Favorite Set as home Contact Us
Google
Home | More Virus Remove Process...
Free antivirus software,Free antivirus,Trojan Removal Instructions,Spyware remove Instructions
      How to remove PCDefender
How to remove PCDefender
Author:PCDefender Hits: UpdateTime:2010-2-20 9:03:28

How to remove PCDefender

PCDefender remover

PCDefender removal process


For remove PCDefender virus,please clean/delete all PCDefender infected files and Delete/Modify any values PCDefender added to the registry as following:
Behavior
The program may be manually downloaded and installed from the following location:
http://thexxxclick.info/32.html#

The program reports false or exaggerated system security threats on the computer.





Fake Detection Names
The program may falsely report detections of the following threats:





The user is then prompted to pay for a full license of the application in order to remove the threats.





Installation
When the program is executed, it creates the following folders:

  • C:\Documents and Settings\All Users\Start Menu\Programs\PC Defender
  • C:\Program Files\Def Group
  • C:\Program Files\Def Group\PC Defender
  • C:\WINDOWS\Installer\{FC2ABC8E-3715-4A32-B8B5-559380F45282}


It also creates the following files:
  • C:\Documents and Settings\Administrator\Local Settings\Temp\Perflib_Perfdata_a98.dat
  • C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1237843074jtun_allbb0317.x00.full.zip
  • C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1255449998jtun_allccmsl0819.x00.full.zip
  • C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1265852195jtun_scd2.zip.full.zip
  • C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1266010716jtun_nav8enidfull25.x86.seg1.zip
  • C:\Documents and Settings\All Users\Desktop\PC Defender.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\PC Defender\PC Defender.lnk
  • C:\INF\clean.hiv
  • C:\Program Files\Def Group\PC Defender\Antispyware.exe
  • C:\Program Files\Def Group\PC Defender\hook.dll
  • C:\Program Files\Def Group\PC Defender\proccheck.exe
  • C:\WINDOWS\Installer\14d256.msi
  • C:\WINDOWS\Installer\{FC2ABC8E-3715-4A32-B8B5-559380F45282}\_96222EB958BE7AE1F3D10F.exe
  • C:\WINDOWS\Installer\{FC2ABC8E-3715-4A32-B8B5-559380F45282}\_E99A03E2B966DDBBBF0A73.exe
  • C:\WINDOWS\Prefetch\922EE651620485838F50FE09DF119-1680527D.pf
  • C:\WINDOWS\Prefetch\ANTISPYWARE.EXE-19ABB532.pf
  • C:\WINDOWS\Prefetch\PROCCHECK.EXE-03906D86.pf
  • C:\WINDOWS\Prefetch\REG.EXE-0D2A95F7.pf


Next, the program modifies the following files:
  • C:\Documents and Settings\Administrator\Cookies\index.dat
  • C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
  • C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
  • C:\Documents and Settings\Administrator\ntuser.dat.LOG
  • C:\INF\rgst152.dat
  • C:\WINDOWS\Debug\UserMode\userenv.log
  • C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf
  • C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf
  • C:\WINDOWS\Prefetch\PERL.EXE-08A6F3BE.pf
  • C:\WINDOWS\Prefetch\REGSHOT.EXE-2A173C98.pf
  • C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf
  • C:\WINDOWS\system32\config\default
  • C:\WINDOWS\system32\config\default.LOG
  • C:\WINDOWS\system32\config\Software
  • C:\WINDOWS\system32\config\software.LOG
  • C:\WINDOWS\system32\config\system.LOG
  • C:\WINDOWS\system32\wbem\Logs\wbemess.log
  • C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP
  • C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER
  • C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP
  • C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP


The program may then delete the following folder:
C:\Config.Msi

It may also delete the following files:
  • C:\Documents and Settings\Administrator\Local Settings\Temp\Perflib_Perfdata_a2c.dat
  • C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1237843074jtun_allbb0317.x00.seg1.zip


Next, the program modifies the following registry entries so that it executes whenever Windows starts:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Userinit" = "C:\WINDOWS\system32\userinit.exe,"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Userinit" = "C:\WINDOWS\system32\userinit.exe,"C:\Program Files\Def Group\PC Defender\Antispyware.exe""


The program then creates the following registry entries:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Def Group\PC Defender\"" = ""
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Def Group\"" = ""
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Documents and Settings\All Users\Start Menu\Programs\PC Defender\"" = ""
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\WINDOWS\Installer\{FC2ABC8E-3715-4A32-B8B5-559380F45282}\"" = ""
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" "0x00002001"
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program Files\Def Group\PC Defender\"proccheck.exe" = "proccheck"
  • HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\VAS\"922RR651620485838S50SR09QS119674.rkr" = "1B 00 00 00 06 00 00 00 10 8D 5A 77 91 B0 CA 01"
  • HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Microsoft\Windows\ShellNoRoam\Bags\16\Shell\"Mode" = "4"
  • HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Microsoft\Windows\ShellNoRoam\Bags\16\Shell\"ScrollPos1280x1024(1).x" = "0"
  • HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Microsoft\Windows\ShellNoRoam\Bags\16\Shell\"ScrollPos1280x1024(1).y" = "0"
  • HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Microsoft\Windows\ShellNoRoam\Bags\16\Shell\"Sort" = "0"
  • HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Microsoft\Windows\ShellNoRoam\Bags\16\Shell\"SortDir" = "1"
  • HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Microsoft\Windows\ShellNoRoam\Bags\16\Shell\"Col" = "0xFFFFFFFF"
  • HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Microsoft\Windows\ShellNoRoam\Bags\16\Shell\"ColInfo" = "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FD DF DF FD 0F 00 04 00 20 00 10 00 28 00 3C 00 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 00 01 60 00 78 00 78 00 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"
  • HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\INF\"922EE651620485838F50FE09DF119674.exe" = "922EE651620485838F50FE09DF119674"
  • HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\system32\"REG.exe" = "Registry Console Tool"
  • HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program Files\Def Group\PC Defender\"Antispyware.exe" = "PC Defender application main executable"
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" = "0x00002001"
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program Files\Def Group\PC Defender\"proccheck.exe" = "proccheck"


It also creates the following registry subkeys:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\E8CBA2CF517323A48B5B5539084F2528
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E8CBA2CF517323A48B5B5539084F2528_
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\C73BCE36FA1AA0E45AB2649A3FA0D390
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\C73BCE36FA1AA0E45AB2649A3FA0D390
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0C7636129D6C606AC34B4F77B98D933A
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\48F1979EDA9389E44C3097C667211849
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AA7C3518924A9561AB587A3AED215D82
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8CBA2CF517323A48B5B5539084F2528
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E8CBA2CF517323A48B5B5539084F2528
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FC2ABC8E-3715-4A32-B8B5-559380F45282}
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSISERVER\0000\Control
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSISERVER\0000\Control
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo
  • HKEY_USERS\.DEFAULT\Software\Def Group
  • HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\00000000000003e7
  • HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Microsoft\Windows Script
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo
  • HKEY_USERS\S-1-5-18\Software\Def Group


