55 84 4F 8F D3 A5 14 B9 4B 40 6F A2 61 41 3A E4 7A 5E 70 D1 94 1C C9 D1 F3 FB 5C 72 3C 7D 81 4D B9 16 E1 D4 4D 9A 06 CF F0 69 E8 7F 2B 3C F6 59 8B 90 00 A3 AA 75 DE 21 ED 83 0F 80 48 2E 40 97 C1 EA 33 CE 2D 81 94 53 20 87 E1 98 2A A3 85 89 18 76 D8 14 B6 8C D1 8D 73 84 24 90 3E F3 A4 95 6D 43 48 B8 2C 4B 49 8D 9E DB 4E 6D E2 AD 24 AD 97 99 48 EE 9E 8B 33 0C 44 1D 30 6D 24 62 D4 4E C1 B9 D7 2C D5 6D 28 96 3E 25 A0 FE FA D9 E3 D1 16 DC D0 C5 21 AC D0 F8 52 C2 D6 EB 84 7A 4C E6 3B 58 D0 D0 82 0F 49 D8 97 68 7B 64 E1 12 F2 B7 A6 D0 B3 01 03 05 0C 30 AE FD E8 4E C3 00 99 36 DD 7F 10 30 52 17 DC 1D 18 22 50 FA 4F 1A FE 82 A3 F8 3D 56 3B 4D CA D1 00 DC 8D C4 7C 1B 7B E1 A6 0F 32 A1 10 9B 28 A2 C0 BD 39 61 0D 49 22 31 15 AF 1A 33 29 DB B3 E0 65 AA 51 3C DE 4C 5D 22 B0 BF DE F4 89 50 C5 19 AC 95 E0 3E A1 42 60 58 8C 17 37 94 8C 68 83 98 35 3F 62 65 1E AC C2 B3 9F 56 77 D7 42 F5 FF 61 B1 F1 F2 10 F1 68 DB DF 87 5F 73 33 3E DF 5C 38 C4 E9 1C 65 2A 2D D4 1A 0C 83 FB 6C 91 31 C3 D0 6B 7D CB 95 BF 6E 6E 7C 3A 45 0F BD F2 3E 27 40 98 C1 9D 53 63 3A CF 7B 6F C9 D7 4F 79 FE 29 B0 DF 90 9F 65 51 94 56 16 76 1C 30 3A A8 B5 C2 FF 6B C0 0B 92 76 CF C2 00 3B A7 09 69 C4 55 1A 4E A1 0C 37 1E A8 A1 B1 43 01 7D 79 A5 99 5A BF 0C F6 45 8B 6F B4 26 FC 81 81 A4 FF 4A 55 C5 7B 5A 0F CD C9 C3 3C 3E CB 09 44 83 62 2A 3E 8B 14 A2 6B 11 55 C7 08 6D 8B D2 25 FE FE FF 36 4A 28 7E 66 1A FC 13 F7 70 83 69 9E D3 E5 20 E0 3A D5 3A 98 FF BA 6C DA 35 73 E5 C5 10 96 EA F4 75 CE 3E 12 97 62 5C 8C 81 71 F4 45 8C 7B AB 0F ED 53 5E 9A AF 0E A6 15 F4 5E B3 A2 D0 35 28 0A 2F 8A C4 2F 86 46 53 79 A8 0E 82 79 53 AF B7 37 A8 CC C2 9A D3 41 B4 C3 31 08 95 04 6F 99 EC CA 1E B9 19 67 9F 2D 5C E6 F1 FC BE EF F0 83 5B CD DB FE A1 DF 7B BB F0 3A A7 50 B8 C4 64 37 F2 DA 5C E0 79 86 9D F9 75 86 F5 2D D4 2B 4A 29 2E CF 9C 0B 96 AE C7 92 F2 91 65 35 71 37 31 33 FF 3D DD E8 5E CB 6D 4D E2 F3 49 E7 1F 89 3A F2 FA 42 A6 8F E1 9A 5B 02 E5 BE 78 1C 03 53 12 D9 12 90 6E 6F 98 0E AB 54 54 29 72 67 73 75 F5 FA 6A 63 16 4F F6 07 B2 6D 43 5B 90 3D 68 17 98 63 F0 2C 3B E9 CC 56 37 3E 8A 54 C7 B2 34 92 96 C8 5C 3D A7 A4 8B F7 7B D4 B5 A0 77 61 EB 7E D8 80 E9 F4 BF E1 94 99 71 BA 35 BC BD 28 05 F6 1F 57 2C C2 09 E4 BE 34 F6 A7 81 A5 A2 A7 9E 72 8A C6 FC 7E 51 6F F3 42 B3 80 37 63 30 88 4F 64 55 22 75 A7 A3 02 45 46 33 26 67 2F 56 FE 04 F5 60 48 C6 45 01 D6 0F FC 30 9E 99 76 FE F7 93 1C E6 71 EF 69 63 DC 01 5D 56 C3 08 2C 92 30 AE AF 70 72 53 3D DF A1 B1 9D BF E0 01 26 6D 8A 09 DB F2 42 70 25 E9 B5 95 01 F0 60 F7 5D 45 E0 74 87 00 FA 26 B9 2C 52 C8 F7 13 10 DD BB 1D FB 2E 23 D4 70 92 43 FC 4C A1 A5 98 40 DC 07 F4 32 54 8F 00 75 BF AF E9 84 0C 57 54 BE 5C FC CF 97 F4 8E 78 B5 94 93 9E 9A 9D 73 7B 3E 7D BC 36 43 06 BD 30 9F 47 9D EF EB 03 C0 9F CD E7 DB 9A 4F F1 D3 58 65 E6 B4 62 23 1F DF 5F A7 43 1C FE 3A 68 B5 D7 15 2B 02 1E 86 C6 4A 5A 51 BE A3 FF 81 BA 9A A5 27 EC DE 12 33 05 C4 71 B3 F2 B6 D6 88 77 82 C2 20 8A F2 FD 56 55 F9 EE 58 EB C1 26 A0 17 CB C0 0E 25 55 A1 17 22 B4 53 