Next, the program modifies the following registry entries:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\"Seed" = "53 E0 FB 62 45 48 79 84 CC 78 9F 8B C1 35 98 0A 23 FE 57 2B 3C 87 ED 65 5A 15 54 46 66 B5 33 66 37 19 AC 42 E8 49 F1 98 6F 69 83 00 28 0E 6E B5 35 EE 4F 8E 1E 1D E9 CF 52 65 22 90 CB 8A 3C AD 5B 5B 5B 8B 52 6B 84 87 1F E6 92 7E B5 DD 37 13"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\"Seed" = "0A 56 8A 09 B1 8B 9F 55 8D D2 1C 7B 14 F7 E5 77 D6 00 EF DB 11 3A AC C1 1A 9C 75 A1 48 57 38 D6 7C B3 67 44 EE 87 ED 60 E3 62 6C 13 6D 02 80 7A 41 4F E1 EA 71 FC 78 D5 6D 4F 15 59 6D D3 59 5A AC 20 E6 40 04 F7 33 D3 87 B5 0D 94 D7 4F D4 41"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\"Directory" = "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\"Directory" = "C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1\"CachePath" = "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1\"CachePath" = "C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2\"CachePath" = "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2\"CachePath" = "C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3\"CachePath" = "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3\"CachePath" = "C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4\"CachePath" = "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4\"CachePath" = "C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MSSYCLM\"Start" = "0xE853C38D"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MSSYCLM\"Start" = "0x389F0129"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\CCPD\CLTNetConnect\LastAction: 0x4A55E325"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\CCPD\CLTNetConnect\LastAction: 0x4B7D2A9F"
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceCurrent\"" = "10"
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceCurrent\"" = "11"
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceCurrent\"" = "10"
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceCurrent\"" = "11"
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\"NextId" = "0x00002001"
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\"NextId" = "0x00002002"
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\"Cookies" = "C:\Documents and Settings\LocalService\Cookies"
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\"Cookies" = "C:\Documents and Settings\Administrator\Cookies"
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\"Local AppData" = "C:\Documents and Settings\LocalService\Local Settings\Application Data"
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\"Local AppData" = "C:\Documents and Settings\Administrator\Local Settings\Application Data"
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\"Cache" = "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files"
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\"Cache" = "C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files"
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\"History" = "C:\Documents and Settings\LocalService\Local Settings\History"
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\"History" = "C:\Documents and Settings\Administrator\Local Settings\History"
  • HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Far\SavedHistory\"Lines" = "73 6D 73 2E 70 6C 20 2D 66 20 44 39 32 32 36 31 31 38 36 37 44 37 38 44 33 44 46 32 41 46 38 36 37 32 33 43 36 39 37 33 31 35 00 73 6D 73 2E 70 6C 20 2D 66 20 66 66 66 66 31 35 61 38 5F 62 31 36 36 62 36 61 64 2E 45 58 45 00 73 6D 73 2E 70 6C 20 2D 66 20 30 35 32 31 35 33 45 36 39 45 46 38 30 39 34 41 37 43 41 30 33 30 32 38 42 31 36 36 42 36 41 44 00 37 7A 20 78 20 73 6D 73 53 63 72 69 70 74 2D 2D 33 39 35 33 32 2D 31 32 31 34 34 36 32 39 34 38 2E 7A 69 70 00 72 67 73 74 31 35 32 2E 64 61 74 00 77 69 6E 64 69 66 66 20 41 64 77 61 72 65 5F 49 6E 73 74 61 6E 74 41 63 63 65 73 73 2E 78 6D 6C 20 20 44 69 61 6C 65 72 2E 49 6E 73 74 61 6E 74 41 63 63 65 73 73 5F 6E 2E 78 6D 6C 00 77 69 6E 64 69 66 66 20 44 69 61 6C 65 72 5F 49 6E 73 74 61 6E 74 41 63 63 65 73 73 2E 78 6D 6C 20 20 44 69 61 6C 65 72 2E 49 6E 73 74 61 6E 74 41 63 63 65 73 73 5F 6E 2E 78 6D 6C 00 63 6F 70 79 20 44 69 61 6C 65 72 5F 49 6E 73 74 61 6E 74 41 63 63 65 73 73 2E 78 6D 6C 20 20 44 69 61 6C 65 72 5F 49 6E 73 74 61 6E 74 41 63 63 65 73 73 5F 75 70 64 61 74 65 64 2E 78 6D 6C 00 65 63 6C 2E 70 6C 20 44 69 61 6C 65 72 2E 49 6E 73 74 61 6E 74 41 63 63 65 73 73 5F 6E 2E 78 6D 6C 20 20 3E 63 6C 73 69 64 2E 74 78 74 00 67 63 68 2E 70 6C 20 2D 66 20 63 6C 73 69 64 2E 74 78 74 00 53 75 70 65 72 42 61 62 65 73 2E 6C 6E 6B 00 72 65 67 76 69 65 77 20 44 69 61 6C 65 72 5F 49 6E 73 74 61 6E 74 41 63 63 65 73 73 5F 75 70 64 61 74 65 64 2E 78 6D 6C 00 79 00 37 7A 20 78 20 2A 00 60 00 77 68 69 74 65 66 69 6C 74 65 72 2E 70 6C 00 47 6F 6F 67 6C 65 43 61 74 63 68 2E 63 6C 73 49 45 53 70 79 00 37 7A 20 78 20 57 69 6E 58 53 65 63 75 72 69 74 79 43 65 6E 74 65 72 2E 72 61 72 00 66 69 6E 64 70 65 2E 70 6C 00 63 64 20 70 73 00 63 6F 70 79 20 22 57 69 6E 58 20 53 65 63 75 72 69 74 79 20 43 65 6E 74 65 72 2E 65 78 65 22 20 20 61 2E 65 78 65 00 63 6F 70 79 20 49 6E 73 74 61 6C 6C 2E 65 78 65 20 20 6E 64 00 66 20 49 6E 73 74 61 6C 6C 2E 65 78 65 00 66 20 30 33 45 41 37 39 38 34 46 36 46 43 35 30 35 31 44 43 45 33 37 42 35 39 30 31 34 34 41 41 45 46 2E 73 61 6D 70 6C 65 00 66 20 52 65 73 74 61 72 74 2E 65 78 65 00 66 20 72 65 64 69 72 2E 64 6C 6C 00 68 69 65 77 33 32 20 22 43 3A 5C 53 70 79 77 61 72 65 5C 49 4E 42 4F 58 5C 4A 55 4E 5F 32 36 5C 6E 64 5C 30 33 65 61 37 39 38 34 66 36 66 63 35 30 35 31 64 63 65 33 37 62 35 39 30 31 34 34 61 61 65 66 5C 57 69 6E 58 20 53 65 63 75 72 69 74 79 20 43 65 6E 74 65 72 2E 65 78 65 22 20 2F 6F 63 3D 6F 65 70 00 5C 00 65 64 69 74 3A 67 63 72 63 30 61 2E 73 72 63 00 37 7A 20 65 20 63 6C 65 61 6E 2E 72 61 72 00 74 72 6F 6A 64 65 66 20 72 65 64 69 72 2E 64 6C 6C 00 74 72 6F 6A 64 65 66 20 75 6E 70 6B 30 30 30 30 2E 75 6E 70 00 73 66 20 75 6E 70 6B 30 30 30 30 2E 75 6E 70 00 74 72 6F 6A 64 65 66 20 52 65 73 74 61 72 74 2E 65 78 65 00 73 70 79 71 72 2E 70 6C 20 3E 72 65 70 6F 72 74 2E 63 73 76 00 73 20 2D 73 6D 73 00 73 65 6E 64 32 73 6D 73 00 64 65 6C 20 63 3A 5C 74 65 6D 70 5C 73 61 72 63 69 33 32 2E 65 78 65 00 73 61 72 63 00 66 00 73 69 76 20 61 64 00 70 72 6F 63 65 78 70 00 74 6F 6F 6C 73 75 70 64 74 2E 62 61 74 00 6D 79 70 65 69 64 00 63 6C 73 00 66 69 6C 74 65 72 2E 70 6C 20 2D 73 20 31 00 00
  • HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Far\SavedHistory\"Lines" = "73 6D 73 2E 70 6C 20 2D 66 20 44 39 32 32 36 31 31 38 36 37 44 37 38 44 33 44 46 32 41 46 38 36 37 32 33 43 36 39 37 33 31 35 00 73 6D 73 2E 70 6C 20 2D 66 20 66 66 66 66 31 35 61 38 5F 62 31 36 36 62 36 61 64 2E 45 58 45 00 73 6D 73 2E 70 6C 20 2D 66 20 30 35 32 31 35 33 45 36 39 45 46 38 30 39 34 41 37 43 41 30 33 30 32 38 42 31 36 36 42 36 41 44 00 37 7A 20 78 20 73 6D 73 53 63 72 69 70 74 2D 2D 33 39 35 33 32 2D 31 32 31 34 34 36 32 39 34 38 2E 7A 69 70 00 72 67 73 74 31 35 32 2E 64 61 74 00 77 69 6E 64 69 66 66 20 41 64 77 61 72 65 5F 49 6E 73 74 61 6E 74 41 63 63 65 73 73 2E 78 6D 6C 20 20 44 69 61 6C 65 72 2E 49 6E 73 74 61 6E 74 41 63 63 65 73 73 5F 6E 2E 78 6D 6C 00 77 69 6E 64 69 66 66 20 44 69 61 6C 65 72 5F 49 6E 73 74 61 6E 74 41 63 63 65 73 73 2E 78 6D 6C 20 20 44 69 61 6C 65 72 2E 49 6E 73 74 61 6E 74 41 63 63 65 73 73 5F 6E 2E 78 6D 6C 00 63 6F 70 79 20 44 69 61 6C 65 72 5F 49 6E 73 74 61 6E 74 41 63 63 65 73 73 2E 78 6D 6C 20 20 44 69 61 6C 65 72 5F 49 6E 73 74 61 6E 74 41 63 63 65 73 73 5F 75 70 64 61 74 65 64 2E 78 6D 6C 00 65 63 6C 2E 70 6C 20 44 69 61 6C 65 72 2E 49 6E 73 74 61 6E 74 41 63 63 65 73 73 5F 6E 2E 78 6D 6C 20 20 3E 63 6C 73 69 64 2E 74 78 74 00 67 63 68 2E 70 6C 20 2D 66 20 63 6C 73 69 64 2E 74 78 74 00 53 75 70 65 72 42 61 62 65 73 2E 6C 6E 6B 00 72 65 67 76 69 65 77 20 44 69 61 6C 65 72 5F 49 6E 73 74 61 6E 74 41 63 63 65 73 73 5F 75 70 64 61 74 65 64 2E 78 6D 6C 00 79 00 37 7A 20 78 20 2A 00 60 00 77 68 69 74 65 66 69 6C 74 65 72 2E 70 6C 00 47 6F 6F 67 6C 65 43 61 74 63 68 2E 63 6C 73 49 45 53 70 79 00 37 7A 20 78 20 57 69 6E 58 53 65 63 75 72 69 74 79 43 65 6E 74 65 72 2E 72 61 72 00 66 69 6E 64 70 65 2E 70 6C 00 63 64 20 70 73 00 63 6F 70 79 20 22 57 69 6E 58 20 53 65 63 75 72 69 74 79 20 43 65 6E 74 65 72 2E 65 78 65 22 20 20 61 2E 65 78 65 00 63 6F 70 79 20 49 6E 73 74 61 6C 6C 2E 65 78 65 20 20 6E 64 00 66 20 49 6E 73 74 61 6C 6C 2E 65 78 65 00 66 20 30 33 45 41 37 39 38 34 46 36 46 43 35 30 35 31 44 43 45 33 37 42 35 39 30 31 34 34 41 41 45 46 2E 73 61 6D 70 6C 65 00 66 20 52 65 73 74 61 72 74 2E 65 78 65 00 66 20 72 65 64 69 72 2E 64 6C 6C 00 68 69 65 77 33 32 20 22 43 3A 5C 53 70 79 77 61 72 65 5C 49 4E 42 4F 58 5C 4A 55 4E 5F 32 36 5C 6E 64 5C 30 33 65 61 37 39 38 34 66 36 66 63 35 30 35 31 64 63 65 33 37 62 35 39 30 31 34 34 61 61 65 66 5C 57 69 6E 58 20 53 65 63 75 72 69 74 79 20 43 65 6E 74 65 72 2E 65 78 65 22 20 2F 6F 63 3D 6F 65 70 00 5C 00 65 64 69 74 3A 67 63 72 63 30 61 2E 73 72 63 00 37 7A 20 65 20 63 6C 65 61 6E 2E 72 61 72 00 74 72 6F 6A 64 65 66 20 72 65 64 69 72 2E 64 6C 6C 00 74 72 6F 6A 64 65 66 20 75 6E 70 6B 30 30 30 30 2E 75 6E 70 00 73 66 20 75 6E 70 6B 30 30 30 30 2E 75 6E 70 00 74 72 6F 6A 64 65 66 20 52 65 73 74 61 72 74 2E 65 78 65 00 73 70 79 71 72 2E 70 6C 20 3E 72 65 70 6F 72 74 2E 63 73 76 00 73 20 2D 73 6D 73 00 73 65 6E 64 32 73 6D 73 00 64 65 6C 20 63 3A 5C 74 65 6D 70 5C 73 61 72 63 69 33 32 2E 65 78 65 00 73 61 72 63 00 66 00 73 69 76 20 61 64 00 70 72 6F 63 65 78 70 00 74 6F 6F 6C 73 75 70 64 74 2E 62 61 74 00 6D 79 70 65 69 64 00 63 6C 73 00 66 69 6C 74 65 72 2E 70 6C 20 2D 73 20 31 00 66 69 6C 74 65 72 2E 70 6C 20 2D 73 20 32 00 00
  • HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Far\SavedHistory\"Position" = "2E"
  • HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Far\SavedHistory\"Position" "2F"
  • HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\"HRZR_EHACNGU" = "1A 00 00 00 A6 01 00 00 90 50 33 F9 94 00 CA 01"
  • HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\"HRZR_EHACNGU" = "1B 00 00 00 A7 01 00 00 10 8D 5A 77 91 B0 CA 01"
  • HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Microsoft\Windows\Shell\Bags\1\Desktop\"ItemPos1280x1024(1)" = "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 15 00 00 00 02 00 00 00 14 00 1F 50 E0 4F D0 20 EA 3A 69 10 A2 D8 08 00 2B 30 30 9D 15 00 00 00 52 00 00 00 14 00 1F 60 40 F0 5F 64 81 50 1B 10 9F 08 00 AA 00 2F 95 4E 15 00 00 00 A2 00 00 00 46 00 3A 00 6C 02 00 00 2D 35 BB 61 20 00 41 50 49 4D 6F 6E 2E 6C 6E 6B 00 00 2C 00 03 00 04 00 EF BE 25 35 AF 78 C3 3A 8D 52 14 00 00 00 41 00 50 00 49 00 4D 00 6F 00 6E 00 2E 00 6C 00 6E 00 6B 00 00 00 1A 00 15 00 00 00 F2 00 00 00 4C 00 3A 00 54 02 00 00 2D 35 BC 61 20 00 41 75 74 6F 52 75 6E 73 2E 6C 6E 6B 00 00 30 00 03 00 04 00 EF BE 2A 35 00 77 C3 3A 8D 52 14 00 00 00 41 00 75 00 74 00 6F 00 52 00 75 00 6E 00 73 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 15 00 00 00 42 01 00 00 48 00 3A 00 4A 02 00 00 2D 35 BC 61 20 00 43 6F 6E 54 45 58 54 2E 6C 6E 6B 00 2E 00 03 00 04 00 EF BE 2D 35 BC 61 C3 3A 8D 52 14 00 00 00 43 00 6F 00 6E 00 54 00 45 00 58 00 54 00 2E 00 6C 00 6E 00 6B 00 00 00 1A 00 15 00 00 00 92 01 00 00 5E 00 3A 00 72 03 00 00 DA 38 B3 45 20 00 43 55 52 52 45 4E 7E 31 2E 4C 4E 4B 00 00 42 00 03 00 04 00 EF BE B7 38 9B 11 E9 3A 75 61 14 00 00 00 43 00 55 00 52 00 52 00 45 00 4E 00 54 00 20 00 56 00 69 00 72 00 75 00 73 00 44 00 65 00 66 00 73 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 15 00 00 00 E2 01 00 00 4E 00 3A 00 4D 02 00 00 2D 35 BC 61 20 00 44 45 42 55 47 56 7E 31 2E 4C 4E 4B 00 00 32 00 03 00 04 00 EF BE 25 35 AF 78 C3 3A 8D 52 14 00 00 00 44 00 65 00 62 00 75 00 67 00 76 00 69 00 65 00 77 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 15 00 00 00 32 02 00 00 40 00 3A 00 49 00 00 00 24 35 30 6B 20 00 64 69 66 66 2E 62 61 74 00 00 28 00 03 00 04 00 EF BE 25 35 CD 76 2A 38 44 61 14 00 00 00 64 00 69 00 66 00 66 00 2E 00 