4C 2E F3 17 E8 11 06 60 2E FA 8E 81 12 72 89 C9 DF 32 21 5F 25 7F 59 4D 4A F9 31 F7 16 F0 78 5D 77 6E 44 B7 1D 86 36 E3 4D 5D B4 DF 15 F1 E3 81 B6 0F 37 60 8F 0A 2C 23 45 52 AE A4 44 B4 EE 28 DD 79 B9 AA C0 BB 62 FE 2A 10 05 54 16 3D E1 04 7B 37 0F DD 77 85 65 D8 83 [Binary data over 200 bytes]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 3212083974 = 50 4B 03 04 E8 34 CB C2 06 83 74 BF B5 11 00 00 00 40 00 00 86 87 59 DE 0D 38 6F 5A 8D 9B 08 42 FE 93 3C D0 49 37 40 E3 B2 9F 97 4A 32 9C C8 EA C5 52 2F 50 DE E1 47 63 15 72 F2 70 08 0E 76 22 47 46 DF 9B 0C D8 04 1C 90 B5 DC D1 F7 F7 28 BC 2E DE 42 4A 05 87 0E D5 B9 41 05 4D 5B E6 2C C7 25 9B DB 67 23 69 D6 89 B3 61 CF 72 8F F0 B3 CA CB 48 3F 7D 3D FB 51 C4 98 FF BF F1 4D 7E 58 06 04 87 E6 B3 AD 5A 11 DB 96 EA 85 84 07 C6 97 A3 EE 06 35 5D 0A 5D 02 E2 2A E1 BA 4C 53 E1 88 F8 61 7C 14 F3 1A 63 36 7E 54 0A AA 01 B1 EB 67 68 43 52 7B 71 ED 92 78 F5 CA A8 89 5D FC E2 96 4A 95 8A 43 B8 21 BB A0 2F 84 BE E7 C5 01 C8 F4 00 2F 88 ED 46 35 04 21 27 E6 44 DB 9F 41 46 63 C7 27 96 34 7E 2E 97 A9 7B 21 5B 36 A7 40 D3 EF 37 1A 86 B2 C4 CE 68 3B 59 A6 ED A3 5F 86 A7 6D F0 E6 7A 4C C2 2A 46 2B D9 8A 63 E6 3A 97 A7 45 56 3F E7 CD FF 53 86 B8 BE 9C 0B 63 F4 88 9A 27 BC 24 90 8C 86 AC B4 47 B4 3B C5 47 12 3C F8 F6 59 0A 5C C3 83 3A EA 4E 25 0C 6D 65 19 13 22 C1 C4 02 6B 0A 3D 6C F9 58 EB AA 7D B2 58 E4 42 02 D1 69 AD D3 1F F1 59 F2 5C FC FF 0C D2 7A 29 7F B7 F8 35 A0 5E 9B B5 28 86 FA FC 6B AC 2E 10 03 CB 8C 46 81 85 A3 AD 18 5C AE 9E FE 9E 1C BE 79 C0 B9 63 78 A4 46 00 E0 26 91 38 D7 E0 C1 B5 25 2A 5E 35 A6 42 F9 D0 50 DE 29 49 24 9C 48 76 51 3F 18 63 87 29 7E 24 86 FF 36 05 EE FE D0 16 ED 95 30 68 6D B3 DA 00 52 53 C7 5E 29 9E 33 EC C4 CB 6C BA 85 EE 7F F3 57 2F BD DE 9E CE E4 6B 94 52 C6 C8 B3 44 23 E8 F4 81 21 86 C3 36 39 12 D5 32 16 6B B8 A9 CD 57 A4 45 3D 20 2C 57 99 25 E0 3F FF 40 5B 10 A1 CD 0E 8B EF 6F AC E1 D2 7C D7 52 70 A6 40 F4 7E 10 4F E8 CE 41 00 F0 38 04 E1 34 ED 37 DC 31 D7 68 0F 2C 72 D0 2D BE D8 EB 77 D0 8C A0 11 B1 3C 3E 34 35 1D 10 7D E3 84 3A DE 58 B4 9B AB 78 AC FC FB 34 97 9B CB DF 3F 22 26 BB D8 F8 8F 89 4C 3C 25 74 D1 91 60 56 D0 DC 43 0B AE D7 2B 9E 80 45 FE 43 2F FB 90 F5 DA 5E 33 0D 80 49 E6 24 03 88 55 99 AF 01 07 41 B1 C7 8D B6 EC B6 00 D6 4C 00 3B CA F4 5C 16 1B F6 A3 74 6A 16 05 5C 08 8B AD 43 3D 76 CF F9 8E 4D BB 73 D3 DA 9A 78 DC EF 3D 4C EB 3F 5B B3 55 73 59 87 F5 95 4A 12 F6 C1 66 89 B1 49 91 A4 3F 41 C3 0F CF D0 8E E6 AA CB A0 89 E2 BC 74 00 E5 D9 AF DA 38 33 BD AF 8D 29 58 48 93 C0 00 78 B9 2A 62 7B E0 FF A5 F4 56 22 E4 94 A8 27 E8 2F AD 84 37 CC CF 92 FF D1 9E DE DD C2 08 CB EA B4 D7 BE AE F4 F8 CD E9 45 43 DF 78 7C A3 7F E9 97 39 F5 E1 58 78 C7 2B FC 66 D8 94 6E E3 7C 25 60 A6 93 1B FD F7 80 B8 A7 A8 19 86 EC 01 11 51 3D 61 E8 E9 C6 21 E5 5D FB 32 55 21 61 96 01 97 8A 12 EB E4 10 54 B9 FE 76 0A EF 6E 47 EE 81 13 33 D9 CC 27 D7 C3 79 F9 E8 9C 6F 69 F7 AA 55 60 76 05 05 EB D8 E5 2B B4 31 BE 19 32 6A A1 58 4C 55 57 00 84 2F AB 93 E1 E3 7B FD 21 CB CC 6A E1 D9 7E 4F 3D 74 04 29 75 AF AF 59 E6 14 CE C8 D7 21 4A A5 18 E0 A6 5B BE 4A 10 00 04 08 BB A7 F8 10 C7 13 5B 3E 75 BE 88 F2 02 8C 11 0A 9E DF 36 D2 80 14 5A 24 81 A1 31 AF 02 A9 E6 3E 11 CA FE B1 8A 1E F4 17 55 47 80 CC 55 F6 A0 60 E9 76 9F F0 63 06 0B 49 78 A3 E9 C2 18 6F 63 7B C9 8A 16 49 41 0B 47 AD E1 38 91 18 3F 25 7A 40 CD E8 E3 B9 8A A7 05 E5 19 B9 04 FD 15 87 CC 33 83 DC 29 A7 E1 C7 54 AB A9 AC 13 FB 0B D4 C9 80 89 D4 9B A9 DD 3B FB 98 F8 56 58 30 D3 35 9A 46 DF C3 ED E4 94 87 1B 12 96 F8 BA 91 E9 C0 6F E0 2F 30 11 D0 43 3F A6 25 97 B5 38 6E 89 82 31 6D 3F CE 8D B0 6E A4 C5 A0 CA E1 74 A4 CD 41 AC D7 9C 90 92 1F 72 0C 4C C0 6F 47 22 58 C1 6A CC 20 F3 44 54 4F 1F 75 30 AC 47 30 B1 20 57 93 11 4E 09 3E 96 D6 C7 A9 A3 44 A8 D1 72 FA D5 0E 45 79 D2 3E CE 46 1E D1 9B F0 51 40 0E 3E 3A BE E2 02 C8 E7 37 EB 66 EE 41 BE 22 9A 89 36 DB 17 2B E4 79 E6 FE 21 AE C2 99 4E D8 55 6A 5C 1E D0 FA 10 74 2F 87 96 64 F2 7D 64 59 F8 CE 3B 36 FD E2 E9 F0 DD 8B B0 52 01 0D 44 5B 0B B2 17 4D 01 96 DE EF 0F 38 E5 D4 E5 DD 3A 0B BD BC D7 F8 18 9E 62 4F 39 6D 00 19 7A C1 DA EF B3 10 B1 57 B2 C1 5D EB C9 B5 EB 3D 25 F8 0B 29 E0 46 C3 60 8B 0A A2 00 82 93 89 6C 6A A7 41 AA 6A 6A F2 FE 7F FE 68 76 B4 86 0F 57 7B A2 74 AE CC 8E F6 22 4E F2 6D BF E8 7D 50 2F 22 56 5B 34 E6 79 E5 DA 43 CE C0 68 1D A2 7E 92 06 25 AB F9 7F 65 AA 2F 7A A6 5F 82 FF 2C 5B 26 A4 CF A9 5C 17 F8 A2 46 D8 4E 55 50 36 38 85 D2 ED 28 4D CE 5F EE A5 EB 8D 01 9F 85 F1 CC AE B6 27 91 96 E4 40 67 BF 8B 7A 9D 56 33 B0 AC CB 79 52 7C 91 33 18 9B 41 00 75 B5 CB 7E 91 90 C6 8F 0E 63 BF 68 6A E7 F5 08 34 D7 30 29 10 C5 43 23 5F D5 DA 2D 1A 61 E3 17 E2 F4 93 61 F3 04 78 03 B1 E4 DF 4A 65 C5 FE EA 96 17 7B C2 A1 78 E0 50 8E AF 81 42 38 8C BC 1D A0 BC AB A4 DF 9D 62 83 5B 22 F5 CA 34 8D 33 5C CA E7 0A B0 2F 71 1C 95 1F 41 D2 7D 76 F7 FF 5C 76 29 DD 37 21 AA 95 FA 90 64 B1 B5 95 72 C6 5D 72 11 54 8D 26 70 8D 53 19 64 E9 C4 0D 29 1A 3D 93 FE 63 C1 7E D0 2C A0 9C EE 13 4D DC 3F 6C B0 C3 7C AC 98 83 28 9D 43 76 47 6A 03 A8 72 BB C0 F3 1B 1B B8 08 05 B2 3D F9 85 93 AB 0B DA B5 23 40 BD A5 52 FC 20 97 FA DC F1 F8 83 DC B0 BD E0 9D FD BD B6 CB 8F 2D 09 46 C9 94 C0 A0 9A 45 85 25 87 3C DE 2B 26 39 5B AF C0 BE 80 64 42 47 0A 45 90 B2 A1 3D 14 E9 C7 14 14 E7 56 C5 C9 7D D9 FE F8 6F C5 54 32 4B 2C 5E 7C B1 9F B8 5C C8 42 8E 07 22 67 9E 68 CD 0B 0C E0 83 2F 96 60 C9 1F 68 A9 8C 09 A0 F8 05 6F 7E 58 45 02 EC B2 F0 89 57 5D 4F 42 F3 2C A9 F9 14 B8 5C A4 85 93 ED D4 DE F1 7C 04 6D 40 0F 59 06 8F 01 26 4E 98 82 D6 16 FF B4 D7 B7 AF 56 09 90 B3 43 1B 3E 2F B4 E8 86 BC 4C E3 4B 16 E0 22 A8 67 38 7D 66 DE 24 16 A6 16 7A 9E B1 30 98 04 3D 12 85 87 31 8B FB E0 1F 6A 00 1F BF 21 2E C0 B9 D2 0B C8 70 E7 42 30 D5 A6 4F 16 33 C6 65 8D D8 22 C2 FF D2 83 27 61 AF 18 11 22 FB 6F 74 81 47 20 E3 65 19 15 8B A8 20 F6 74 45 71 70 D7 D0 51 D7 40 0D 93 9F 46 41 7A 10 83 BA 1B 83 8F 24 C6 FB CA B2 2D CD E1 5F 83 BE 8D A6 64 15 16 DA 9A AF BF C6 97 D0 0D FC A2 4B 90 53 2D 73 11 