62 00 61 00 74 00 00 00 18 00 15 00 00 00 82 02 00 00 48 00 3A 00 06 02 00 00 2D 35 BC 61 20 00 64 6E 73 74 6F 6F 6C 2E 6C 6E 6B 00 2E 00 03 00 04 00 EF BE 2A 35 00 77 C3 3A 8D 52 14 00 00 00 64 00 6E 00 73 00 74 00 6F 00 6F 00 6C 00 2E 00 6C 00 6E 00 6B 00 00 00 1A 00 15 00 00 00 D2 02 00 00 40 00 3A 00 3A 00 00 00 24 35 30 6B 20 00 64 72 6F 70 2E 62 61 74 00 00 28 00 03 00 04 00 EF BE 25 35 CD 76 2A 38 44 61 14 00 00 00 64 00 72 00 6F 00 70 00 2E 00 62 00 61 00 74 00 00 00 18 00 15 00 00 00 22 03 00 00 50 00 3A 00 86 02 00 00 25 35 32 77 20 00 45 44 49 54 50 4C 7E 31 2E 4C 4E 4B 00 00 34 00 03 00 04 00 EF BE 25 35 32 77 C3 3A 8D 52 14 00 00 00 45 00 64 00 69 00 74 00 50 00 6C 00 75 00 73 00 20 00 32 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 15 00 00 00 72 03 00 00 48 00 3A 00 4D 02 00 00 2D 35 BC 61 20 00 46 69 6C 65 4D 6F 6E 2E 6C 6E 6B 00 2E 00 03 00 04 00 EF BE 25 35 FA 76 C3 3A 8D 52 14 00 00 00 46 00 69 00 6C 00 65 00 4D 00 6F 00 6E 00 2E 00 6C 00 6E 00 6B 00 00 00 1A 00 60 00 00 00 02 00 00 00 4C 00 3A 00 E5 01 00 00 2D 35 BB 61 20 00 46 69 6C 65 76 69 65 77 2E 6C 6E 6B 00 00 30 00 03 00 04 00 EF BE 25 35 AF 78 C3 3A 8D 52 14 00 00 00 46 00 69 00 6C 00 65 00 76 00 69 00 65 00 77 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 60 00 00 00 52 00 00 00 40 00 3A 00 CD 01 00 00 2D 35 D3 7A 20 00 47 4D 45 52 2E 6C 6E 6B 00 00 28 00 03 00 04 00 EF BE 25 35 FA 76 C3 3A 8D 52 14 00 00 00 47 00 4D 00 45 00 52 00 2E 00 6C 00 6E 00 6B 00 00 00 18 00 60 00 00 00 A2 00 00 00 4C 00 3A 00 BD 05 00 00 25 35 50 77 20 00 47 56 49 4D 37 30 7E 31 2E 4C 4E 4B 00 00 30 00 03 00 04 00 EF BE 25 35 50 77 C3 3A 8D 52 14 00 00 00 67 00 56 00 69 00 6D 00 20 00 37 00 2E 00 30 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 60 00 00 00 F2 00 00 00 54 00 3A 00 82 02 00 00 9A 36 7A 7D 20 00 48 45 58 57 4F 52 7E 31 2E 4C 4E 4B 00 00 38 00 03 00 04 00 EF BE 9A 36 7A 7D C3 3A 8C 52 14 00 00 00 48 00 65 00 78 00 20 00 57 00 6F 00 72 00 6B 00 73 00 68 00 6F 00 70 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 60 00 00 00 42 01 00 00 4C 00 3A 00 E5 01 00 00 2D 35 D3 7A 20 00 49 63 65 53 77 6F 72 64 2E 6C 6E 6B 00 00 30 00 03 00 04 00 EF BE 25 35 FA 76 C3 3A 8C 52 14 00 00 00 49 00 63 00 65 00 53 00 77 00 6F 00 72 00 64 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 60 00 00 00 92 01 00 00 48 00 3A 00 C1 01 00 00 25 35 58 77 20 00 49 44 41 35 31 7E 31 2E 4C 4E 4B 00 2E 00 03 00 04 00 EF BE 25 35 58 77 C3 3A 8C 52 14 00 00 00 49 00 44 00 41 00 20 00 35 00 2E 00 31 00 2E 00 6C 00 6E 00 6B 00 00 00 1A 00 60 00 00 00 E2 01 00 00 4C 00 3A 00 38 02 00 00 2D 35 54 63 20 00 49 4F 4C 5F 46 52 45 45 2E 6C 6E 6B 00 00 30 00 03 00 04 00 EF BE 2D 35 54 63 E9 3A 7A 61 14 00 00 00 49 00 4F 00 4C 00 5F 00 46 00 52 00 45 00 45 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 60 00 00 00 32 02 00 00 5A 00 3A 00 14 06 00 00 2A 37 7A 61 20 00 4D 4F 5A 49 4C 4C 7E 31 2E 4C 4E 4B 00 00 3E 00 03 00 04 00 EF BE 2A 37 7A 61 C3 3A 8C 52 14 00 00 00 4D 00 6F 00 7A 00 69 00 6C 00 6C 00 61 00 20 00 46 00 69 00 72 00 65 00 66 00 6F 00 78 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 60 00 00 00 82 02 00 00 68 00 3A 00 0F 03 00 00 9A 36 B1 7B 20 00 4D 53 4E 45 54 57 7E 31 2E 4C 4E 4B 00 00 4C 00 03 00 04 00 EF BE 9A 36 B1 7B C3 3A 8C 52 14 00 00 00 4D 00 53 00 20 00 4E 00 65 00 74 00 77 00 6F 00 72 00 6B 00 20 00 4D 00 6F 00 6E 00 69 00 74 00 6F 00 72 00 20 00 33 00 2E 00 30 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 60 00 00 00 D2 02 00 00 5C 00 3A 00 B1 07 00 00 3A 37 F3 6A 20 00 4E 4F 52 54 4F 4E 7E 31 2E 4C 4E 4B 00 00 40 00 03 00 04 00 EF BE 3A 37 F3 6A C3 3A 8C 52 14 00 00 00 4E 00 6F 00 72 00 74 00 6F 00 6E 00 20 00 41 00 6E 00 74 00 69 00 56 00 69 00 72 00 75 00 73 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 60 00 00 00 22 03 00 00 48 00 3A 00 4A 02 00 00 42 37 E0 81 20 00 4F 6C 6C 79 64 62 67 2E 6C 6E 6B 00 2E 00 03 00 04 00 EF BE 25 35 AF 78 E9 3A 75 61 14 00 00 00 4F 00 6C 00 6C 00 79 00 64 00 62 00 67 00 2E 00 6C 00 6E 00 6B 00 00 00 1A 00 60 00 00 00 72 03 00 00 40 00 3A 00 CD 01 00 00 43 37 9B 6A 20 00 50 45 49 44 2E 6C 6E 6B 00 00 28 00 03 00 04 00 EF BE 25 35 72 77 E9 3A 75 61 14 00 00 00 50 00 45 00 49 00 44 00 2E 00 6C 00 6E 00 6B 00 00 00 18 00 AB 00 00 00 02 00 00 00 48 00 3A 00 4D 02 00 00 2D 35 D3 7A 20 00 50 72 6F 63 45 78 70 2E 6C 6E 6B 00 2E 00 03 00 04 00 EF BE 25 35 FA 76 C3 3A 8C 52 14 00 00 00 50 00 72 00 6F 00 63 00 45 00 78 00 70 00 2E 00 6C 00 6E 00 6B 00 00 00 1A 00 AB 00 00 00 52 00 00 00 56 00 3A 00 63 00 00 00 24 35 31 6B 20 00 52 45 42 4F 4F 54 7E 31 2E 42 41 54 00 00 3A 00 03 00 04 00 EF BE 25 35 CD 76 2A 38 44 61 14 00 00 00 72 00 65 00 62 00 6F 00 6F 00 74 00 61 00 63 00 74 00 69 00 6F 00 6E 00 73 00 2E 00 62 00 61 00 74 00 00 00 1C 00 AB 00 00 00 A2 00 00 00 46 00 3A 00 48 02 00 00 2D 35 BC 61 20 00 52 65 67 4D 6F 6E 2E 6C 6E 6B 00 00 2C 00 03 00 04 00 EF BE 25 35 FA 76 C3 3A 8C 52 14 00 00 00 52 00 65 00 67 00 4D 00 6F 00 6E 00 2E 00 6C 00 6E 00 6B 00 00 00 1A 00 AB 00 00 00 F2 00 00 00 48 00 3A 00 F0 01 00 00 2D 35 BB 61 20 00 52 65 67 73 68 6F 74 2E 6C 6E 6B 00 2E 00 03 00 04 00 EF BE 25 35 FA 76 C3 3A 8C 52 14 00 00 00 52 00 65 00 67 00 73 00 68 00 6F 00 74 00 2E 00 6C 00 6E 00 6B 00 00 00 1A 00 AB 00 00 00 42 01 00 00 5C 00 3A 00 C3 01 00 00 2D 35 BC 61 20 00 52 4F 4F 54 4B 49 7E 31 2E 4C 4E 4B 00 00 40 00 03 00 04 00 EF BE 2A 35 00 77 C3 3A 8C 52 14 00 00 00 52 00 6F 00 6F 00 74 00 4B 00 69 00 74 00 20 00 52 00 65 00 76 00 65 00 61 00 6C 00 65 00 72 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 AB 00 00 00 92 01 00 00 42 00 3A 00 6C 00 00 00 24 35 CC 6E 20 00 73 6E 69 66 66 2E 62 61 74 00 2A 00 03 00 04 00 EF BE 25 35 CD 76 2A 38 44 61 14 00 00 00 73 00 6E 00 69 00 66 00 66 00 2E 00 62 00 61 00 74 00 00 00 18 00 AB 00 00 00 E2 01 00 00 4C 00 3A 00 04 02 00 00 2D 35 D3 7A 20 00 53 59 4D 50 41 52 53 45 2E 6C 6E 6B 00 00 30 00 03 00 04 00 EF BE 25 35 FA 76 C3 3A 8C 52 14 00 00 00 53 00 59 00 4D 00 50 00 41 00 52 00 53 00 45 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 AB 00 00 00 32 02 00 00 46 00 3A 00 48 02 00 00 2D 35 BC 61 20 00 54 44 49 4D 6F 6E 2E 6C 6E 6B 00 00 2C 00 03 00 04 00 EF BE 25 35 AF 78 C3 3A 8C 52 14 00 00 00 54 00 44 00 49 00 4D 00 6F 00 6E 00 2E 00 6C 00 6E 00 6B 00 00 00 1A 00 AB 00 00 00 82 02 00 00 5A 00 3A 00 58 02 00 00 2D 35 BB 61 20 00 54 4F 54 41 4C 43 7E 31 2E 4C 4E 4B 00 00 3E 00 03 00 04 00 EF BE 2C 35 12 72 C3 3A 8C 52 14 00 00 00 54 00 4F 00 54 00 41 00 4C 00 20 00 43 00 4F 00 4D 00 4D 00 41 00 4E 00 44 00 45 00 52 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 AB 00 00 00 D2 02 00 00 54 00 3A 00 84 02 00 00 42 37 D5 69 20 00 55 4C 54 52 41 45 7E 32 2E 4C 4E 4B 00 00 38 00 03 00 04 00 EF BE 25 35 27 78 E9 3A 75 61 14 00 00 00 55 00 6C 00 74 00 72 00 61 00 45 00 64 00 69 00 74 00 2D 00 33 00 32 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 AB 00 00 00 22 03 00 00 3C 00 3A 00 3E 02 00 00 2D 35 D3 7A 20 00 57 43 57 2E 6C 6E 6B 00 26 00 03 00 04 00 EF BE 25 35 FA 76 C3 3A 8C 52 14 00 00 00 57 00 43 00 57 00 2E 00 6C 00 6E 00 6B 00 00 00 16 00 AB 00 00 00 72 03 00 00 5C 00 31 00 00 00 00 00 43 37 22 57 10 00 4E 45 54 57 4F 52 7E 31 00 00 44 00 03 00 04 00 EF BE 42 37 54 52 C3 3A CC 45 14 00 00 00 4E 00 65 00 74 00 77 00 6F 00 72 00 6B 00 20 00 43 00 6F 00 6E 00 66 00 69 00 67 00 20 00 53 00 63 00 72 00 69 00 70 00 74 00 73 00 00 00 18 00 F6 00 00 00 02 00 00 00 56 00 32 00 FC 01 00 00 43 37 DB 52 20 00 41 53 53 4E 49 46 7E 31 2E 4C 4E 4B 00 00 3A 00 03 00 04 00 EF BE 43 37 DB 52 E9 3A 75 61 14 00 00 00 61 00 73 00 73 00 6E 00 69 00 66 00 66 00 65 00 72 00 2E 00 62 00 61 00 74 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 F6 00 00 00 52 00 00 00 42 00 32 00 88 02 00 00 3E 39 C8 62 20 00 42 45 54 4F 4E 2E 6C 6E 6B 00 2A 00 03 00 04 00 EF BE 65 38 EE 48 E9 3A 75 61 14 00 00 00 42 00 45 00 54 00 4F 00 4E 00 2E 00 6C 00 6E 00 6B 00 00 00 18 00 F6 00 00 00 A2 00 00 00 64 00 32 00 70 54 07 00 2F 38 72 4A 20 00 44 45 45 50 41 4B 7E 31 2E 52 45 47 00 00 48 00 03 00 04 00 EF BE 2F 38 72 4A 2F 38 72 4A 14 00 00 00 64 00 65 00 65 00 70 00 61 00 6B 00 5F 00 66 00 61 00 72 00 5F 00 32 00 36 00 5F 00 64 00 65 00 63 00 5F 00 30 00 37 00 2E 00 72 00 65 00 67 00 00 00 1C 00 F6 00 00 00 F2 00 00 00 40 00 32 00 6D 01 00 00 3A 35 72 50 20 00 44 45 46 53 2E 6C 6E 6B 00 00 28 00 03 00 04 00 EF BE 3A 35 6C 50 C3 3A 8C 52 14 00 00 00 44 00 45 00 46 00 53 00 2E 00 6C 00 6E 00 6B 00 00 00 18 00 F6 00 00 00 42 01 00 00 54 00 32 00 EF 02 00 00 3A 37 64 6E 20 00 45 52 41 53 45 52 7E 31 2E 4C 4E 4B 00 00 38 00 03 00 04 00 EF BE 3A 37 52 6E C3 3A 8C 52 14 00 00 00 45 00 72 00 61 00 73 00 65 00 72 00 45 00 6E 00 67 00 69 00 6E 00 65 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 F6 00 00 00 92 01 00 00 4E 00 32 00 EE 05 00 00 9A 36 37 7C 20 00 46 49 4C 45 5A 49 7E 31 2E 4C 4E 4B 00 00 32 00 03 00 04 00 EF BE 9A 36 37 7C C3 3A 8C 52 14 00 00 00 46 00 69 00 6C 00 65 00 5A 00 69 00 6C 00 6C 00 61 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 41 01 00 00 E2 01 00 00 52 00 32 00 F0 01 00 00 3E 39 AE 62 20 00 47 45 54 5F 43 4C 7E 31 2E 4C 4E 4B 00 00 36 00 03 00 04 00 EF BE 3E 39 A9 62 E9 3A 75 61 14 00 00 00 67 00 65 00 74 00 5F 00 63 00 6C 00 69 00 70 00 2E 00 70 00 6C 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 F6 00 00 00 E2 01 00 00 8A 00 32 00 9D 61 26 00 50 36 D3 80 20 00 49 4E 54 45 4C 41 7E 31 2E 50 44 46 00 00 6E 00 03 00 04 00 EF BE 42 37 C4 7D 2A 38 25 61 14 00 00 00 49 00 6E 00 74 00 65 00 6C 00 20 00 41 00 73 00 6D 00 20 00 49 00 6E 00 73 00 74 00 72 00 75 00 63 00 74 00 69 00 6F 00 6E 00 20 00 53 00 65 00 74 00 20 00 52 00 65 00 66 00 65 00 72 00 65 00 6E 00 63 00 65 00 20 00 41 00 2D 00 4D 00 2E 00 70 00 64 00 66 00 00 00 1C 00 F6 00 00 00 32 02 00 00 8A 00 32 00 A7 F1 1F 00 50 36 D3 80 20 00 49 4E 54 45 4C 41 7E 32 2E 50 44 46 00 00 6E 00 03 00 04 00 EF BE 42 37 C4 7D 2A 38 25 61 14 00 00 00 49 00 6E 00 74 00 65 00 6C 00 20 00 41 00 73 00 6D 00 20 00 49 00 6E 00 73 00 74 00 72 00 75 00 63 00 74 00 69 00 6F 00 6E 00 20 00 53 00 65 00 74 00 20 00 52 00 65 00 66 00 65 00 72 00 65 00 6E 00 63 00 65 00 20 00 4E 00 2D 00 5A 00 2E 00 70 00 64 00 66 00 00 00 1C 00 F6 00 00 00 82 02 00 00 4C 00 32 00 40 02 00 00 2A 37 84 68 20 00 4D 57 53 4E 41 50 7E 31 2E 4C 4E 4B 00 00 30 00 03 00 04 00 EF BE 2A 37 84 68 C3 3A 8C 52 14 00 00 00 4D 00 57 00 53 00 6E 00 61 00 70 00 20 00 33 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 F6 00 00 00 D2 02 00 00 5A 00 32 00 79 02 00 00 75 35 48 45 20 00 50 52 4F 43 45 53 7E 31 2E 4C 4E 4B 00 00 3E 00 03 00 04 00 EF BE 75 35 48 45 C3 3A 8C 52 14 00 00 00 50 00 72 00 6F 00 63 00 65 00 73 00 73 00 20 00 4D 00 6F 00 6E 00 69 00 74 00 6F 00 72 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 F6 00 00 00 22 03 00 00 52 00 32 00 F0 01 00 00 31 38 D2 05 20 00 50 55 54 5F 43 4C 7E 31 2E 4C 4E 4B 00 00 36 00 03 00 04 00 EF BE 31 38 C9 05 E9 3A 75 61 14 00 00 00 70 00 75 00 74 00 5F 00 63 00 6C 00 69 00 70 00 2E 00 70 00 6C 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 F6 00 00 00 72 03 00 00 50 00 32 00 73 02 00 00 43 37 7A 6A 20 00 52 4B 55 4E 48 4F 7E 31 2E 4C 4E 4B 00 00 34 00 03 00 04 00 EF BE 43 37 7A 6A E9 3A 75 61 14 00 00 00 52 00 6B 00 55 00 6E 00 68 00 6F 00 6F 00 6B 00 65 00 72 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 41 01 00 00 02 00 00 00 58 00 32 00 C8 02 00 00 3B 37 23 47 20 00 53 59 4D 50 52 4F 7E 31 2E 4C 4E 4B 00 00 3C 00 03 00 04 00 EF BE 3B 37 2A 46 E9 3A 75 61 14 00 00 00 53 00 59 00 4D 00 50 00 52 00 4F 00 54 00 45 00 43 00 54 00 20 00 4F 00 46 00 46 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 41 01 00 00 52 00 00 00 56 00 32 00 BC 02 00 00 3B 37 34 47 20 00 53 59 4D 50 52 4F 7E 32 2E 4C 4E 4B 00 00 3A 00 03 00 04 00 EF BE 3B 37 2A 46 E9 3A 75 61 14 00 00 00 53 00 59 00 4D 00 50 00 52 00 4F 00 54 00 45 00 43 00 54 00 20 00 4F 00 4E 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 41 01 00 00 A2 00 00 00 5E 00 32 00 CD 02 00 00 3B 37 2C 47 20 00 