17 36 58 6A 15 3C D9 A1 08 AE 84 A1 16 16 3C 99 E3 43 AE 83 D5 66 2D CB FC 26 32 C5 9E 20 4E DA AC A9 16 F6 66 BD 8E 1B BE 72 88 4A 93 F3 1E 8C D0 24 EF 14 38 3C 42 81 78 5E AE 11 F3 6F E0 EB 7C 1C E0 CD 7D D9 65 D5 2B 72 4A D7 27 96 8C B2 25 11 30 2B 5D 8F A1 42 12 AC 45 CA DE B7 AA 6D 51 A1 20 AB A6 06 DB C8 3C FB F3 1A 78 5E 46 50 94 72 9B 6D 2E 4B 33 FC 6C EE 3A 5E 49 62 94 E7 F8 54 34 B2 E7 C0 81 46 FD 73 36 C5 9B 18 7F 73 E6 38 66 74 D3 04 62 E9 37 C3 18 17 82 92 8D D3 8B DF B8 C6 6B 20 49 69 7C 76 82 BB FC 15 C2 DD 23 86 FE 5C 21 9A 32 40 CB 07 61 11 28 9F 68 89 33 C2 4A B6 F3 D9 34 19 70 26 7A 7F 85 6E 92 6C 2C C7 06 38 F7 1A A8 A7 E0 3D 39 3D 26 92 F6 7E BE 2C 0C 96 AD 2A 73 72 2B 66 99 16 A0 22 DA DB 43 D1 D1 90 70 E8 E4 FD 42 BF 99 2C 4C BD E1 27 EE 28 25 B7 71 82 66 22 7A 29 B5 E0 C1 B7 DA A1 96 23 A0 19 F1 AF 08 CC 9D C8 54 45 76 8E B0 71 08 57 1D ED A9 C6 7A 17 A5 C5 A1 29 EE 53 B7 02 34 C6 10 FE F7 68 3D 0D A1 AE 0B DA 77 0E B6 14 10 DE DF 5E BE B3 84 4F 48 B2 99 4E 57 43 F9 97 17 DC 69 7A A7 70 11 AA 36 BE 4B 1C 68 D1 41 06 21 84 EA 88 A9 77 DE 59 F0 2C F3 8D D6 51 18 47 78 85 5F 1C D4 0F B2 D4 41 3E 77 54 BE 76 5F 92 81 65 CA C3 14 18 67 DD 1A F0 63 0A 3F BA BC 78 1F B7 C6 36 7C A8 DA 47 91 B5 A5 B1 AC 2F F3 11 86 94 C0 2A 99 6B DE 2A A8 2F 7B 4E 68 81 CD 32 56 66 95 F9 F7 BA C9 4B 54 62 21 8E 0D 21 86 DE A5 1C 2C 33 96 B1 49 5E 0D 4E AA F1 87 D6 12 22 A1 B3 31 A6 91 F9 9F 1E 04 0A 27 51 F3 14 72 71 D1 7B 9C AB DB 17 77 28 FB 95 D2 1B 68 AF E5 A8 A9 95 F3 5E 5F 6C C0 71 A9 C0 CC 64 C3 E5 B2 4F 17 68 9E A1 59 35 66 04 C5 14 94 9E E0 DF 33 D3 33 30 FB 5B 50 BD 05 C4 64 62 09 BB F6 0C 4B CD A5 21 CD ED A9 7D BF 59 EE 18 6B 8F AC 2F A8 FE F4 E9 A5 D2 8B CF 44 7D E3 F9 1F CD 98 54 B8 7F A6 D7 C9 58 43 35 FA AC 30 09 9B E8 55 C2 75 CB 96 E9 8B 5D 5E F9 9C A1 86 1B 77 07 AE C6 18 C5 F6 56 77 7D E6 37 73 96 60 94 FD CC A4 F9 4C 16 C6 F3 BF 52 95 C8 E1 7F EE CD 91 5D 3A EA 06 75 06 2B 2B 0D 70 38 35 C3 45 28 D5 4D FD 7B 53 A0 52 5F A1 06 1B 25 D4 AA 84 5C 5F D1 E7 06 20 BE 53 11 B5 B3 C8 28 C6 E4 F2 43 78 ED AA FE 10 01 A7 3C FB D4 E9 AE 61 2C 79 F2 C3 8D DA 17 2D 60 C1 CE B3 43 EE EC 07 65 30 18 AF 8B 37 0E C6 11 5C E0 C4 C0 F1 59 D6 27 7B 1E 24 64 CF A3 29 70 1A 8F 37 5C 6D 45 D7 78 EE 13 37 75 AA E0 B9 E6 BD 7F B5 47 45 AA 48 F8 8A 32 6B C6 58 91 A5 70 C3 93 D8 C2 43 4F 78 A0 3E 06 51 F8 6A 39 14 43 F0 BA 02 8C D7 DB 0F 0D BB 90 56 B8 53 54 D7 81 1B 20 0C 23 3B 32 D6 40 9F AA B4 9D 8F 1C 89 A1 2A 2C C4 F8 6C 7D FB BB D6 AD 9B 18 65 46 14 11 A4 41 67 CD 12 D9 09 2B B5 30 6F 72 4D 89 47 7A 0C 3D F8 E0 EC BC 0C 68 59 B0 05 88 4B 0D CE 10 9B 5D F8 BA DE 08 9B F8 A5 1A 9C 67 7D 59 B6 8D FE ED C9 33 CC EF 11 5E 2A 16 E5 75 42 7F D4 81 AA 50 B0 58 64 0F E2 CE 81 A4 7D 2D 80 66 CB 22 09 24 E6 8B 12 99 3D F8 38 07 4B E1 6D AB EA 63 53 CB 20 89 57 B9 AA 6F 45 BC CF D4 4E D0 42 3F C5 01 00 83 EF 80 39 BC 76 21 58 2D 45 D5 8F 04 B1 2E 8A BC 34 95 01 AA D5 6A A1 01 D3 11 CB 9E 34 7D 9C E5 C0 5D 36 58 7B 27 