53 59 4D 50 52 4F 7E 33 2E 4C 4E 4B 00 00 42 00 03 00 04 00 EF BE 3B 37 2A 46 E9 3A 75 61 14 00 00 00 53 00 59 00 4D 00 50 00 52 00 4F 00 54 00 45 00 43 00 54 00 20 00 53 00 54 00 41 00 54 00 55 00 53 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 41 01 00 00 F2 00 00 00 42 00 32 00 B6 01 00 00 43 37 3D 51 20 00 54 4F 4F 4C 53 2E 6C 6E 6B 00 2A 00 03 00 04 00 EF BE 3A 37 68 62 E9 3A 75 61 14 00 00 00 54 00 4F 00 4F 00 4C 00 53 00 2E 00 6C 00 6E 00 6B 00 00 00 18 00 41 01 00 00 42 01 00 00 4E 00 32 00 FB 02 00 00 3A 37 49 6E 20 00 56 49 52 55 53 44 7E 31 2E 4C 4E 4B 00 00 32 00 03 00 04 00 EF BE 3A 37 35 6E C3 3A 8B 52 14 00 00 00 56 00 69 00 72 00 75 00 73 00 44 00 65 00 66 00 73 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 41 01 00 00 92 01 00 00 46 00 32 00 D3 01 00 00 2A 37 16 5E 20 00 57 45 42 50 4C 7E 31 2E 4C 4E 4B 00 2C 00 03 00 04 00 EF BE 2A 37 05 5E C3 3A 8B 52 14 00 00 00 77 00 65 00 62 00 2E 00 70 00 6C 00 2E 00 6C 00 6E 00 6B 00 00 00 1A 00 41 01 00 00 92 01 00 00 00 00 00 00"
  • HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Microsoft\Windows\Shell\Bags\1\Desktop\"ItemPos1280x1024(1)" = "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 15 00 00 00 02 00 00 00 14 00 1F 50 E0 4F D0 20 EA 3A 69 10 A2 D8 08 00 2B 30 30 9D 15 00 00 00 52 00 00 00 14 00 1F 60 40 F0 5F 64 81 50 1B 10 9F 08 00 AA 00 2F 95 4E 15 00 00 00 A2 00 00 00 46 00 3A 00 6C 02 00 00 2D 35 BB 61 20 00 41 50 49 4D 6F 6E 2E 6C 6E 6B 00 00 2C 00 03 00 04 00 EF BE 25 35 AF 78 C3 3A 8D 52 14 00 00 00 41 00 50 00 49 00 4D 00 6F 00 6E 00 2E 00 6C 00 6E 00 6B 00 00 00 1A 00 15 00 00 00 F2 00 00 00 4C 00 3A 00 54 02 00 00 2D 35 BC 61 20 00 41 75 74 6F 52 75 6E 73 2E 6C 6E 6B 00 00 30 00 03 00 04 00 EF BE 2A 35 00 77 C3 3A 8D 52 14 00 00 00 41 00 75 00 74 00 6F 00 52 00 75 00 6E 00 73 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 15 00 00 00 42 01 00 00 48 00 3A 00 4A 02 00 00 2D 35 BC 61 20 00 43 6F 6E 54 45 58 54 2E 6C 6E 6B 00 2E 00 03 00 04 00 EF BE 2D 35 BC 61 C3 3A 8D 52 14 00 00 00 43 00 6F 00 6E 00 54 00 45 00 58 00 54 00 2E 00 6C 00 6E 00 6B 00 00 00 1A 00 15 00 00 00 92 01 00 00 5E 00 3A 00 72 03 00 00 DA 38 B3 45 20 00 43 55 52 52 45 4E 7E 31 2E 4C 4E 4B 00 00 42 00 03 00 04 00 EF BE B7 38 9B 11 EA 3A 29 2B 14 00 00 00 43 00 55 00 52 00 52 00 45 00 4E 00 54 00 20 00 56 00 69 00 72 00 75 00 73 00 44 00 65 00 66 00 73 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 15 00 00 00 E2 01 00 00 4E 00 3A 00 4D 02 00 00 2D 35 BC 61 20 00 44 45 42 55 47 56 7E 31 2E 4C 4E 4B 00 00 32 00 03 00 04 00 EF BE 25 35 AF 78 C3 3A 8D 52 14 00 00 00 44 00 65 00 62 00 75 00 67 00 76 00 69 00 65 00 77 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 15 00 00 00 32 02 00 00 40 00 3A 00 49 00 00 00 24 35 30 6B 20 00 64 69 66 66 2E 62 61 74 00 00 28 00 03 00 04 00 EF BE 25 35 CD 76 2A 38 44 61 14 00 00 00 64 00 69 00 66 00 66 00 2E 00 62 00 61 00 74 00 00 00 18 00 15 00 00 00 82 02 00 00 48 00 3A 00 06 02 00 00 2D 35 BC 61 20 00 64 6E 73 74 6F 6F 6C 2E 6C 6E 6B 00 2E 00 03 00 04 00 EF BE 2A 35 00 77 C3 3A 8D 52 14 00 00 00 64 00 6E 00 73 00 74 00 6F 00 6F 00 6C 00 2E 00 6C 00 6E 00 6B 00 00 00 1A 00 15 00 00 00 D2 02 00 00 40 00 3A 00 3A 00 00 00 24 35 30 6B 20 00 64 72 6F 70 2E 62 61 74 00 00 28 00 03 00 04 00 EF BE 25 35 CD 76 2A 38 44 61 14 00 00 00 64 00 72 00 6F 00 70 00 2E 00 62 00 61 00 74 00 00 00 18 00 B8 02 00 00 F2 00 00 00 50 00 3A 00 86 02 00 00 25 35 32 77 20 00 45 44 49 54 50 4C 7E 31 2E 4C 4E 4B 00 00 34 00 03 00 04 00 EF BE 25 35 32 77 C3 3A 8D 52 14 00 00 00 45 00 64 00 69 00 74 00 50 00 6C 00 75 00 73 00 20 00 32 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 15 00 00 00 72 03 00 00 48 00 3A 00 4D 02 00 00 2D 35 BC 61 20 00 46 69 6C 65 4D 6F 6E 2E 6C 6E 6B 00 2E 00 03 00 04 00 EF BE 25 35 FA 76 C3 3A 8D 52 14 00 00 00 46 00 69 00 6C 00 65 00 4D 00 6F 00 6E 00 2E 00 6C 00 6E 00 6B 00 00 00 1A 00 60 00 00 00 02 00 00 00 4C 00 3A 00 E5 01 00 00 2D 35 BB 61 20 00 46 69 6C 65 76 69 65 77 2E 6C 6E 6B 00 00 30 00 03 00 04 00 EF BE 25 35 AF 78 C3 3A 8D 52 14 00 00 00 46 00 69 00 6C 00 65 00 76 00 69 00 65 00 77 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 60 00 00 00 52 00 00 00 40 00 3A 00 CD 01 00 00 2D 35 D3 7A 20 00 47 4D 45 52 2E 6C 6E 6B 00 00 28 00 03 00 04 00 EF BE 25 35 FA 76 C3 3A 8D 52 14 00 00 00 47 00 4D 00 45 00 52 00 2E 00 6C 00 6E 00 6B 00 00 00 18 00 60 00 00 00 A2 00 00 00 4C 00 3A 00 BD 05 00 00 25 35 50 77 20 00 47 56 49 4D 37 30 7E 31 2E 4C 4E 4B 00 00 30 00 03 00 04 00 EF BE 25 35 50 77 C3 3A 8D 52 14 00 00 00 67 00 56 00 69 00 6D 00 20 00 37 00 2E 00 30 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 60 00 00 00 F2 00 00 00 54 00 3A 00 82 02 00 00 9A 36 7A 7D 20 00 48 45 58 57 4F 52 7E 31 2E 4C 4E 4B 00 00 38 00 03 00 04 00 EF BE 9A 36 7A 7D C3 3A 8C 52 14 00 00 00 48 00 65 00 78 00 20 00 57 00 6F 00 72 00 6B 00 73 00 68 00 6F 00 70 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 60 00 00 00 42 01 00 00 4C 00 3A 00 E5 01 00 00 2D 35 D3 7A 20 00 49 63 65 53 77 6F 72 64 2E 6C 6E 6B 00 00 30 00 03 00 04 00 EF BE 25 35 FA 76 C3 3A 8C 52 14 00 00 00 49 00 63 00 65 00 53 00 77 00 6F 00 72 00 64 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 60 00 00 00 92 01 00 00 48 00 3A 00 C1 01 00 00 25 35 58 77 20 00 49 44 41 35 31 7E 31 2E 4C 4E 4B 00 2E 00 03 00 04 00 EF BE 25 35 58 77 C3 3A 8C 52 14 00 00 00 49 00 44 00 41 00 20 00 35 00 2E 00 31 00 2E 00 6C 00 6E 00 6B 00 00 00 1A 00 60 00 00 00 E2 01 00 00 4C 00 3A 00 38 02 00 00 2D 35 54 63 20 00 49 4F 4C 5F 46 52 45 45 2E 6C 6E 6B 00 00 30 00 03 00 04 00 EF BE 2D 35 54 63 E9 3A 7A 61 14 00 00 00 49 00 4F 00 4C 00 5F 00 46 00 52 00 45 00 45 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 03 03 00 00 42 01 00 00 5A 00 3A 00 14 06 00 00 2A 37 7A 61 20 00 4D 4F 5A 49 4C 4C 7E 31 2E 4C 4E 4B 00 00 3E 00 03 00 04 00 EF BE 2A 37 7A 61 C3 3A 8C 52 14 00 00 00 4D 00 6F 00 7A 00 69 00 6C 00 6C 00 61 00 20 00 46 00 69 00 72 00 65 00 66 00 6F 00 78 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 60 00 00 00 82 02 00 00 68 00 3A 00 0F 03 00 00 9A 36 B1 7B 20 00 4D 53 4E 45 54 57 7E 31 2E 4C 4E 4B 00 00 4C 00 03 00 04 00 EF BE 9A 36 B1 7B C3 3A 8C 52 14 00 00 00 4D 00 53 00 20 00 4E 00 65 00 74 00 77 00 6F 00 72 00 6B 00 20 00 4D 00 6F 00 6E 00 69 00 74 00 6F 00 72 00 20 00 33 00 2E 00 30 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 60 00 00 00 D2 02 00 00 5C 00 3A 00 B1 07 00 00 3A 37 F3 6A 20 00 4E 4F 52 54 4F 4E 7E 31 2E 4C 4E 4B 00 00 40 00 03 00 04 00 EF BE 3A 37 F3 6A C3 3A 8C 52 14 00 00 00 4E 00 6F 00 72 00 74 00 6F 00 6E 00 20 00 41 00 6E 00 74 00 69 00 56 00 69 00 72 00 75 00 73 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 60 00 00 00 22 03 00 00 48 00 3A 00 4A 02 00 00 42 37 E0 81 20 00 4F 6C 6C 79 64 62 67 2E 6C 6E 6B 00 2E 00 03 00 04 00 EF BE 25 35 AF 78 EA 3A 28 2B 14 00 00 00 4F 00 6C 00 6C 00 79 00 64 00 62 00 67 00 2E 00 6C 00 6E 00 6B 00 00 00 1A 00 B8 02 00 00 92 01 00 00 40 00 3A 00 CD 01 00 00 43 37 9B 6A 20 00 50 45 49 44 2E 6C 6E 6B 00 00 28 00 03 00 04 00 EF BE 25 35 72 77 EA 3A 28 2B 14 00 00 00 50 00 45 00 49 00 44 00 2E 00 6C 00 6E 00 6B 00 00 00 18 00 AB 00 00 00 02 00 00 00 48 00 3A 00 4D 02 00 00 2D 35 D3 7A 20 00 50 72 6F 63 45 78 70 2E 6C 6E 6B 00 2E 00 03 00 04 00 EF BE 25 35 FA 76 C3 3A 8C 52 14 00 00 00 50 00 72 00 6F 00 63 00 45 00 78 00 70 00 2E 00 6C 00 6E 00 6B 00 00 00 1A 00 AB 00 00 00 52 00 00 00 56 00 3A 00 63 00 00 00 24 35 31 6B 20 00 52 45 42 4F 4F 54 7E 31 2E 42 41 54 00 00 3A 00 03 00 04 00 EF BE 25 35 CD 76 2A 38 44 61 14 00 00 00 72 00 65 00 62 00 6F 00 6F 00 74 00 61 00 63 00 74 00 69 00 6F 00 6E 00 73 00 2E 00 62 00 61 00 74 00 00 00 1C 00 AB 00 00 00 A2 00 00 00 46 00 3A 00 48 02 00 00 2D 35 BC 61 20 00 52 65 67 4D 6F 6E 2E 6C 6E 6B 00 00 2C 00 03 00 04 00 EF BE 25 35 FA 76 C3 3A 8C 52 14 00 00 00 52 00 65 00 67 00 4D 00 6F 00 6E 00 2E 00 6C 00 6E 00 6B 00 00 00 1A 00 AB 00 00 00 F2 00 00 00 48 00 3A 00 F0 01 00 00 2D 35 BB 61 20 00 52 65 67 73 68 6F 74 2E 6C 6E 6B 00 2E 00 03 00 04 00 EF BE 25 35 FA 76 C3 3A 8C 52 14 00 00 00 52 00 65 00 67 00 73 00 68 00 6F 00 74 00 2E 00 6C 00 6E 00 6B 00 00 00 1A 00 AB 00 00 00 42 01 00 00 5C 00 3A 00 C3 01 00 00 2D 35 BC 61 20 00 52 4F 4F 54 4B 49 7E 31 2E 4C 4E 4B 00 00 40 00 03 00 04 00 EF BE 2A 35 00 77 C3 3A 8C 52 14 00 00 00 52 00 6F 00 6F 00 74 00 4B 00 69 00 74 00 20 00 52 00 65 00 76 00 65 00 61 00 6C 00 65 00 72 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 AB 00 00 00 92 01 00 00 42 00 3A 00 6C 00 00 00 24 35 CC 6E 20 00 73 6E 69 66 66 2E 62 61 74 00 2A 00 03 00 04 00 EF BE 25 35 CD 76 2A 38 44 61 14 00 00 00 73 00 6E 00 69 00 66 00 66 00 2E 00 62 00 61 00 74 00 00 00 18 00 AB 00 00 00 E2 01 00 00 4C 00 3A 00 04 02 00 00 2D 35 D3 7A 20 00 53 59 4D 50 41 52 53 45 2E 6C 6E 6B 00 00 30 00 03 00 04 00 EF BE 25 35 FA 76 C3 3A 8C 52 14 00 00 00 53 00 59 00 4D 00 50 00 41 00 52 00 53 00 45 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 AB 00 00 00 32 02 00 00 46 00 3A 00 48 02 00 00 2D 35 BC 61 20 00 54 44 49 4D 6F 6E 2E 6C 6E 6B 00 00 2C 00 03 00 04 00 EF BE 25 35 AF 78 C3 3A 8C 52 14 00 00 00 54 00 44 00 49 00 4D 00 6F 00 6E 00 2E 00 6C 00 6E 00 6B 00 00 00 1A 00 AB 00 00 00 82 02 00 00 5A 00 3A 00 58 02 00 00 2D 35 BB 61 20 00 54 4F 54 41 4C 43 7E 31 2E 4C 4E 4B 00 00 3E 00 03 00 04 00 EF BE 2C 35 12 72 C3 3A 8C 52 14 00 00 00 54 00 4F 00 54 00 41 00 4C 00 20 00 43 00 4F 00 4D 00 4D 00 41 00 4E 00 44 00 45 00 52 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 AB 00 00 00 D2 02 00 00 54 00 3A 00 84 02 00 00 42 37 D5 69 20 00 55 4C 54 52 41 45 7E 32 2E 4C 4E 4B 00 00 38 00 03 00 04 00 EF BE 25 35 27 78 EA 3A 28 2B 14 00 00 00 55 00 6C 00 74 00 72 00 61 00 45 00 64 00 69 00 74 00 2D 00 33 00 32 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 AB 00 00 00 22 03 00 00 3C 00 3A 00 3E 02 00 00 2D 35 D3 7A 20 00 57 43 57 2E 6C 6E 6B 00 26 00 03 00 04 00 EF BE 25 35 FA 76 C3 3A 8C 52 14 00 00 00 57 00 43 00 57 00 2E 00 6C 00 6E 00 6B 00 00 00 16 00 AB 00 00 00 72 03 00 00 5C 00 31 00 00 00 00 00 43 37 22 57 10 00 4E 45 54 57 4F 52 7E 31 00 00 44 00 03 00 04 00 EF BE 42 37 54 52 C3 3A CC 45 14 00 00 00 4E 00 65 00 74 00 77 00 6F 00 72 00 6B 00 20 00 43 00 6F 00 6E 00 66 00 69 00 67 00 20 00 53 00 63 00 72 00 69 00 70 00 74 00 73 00 00 00 18 00 F6 00 00 00 02 00 00 00 56 00 32 00 FC 01 00 00 43 37 DB 52 20 00 41 53 53 4E 49 46 7E 31 2E 4C 4E 4B 00 00 3A 00 03 00 04 00 EF BE 43 37 DB 52 EA 3A 28 2B 14 00 00 00 61 00 73 00 73 00 6E 00 69 00 66 00 66 00 65 00 72 00 2E 00 62 00 61 00 74 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 6D 02 00 00 42 01 00 00 42 00 32 00 88 02 00 00 3E 39 C8 62 20 00 42 45 54 4F 4E 2E 6C 6E 6B 00 2A 00 03 00 04 00 EF BE 65 38 EE 48 EA 3A 28 2B 14 00 00 00 42 00 45 00 54 00 4F 00 4E 00 2E 00 6C 00 6E 00 6B 00 00 00 18 00 F6 00 00 00 A2 00 00 00 64 00 32 00 70 54 07 00 2F 38 72 4A 20 00 44 45 45 50 41 4B 7E 31 2E 52 45 47 00 00 48 00 03 00 04 00 EF BE 2F 38 72 4A 2F 38 72 4A 14 00 00 00 64 00 65 00 65 00 70 00 61 00 6B 00 5F 00 66 00 61 00 72 00 5F 00 32 00 36 00 5F 00 64 00 65 00 63 00 5F 00 30 00 37 00 2E 00 72 00 65 00 67 00 00 00 1C 00 F6 00 00 00 F2 00 00 00 40 00 32 00 6D 01 00 00 3A 35 72 50 20 00 44 45 46 53 2E 6C 6E 6B 00 00 28 00 03 00 04 00 EF BE 3A 35 6C 50 C3 3A 8C 52 14 00 00 00 44 00 45 00 46 00 53 00 2E 00 6C 00 6E 00 6B 00 00 00 18 00 F6 00 00 00 42 01 00 00 54 00 32 00 EF 02 00 00 3A 37 64 6E 20 00 45 52 41 53 45 52 7E 31 2E 4C 4E 4B 00 00 38 00 03 00 04 00 EF BE 3A 37 52 6E C3 3A 8C 52 14 00 00 00 45 00 72 00 61 00 73 00 65 00 72 00 45 00 6E 00 67 00 69 00 6E 00 65 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 F6 00 00 00 92 01 00 00 4E 00 32 00 EE 05 00 00 9A 36 37 7C 20 00 46 49 4C 45 5A 49 7E 31 2E 4C 4E 4B 00 00 32 00 03 00 04 00 EF BE 9A 36 37 7C C3 3A 8C 52 14 00 00 00 46 00 69 00 6C 00 65 00 5A 00 69 00 6C 00 6C 00 61 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 41 01 00 00 E2 01 00 00 52 00 32 00 F0 01 00 00 3E 39 AE 62 20 00 47 45 54 5F 43 