42 80 E1 84 8F C4 54 9E 91 19 76 E3 13 F1 F8 17 78 4F D1 A3 52 28 2B 70 E2 32 31 76 86 1A F1 7A 36 38 57 69 9C C0 1B E4 06 E3 70 F7 B3 8D 14 66 CB 1A B1 07 BB 3B CB F3 AA 6A EF CF D8 5B 0D 82 9A 72 5C 72 73 28 88 D7 F2 18 F7 49 11 ED 2C C1 77 F5 91 91 2C 26 60 18 38 B0 3F BC EF 50 FD 84 B4 27 06 A6 0E 88 45 81 A2 8B 0A 35 33 D4 F1 BF 12 E2 BB E4 91 0A E8 34 72 BC 91 50 B6 A1 38 20 6D B3 AE 0C BE B6 A6 1E 9A 41 52 CF CA C3 DE 9C A0 42 B8 B3 A8 69 24 9A 89 FD 67 EF 2C E1 06 CE 6F 93 4B 22 44 B9 B3 25 A4 B6 AE BA 22 46 EC A9 52 DF 55 72 F0 19 84 33 F8 63 CF 2B D6 D1 E6 3B 9D 4E 36 F5 EF 3B 19 27 7C 3D 65 BA BE 63 F9 51 D3 DF 20 0B 7D BD 0F 28 4A C5 96 2D 43 CE AB A6 9B DF C4 03 86 70 8A 58 51 12 C9 05 F5 06 BC 04 79 CB 67 F6 14 41 3A 02 F6 7E 92 81 65 51 F0 56 D3 66 BC 5F 45 3C AF 6F 44 BF D3 31 9F 40 39 48 C4 D2 26 46 EC C7 40 D1 E3 85 34 EB 35 62 64 4C 26 37 07 47 96 AD AF A6 F6 38 3B E4 92 23 BA 2E 95 12 20 5F 7A 22 28 11 6E 6F 4C 1C 80 E2 77 38 FB AB 3B F4 3C 3E 06 02 CA BB 70 CC D9 97 A2 D0 2B 70 AB 82 E8 22 1D 49 A4 DA BE CA 60 5F 4D AD A1 B6 8D 02 B3 32 29 58 7C 7C DB 97 36 07 9E 32 71 E2 BE 76 58 30 16 7E 2E C5 98 3F B3 08 AE E7 7D 88 8B CA 46 71 5A BF 19 9F 04 F2 9E BC 09 F0 BE F1 7C 09 EA E0 17 10 4C 5F E3 C5 DE 26 1B 78 E0 CA 1E 91 83 C7 96 98 0C E2 74 23 35 09 A2 B0 11 60 38 86 F3 EF 91 01 F1 56 6B 77 9A 12 FA E7 98 C1 1E B8 08 BE A9 15 DF C9 C0 8E B4 49 70 75 77 9F 38 86 FA 93 0D BA 81 7C 5D AF 4B FE 1A D8 15 39 E8 D4 F5 93 7C EA E6 A2 C9 DF CC 37 81 49 01 A4 95 5E 3A CC 50 01 B5 43 F3 AC 62 20 14 6D 6E 79 E2 9F 60 10 C7 EC 2B 04 66 67 32 2B BC 8B 6B CB E7 C0 0A CC 8E 65 63 A5 D4 73 5C DB 9B AF 68 54 75 A5 D3 54 24 81 67 88 5C 3F 6A EF BF 95 18 4D B8 33 B3 32 93 E0 AB A1 AD 02 EC 23 2D 47 6F E1 DA A4 29 00 71 8C 04 D7 18 2B A2 A3 E7 79 BB 52 18 62 38 D2 0B 10 CE 9F C5 01 FF 1F F3 C3 17 87 6A C8 4D 51 74 D3 C6 25 3E 49 5E E9 7C BB 9F B4 1F 26 25 24 F9 5C C1 26 7F 3B F9 EB 00 33 C7 85 3E 0F 1B 64 E5 0B 7C DD 2A 9D 74 32 A5 09 6C 2F 01 45 E0 F1 06 11 F3 E5 05 D2 9A 45 7A D0 93 20 72 20 82 9E 2B CF A2 41 19 C2 9F FF E1 DC 7C 16 80 59 2A DE E8 EA 06 60 5D 90 C9 53 29 09 52 59 9F 80 48 3E 3A 85 40 F3 A2 F3 7C 7C 8F CB A1 71 2E 9F 5D 09 70 BF 4B 38 E7 E4 0D FC BC 97 07 35 C5 25 31 8C B1 60 09 90 68 C5 18 D9 02 2F BD D5 DC CD 8E 62 37 35 B9 AF A3 7F 8C 19 26 B8 7D D6 BE B9 B9 64 4B 62 D9 7E 19 63 27 6A 67 A3 DE 28 D7 71 69 14 89 31 73 A0 67 47 DF 96 71 42 13 16 0E 7E DA C7 9E 43 08 81 E8 94 6A 9B B4 7B D2 88 BE CB 9B DC 5B 74 6F 0A FA F3 D4 C0 E8 C5 05 51 59 0D 28 2A C2 16 17 6F 56 F4 4B A8 F2 06 28 62 E6 E8 04 94 59 7C A6 4A 60 2F A9 96 10 43 84 87 68 7A FC 6A 0F B8 66 ED 2C 9F 0F 38 14 BC D6 3E 7D 2F 78 E6 8F 02 C4 54 13 80 12 E3 42 86 1C 78 2A 6F 88 4E FD 5B 31 7C 8B CE C5 61 67 A4 CE D8 0B 0B 1C 14 57 22 5D 8D 40 4C 08 23 87 BB 99 C6 0E 1A 18 AA 5D 63 84 0B 0A 9D FF F4 87 20 26 3A 9C F5 52 9E E1 DA CB 35 B0 0E 66 43 C5 34 99 7B D8 4F 0F 32 E8 F5 CF 1A 0E 22 3B 95 85 57 9B 61 3E EF E4 37 CB D2 C7 3F 