4C 7E 31 2E 4C 4E 4B 00 00 36 00 03 00 04 00 EF BE 3E 39 A9 62 EA 3A 28 2B 14 00 00 00 67 00 65 00 74 00 5F 00 63 00 6C 00 69 00 70 00 2E 00 70 00 6C 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 F6 00 00 00 E2 01 00 00 8A 00 32 00 9D 61 26 00 50 36 D3 80 20 00 49 4E 54 45 4C 41 7E 31 2E 50 44 46 00 00 6E 00 03 00 04 00 EF BE 42 37 C4 7D 2A 38 25 61 14 00 00 00 49 00 6E 00 74 00 65 00 6C 00 20 00 41 00 73 00 6D 00 20 00 49 00 6E 00 73 00 74 00 72 00 75 00 63 00 74 00 69 00 6F 00 6E 00 20 00 53 00 65 00 74 00 20 00 52 00 65 00 66 00 65 00 72 00 65 00 6E 00 63 00 65 00 20 00 41 00 2D 00 4D 00 2E 00 70 00 64 00 66 00 00 00 1C 00 F6 00 00 00 32 02 00 00 8A 00 32 00 A7 F1 1F 00 50 36 D3 80 20 00 49 4E 54 45 4C 41 7E 32 2E 50 44 46 00 00 6E 00 03 00 04 00 EF BE 42 37 C4 7D 2A 38 25 61 14 00 00 00 49 00 6E 00 74 00 65 00 6C 00 20 00 41 00 73 00 6D 00 20 00 49 00 6E 00 73 00 74 00 72 00 75 00 63 00 74 00 69 00 6F 00 6E 00 20 00 53 00 65 00 74 00 20 00 52 00 65 00 66 00 65 00 72 00 65 00 6E 00 63 00 65 00 20 00 4E 00 2D 00 5A 00 2E 00 70 00 64 00 66 00 00 00 1C 00 F6 00 00 00 82 02 00 00 4C 00 32 00 40 02 00 00 2A 37 84 68 20 00 4D 57 53 4E 41 50 7E 31 2E 4C 4E 4B 00 00 30 00 03 00 04 00 EF BE 2A 37 84 68 C3 3A 8C 52 14 00 00 00 4D 00 57 00 53 00 6E 00 61 00 70 00 20 00 33 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 F6 00 00 00 D2 02 00 00 5A 00 32 00 79 02 00 00 75 35 48 45 20 00 50 52 4F 43 45 53 7E 31 2E 4C 4E 4B 00 00 3E 00 03 00 04 00 EF BE 75 35 48 45 C3 3A 8C 52 14 00 00 00 50 00 72 00 6F 00 63 00 65 00 73 00 73 00 20 00 4D 00 6F 00 6E 00 69 00 74 00 6F 00 72 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 F6 00 00 00 22 03 00 00 52 00 32 00 F0 01 00 00 31 38 D2 05 20 00 50 55 54 5F 43 4C 7E 31 2E 4C 4E 4B 00 00 36 00 03 00 04 00 EF BE 31 38 C9 05 EA 3A 28 2B 14 00 00 00 70 00 75 00 74 00 5F 00 63 00 6C 00 69 00 70 00 2E 00 70 00 6C 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 F6 00 00 00 72 03 00 00 50 00 32 00 73 02 00 00 43 37 7A 6A 20 00 52 4B 55 4E 48 4F 7E 31 2E 4C 4E 4B 00 00 34 00 03 00 04 00 EF BE 43 37 7A 6A EA 3A 28 2B 14 00 00 00 52 00 6B 00 55 00 6E 00 68 00 6F 00 6F 00 6B 00 65 00 72 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 41 01 00 00 02 00 00 00 58 00 32 00 C8 02 00 00 3B 37 23 47 20 00 53 59 4D 50 52 4F 7E 31 2E 4C 4E 4B 00 00 3C 00 03 00 04 00 EF BE 3B 37 2A 46 EA 3A 28 2B 14 00 00 00 53 00 59 00 4D 00 50 00 52 00 4F 00 54 00 45 00 43 00 54 00 20 00 4F 00 46 00 46 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 41 01 00 00 52 00 00 00 56 00 32 00 BC 02 00 00 3B 37 34 47 20 00 53 59 4D 50 52 4F 7E 32 2E 4C 4E 4B 00 00 3A 00 03 00 04 00 EF BE 3B 37 2A 46 EA 3A 28 2B 14 00 00 00 53 00 59 00 4D 00 50 00 52 00 4F 00 54 00 45 00 43 00 54 00 20 00 4F 00 4E 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 41 01 00 00 A2 00 00 00 5E 00 32 00 CD 02 00 00 3B 37 2C 47 20 00 53 59 4D 50 52 4F 7E 33 2E 4C 4E 4B 00 00 42 00 03 00 04 00 EF BE 3B 37 2A 46 EA 3A 28 2B 14 00 00 00 53 00 59 00 4D 00 50 00 52 00 4F 00 54 00 45 00 43 00 54 00 20 00 53 00 54 00 41 00 54 00 55 00 53 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 41 01 00 00 F2 00 00 00 42 00 32 00 B6 01 00 00 43 37 3D 51 20 00 54 4F 4F 4C 53 2E 6C 6E 6B 00 2A 00 03 00 04 00 EF BE 3A 37 68 62 EA 3A 28 2B 14 00 00 00 54 00 4F 00 4F 00 4C 00 53 00 2E 00 6C 00 6E 00 6B 00 00 00 18 00 41 01 00 00 42 01 00 00 4E 00 32 00 FB 02 00 00 3A 37 49 6E 20 00 56 49 52 55 53 44 7E 31 2E 4C 4E 4B 00 00 32 00 03 00 04 00 EF BE 3A 37 35 6E C3 3A 8B 52 14 00 00 00 56 00 69 00 72 00 75 00 73 00 44 00 65 00 66 00 73 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 41 01 00 00 92 01 00 00 46 00 32 00 D3 01 00 00 2A 37 16 5E 20 00 57 45 42 50 4C 7E 31 2E 4C 4E 4B 00 2C 00 03 00 04 00 EF BE 2A 37 05 5E C3 3A 8B 52 14 00 00 00 77 00 65 00 62 00 2E 00 70 00 6C 00 2E 00 6C 00 6E 00 6B 00 00 00 1A 00 41 01 00 00 92 01 00 00 00 00 00 00"
  • HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\"MRUListEx" = "05 00 00 00 06 00 00 00 09 00 00 00 00 00 00 00 08 00 00 00 07 00 00 00 02 00 00 00 01 00 00 00 04 00 00 00 03 00 00 00 FF FF FF FF"
  • HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\"MRUListEx" = "06 00 00 00 05 00 00 00 09 00 00 00 00 00 00 00 08 00 00 00 07 00 00 00 02 00 00 00 01 00 00 00 04 00 00 00 03 00 00 00 FF FF FF FF"
  • HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Symantec\PIF\{96E26A03-A25A-400b-B9B4-564C9BD00F46}\ToasterAlerts\"lastSavedTime" = "20090709T143648"
  • HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Symantec\PIF\{96E26A03-A25A-400b-B9B4-564C9BD00F46}\ToasterAlerts\"lastSavedTime" = "20100218T120019"
  • HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\SessionInformation\"ProgramCount" = "5"
  • HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\SessionInformation\"ProgramCount" = "6"
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\"NextId" = "0x00002001"
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\"NextId" = "0x00002002"
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\"Cookies" = "C:\Documents and Settings\LocalService\Cookies"
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\"Cookies" = "C:\Documents and Settings\Administrator\Cookies"
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\"Local AppData" = "C:\Documents and Settings\LocalService\Local Settings\Application Data"
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\"Local AppData" = "C:\Documents and Settings\Administrator\Local Settings\Application Data"
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\"Cache" = "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files"
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\"Cache" = "C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files"
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\"History" = "C:\Documents and Settings\LocalService\Local Settings\History"
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\"History" = "C:\Documents and Settings