5A 39 03 6D FE D4 C5 9E 5C E9 B0 91 87 26 3F BE E3 79 ED 43 2D 15 BA DA D2 C8 A2 18 CF 31 45 A5 99 F6 82 E7 D8 BC 1D FC 56 4C 39 17 1B 3B 85 4A 89 24 9C 61 8D 63 51 E0 BF 58 E6 6E E1 2C CF 78 47 E5 13 DC BD 92 33 CA 33 3C 54 FC 69 97 0D 7C DA 32 81 88 9C 46 27 C2 C9 DE D2 10 43 9F 8A 21 EF F8 0A 54 39 37 CD F6 76 33 47 14 55 46 FF F9 42 0A 68 39 A0 BA C0 5E CC 3C F2 8C E3 61 DF 23 AC A4 6B E5 38 85 7A 07 FF 12 67 68 86 AE D7 C5 C1 6A DB A4 C9 E3 02 21 73 35 73 55 FE BF 5B A4 53 A1 67 8A DC 17 71 E8 25 09 61 73 C2 4C 50 6D 2C 78 B8 B9 D0 96 64 E6 A9 69 17 54 AC 5F 05 FE 6D C7 92 40 6F E5 3E 8F 4C E6 C6 56 20 F6 67 8A DD 5C DD 8F 15 26 0B 2C D6 AF 99 65 38 65 85 9E BC 17 08 A7 E6 A2 E1 13 6C 5A 3D 90 76 41 81 AE C9 D6 D7 03 3E 73 94 D9 D6 D4 0D 0F DD 4C 8A 88 76 23 3B F5 60 96 27 A0 6C 1F C1 7A 7B 7D 69 39 BF A9 B0 A7 9B 73 0C 3B CF 4C 20 F8 3F B4 E5 73 E1 BC 5D 32 C6 32 32 F9 0C 08 8F 10 1C 7C A9 4B CA 69 B0 36 7B 92 49 ED 5F A4 8B 9E 21 95 39 95 CC D1 B0 59 2D 85 17 CE 5F 2D 6C AB 48 E7 2C 9D F2 BC F1 F5 59 42 60 01 96 71 5D E4 7E 7A D0 F3 DC BF F9 68 D0 31 4C 66 E9 0A 63 1E B4 63 08 E0 A3 0E AB 71 47 BB 9A 37 57 00 C3 64 6E 67 86 2E E5 C1 FC F0 3F 02 52 E0 7A 0B F2 BD 20 17 A9 49 D6 BD 02 33 FD 9A AA 2D EA 09 71 9A B3 88 BB 9C DC AC 09 15 7A 63 5B 6A 18 28 EB B3 A0 22 B6 3B 2B DD 75 A4 51 6B B8 74 F9 D6 1F D2 5B 1B 97 C8 C2 0B 71 44 FF 88 59 3D 25 CA 28 62 FA C9 25 BE A8 86 9F 1B EA 6A 2C 6B 2F D3 E8 10 A4 4F 8F 78 87 5E 74 23 25 A5 16 F8 BC 21 2D F0 B4 C9 42 04 4E EE 6D C7 44 12 96 71 3B E7 3F 7A 73 0C D6 0A 3F 45 45 D5 05 0E 3D B5 2B 51 C4 80 6C 2C 3F D7 7E C7 3A 5D E9 92 40 F3 6D F1 63 3E 7F B3 52 0A 64 FD AD 15 7D 73 72 1C CF 28 24 AD 4C 79 7C 91 14 1D 78 13 F0 43 3D F8 D8 44 07 D2 B4 80 7A AE A3 71 09 3B BA AC 8C B1 68 34 A3 CB BC 76 E8 C3 23 DA ED CB A3 35 50 73 38 6F B5 E9 9F 0B F2 40 4E E1 14 FD 47 63 98 17 6D 8B 5E E1 96 DA C5 0F FA 41 0F 8C E3 5D A4 59 B0 00 DD 47 81 F3 04 7D A7 74 44 05 A5 FA 87 72 58 AF B5 56 C0 4B D7 C6 DE E3 42 43 4D F4 86 84 B0 62 BB 74 A7 1F 5F 70 80 9C 88 18 CE 52 2F 47 93 20 FD A1 E4 79 E5 D2 3F E4 E8 5A 81 2B 56 14 6B 98 BA F0 C4 4A D6 D3 45 2C 45 A8 F1 6D AF 7D BF 4B 80 4A 59 AB E6 AF ED 1B BF 65 FA 18 C9 0F 91 EA [Binary data over 200 bytes]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 1781466620 = 50 4B 03 04 28 0C 19 52 FC 05 2F 6A 12 04 00 00 00 30 00 00 86 87 59 DE 0D 38 6F 5A 8D 9B 08 42 FE 93 3C D0 49 37 40 E3 B2 AF 97 4A 32 9C C8 EA C5 52 2F 50 DE E1 47 63 15 72 F2 70 08 0E 76 22 47 46 DF 9B 0C D8 04 1C 90 B5 DC D1 F7 F7 28 BC 2E DE 42 4A 05 87 0E D5 B9 41 05 4D 5B E6 2C C7 25 9B DB 67 23 69 D6 89 47 20 91 A3 8F 11 CB 36 2D F5 C2 66 1B 12 49 BE 7A E0 A8 AA A9 95 7C 82 4D EC 21 CF 14 8F 77 12 D6 85 8D E8 09 1B 43 F7 8E 39 22 38 CB 41 7E 70 19 F4 16 37 7D 80 53 AE 40 34 51 C7 03 E5 5F 64 30 D1 A6 61 73 27 01 85 49 61 7E 3F 6B 0A 3C A9 01 1F 73 2E 02 C9 97 36 F5 26 39 DD FF 33 C8 1D 8D 4B 20 2B 85 6C B0 62 F8 78 6B FF 78 F6 27 BD BA 61 E3 AC B5 52 75 F9 48 63 E9 08 27 81 F3 38 2B 71 72 DA 84 BD DF D9 CA 0A AE 09 70 7B E1 39 42 8F 5B 9C 1A E2 0B 9F 76 8C 79 2C 16 26 6E 59 EE 25 4A 9E C1 D5 42 F6 0B 05 9A 4E C1 97 41 DD F9 D8 B5 6E 45 91 8A EC 4C 76 7B F6 05 98 E7 55 4D 19 4F F3 3D 84 7C 9B CA DF 7C 2A 6F E1 8E E4 78 68 A1 88 7D 9F D2 0D B1 DF 6B E7 AF EC D2 E3 9A 69 BD 2C E1 5D 76 98 7B A4 7C 7D 66 D3 6B A9 1E AC 24 9D 85 37 F6 A4 12 2B AA 33 F1 97 44 68 0C 89 65 9F 2B AA FA 1F 3F 90 50 5C C0 F8 DE 16 5C F6 F1 BD A6 46 C9 AE 93 4D 1B D3 A9 BC 8C D7 25 0B 9B 88 82 5B 41 9A 44 DB 49 72 06 29 BA E8 42 37 E8 FC AF 33 D6 1F C7 D0 F0 1C F6 9F 84 3B 97 F1 8F A7 E1 8E 1D 01 CC F4 89 4A 43 45 CB 51 08 B6 A0 D6 58 47 6C 00 1A EA 38 F7 AB A6 25 73 D9 AB DA EA AA 37 72 13 12 79 53 1C B2 F2 9D 58 80 C0 82 5B 37 74 C4 BD 28 92 69 CF DC 69 EE 65 D4 78 D6 2F 1A 20 77 C6 42 C9 C0 F8 D3 8F 65 DB 01 0D 27 8F 28 58 9D 04 05 D1 74 17 C7 E6 B0 CC 6B 89 E0 E3 D4 07 A3 D6 02 BC B2 19 39 B8 C7 E2 A0 F8 CA CF C2 EE E6 D8 0E BD A5 20 47 60 3E 74 E9 FE 9C EA D1 4D 05 F6 6E BB 3C 6F 4F D5 1F 6A 0A AF 2C AC C2 3F B3 4A 09 B3 10 5A CA 18 45 88 A9 14 26 58 7B 50 46 15 3A 86 A7 50 33 AD B7 9C 24 AD FC 04 7C 47 54 FE C3 CB 13 44 55 01 F6 4A A5 1C A9 B4 39 9A 31 03 36 94 5B 5A DA 82 04 CA 4B 71 89 0F 72 A1 D5 BA 49 D3 F8 78 08 F6 41 9D B5 BA AA 0E 20 A2 10 38 6A 67 F7 07 13 2E 84 2E FF 52 1F 7F 1C AC 1E EC F7 99 42 7A EC 54 99 CB 96 73 18 09 EE BE 77 20 DA 0B DE 66 99 DA F2 2B 9B 7E A8 A6 0D A6 A2 AA 6A 1C BC B5 DE 6A 91 23 8D 18 78 B7 3A BE 9C 85 78 B4 1C 9E 0A BD FF 4B 43 93 B4 BF 3D 9C F7 0D 08 F1 ED 2D BD 79 71 5C 67 C0 E4 E7 2F 29 C5 E1 62 A3 FB 52 AC 08 74 4C 2C 8D 66 E2 82 F0 DF 0D 91 B3 6A 37 E4 E1 E8 AF 8B EC 23 56 CC BD FD 1F F6 87 80 48 C1 96 1C 57 06 C8 21 A6 11 85 CA 79 6D C8 39 02 1A BD EB 93 5A 8E 9E 9C 05 2A 4C 56 78 FA 29 A0 9B 0E D4 6C 5E D7 40 46 E8 15 83 DE ED DC E6 81 A4 69 1F BE 5C 44 28 55 72 38 BE 7E 1D E1 C1 D2 DF 88 69 5D 71 45 6A DC 7B 55 EC 3E C2 82 D7 A0 A1 55 91 A2 B2 D9 B0 B9 0F 71 BC 0A 73 89 82 17 BB 8D 89 28 33 C3 77 B1 7F 1A 8F 80 60 7A 5A 47 AE AB F2 AC 3A A9 5A 4D 3A BF 81 B6 2F 85 DA 68 FA AA 60 F0 FF 19 DC D8 9C 8F A0 D8 74 ED F4 7C 11 49 A9 03 95 66 51 BF 0C 4F F8 FB 74 8E B8 A5 ED 35 B7 86 CF 91 4D A6 D7 5B 63 E1 CB 7C 63 4F ED 82 67 55 D5 4D A8 A5 42 2A FD BB 52 E1 8B B2 FD 0A A0 91 52 85 96 0B 13 0D AD 52 09 F4 AD 75 96 FB A3 8A 86 9F B7 F1 69 30 15 A5 EC 6D 66 D7 00 01 3E 65 43 E2 FB 8B AD CB A8 98 90 1F 2C FF D6 98 6F AA 82 9F DA 79 14 06 86 D1 8F 31 41 BC CC 88 62 01 D1 2D F0 5D E5 ED 34 9A A0 E1 A3 57 78 EE [Binary data over 200 bytes]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 50 4 = Reg Error: Value error. File not found
[2008.04.14 13:00:00 | 000,042,496 | -HS- | C] (G Data Software AG) -- C:\Documents and Settings\All Users\dxojdlv.exe
[2008.04.14 13:00:00 | 000,042,496 | -HS- | C] (G Data Software AG) -- C:\Documents and Settings\All Users\dxldxpc.exe
[2013.03.01 16:05:58 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe

:Files
C:\Documents and Settings\All Users\Application Data\IBUpdaterService

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#5
geekatheart
Posted 15 March 2013 - 09:01 AM

geekatheart

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Yesssssss! :thumbsup:

Well it seems that all my problems are gone, the error report is no more, and it has lossen it's grip on my internet connection :D

there's the report, just in case

so thanks a mill on the assistance, i hope i didn't go wrong about posting and info... if the report is ok, i shouldn't be bothering you any further...

Attached Files

  • Attached File  OTL.Txt   61.87KB   116 downloads

Edited by geekatheart, 15 March 2013 - 09:05 AM.

  • 0

#6
Essexboy
Posted 15 March 2013 - 09:07 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets check for orphans :)

Please download Malwarebytes Anti-Malware to your desktop.

  • Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan as shown below.

    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.


The log can also be found here:

Windows 2000 & Windows XP:
C:\Documents and Settings\<USERNAME>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Windows Vista & Win7:
C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs
----------
  • 0

#7
geekatheart
Posted 15 March 2013 - 01:17 PM

geekatheart

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
pretty neet anti-malware :) , how the fudge did it catch stuff that avast! didn't :confused:

the scan - is it ok?

Attached Files


  • 0

#8
Essexboy
Posted 15 March 2013 - 01:28 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I myself use MBAM to supplement Avast (or any other AV to that matter) as it has a different data set and looks for malware as opposed to viruses

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#9
geekatheart
Posted 16 March 2013 - 09:59 AM

geekatheart

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
good tips, will give those programs a rty....

just one thing, i inserted these commands

:Commands
[resethosts]
[emptytemp]
[CLEARALLRESTOREPOINTS]
[Reboot]


and the OTL just kind of sits there, left it all night long didn't turn off, had to pull out the battery (i know im inpatient)
sooo, should i just hit the cleanup button on OTL and forget about it? :happy:
  • 0

#10
Essexboy
Posted 16 March 2013 - 10:13 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK MBAM on your system is getting uppity about being stopped .. It sometimes happens

Remove this command from OTL and it will complete

[emptytemp]
  • 0

#11
geekatheart
Posted 16 March 2013 - 12:47 PM

geekatheart

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
oh yeah its all good now :whistling:

that went quite well, i was 60% certan i would screw something up :happy:

thanx for the assistance, and the tips :thumbsup:

Posted Image

Edited by geekatheart, 16 March 2013 - 12:59 PM.

  • 0

#12
Essexboy
Posted 16 March 2013 - 04:07 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP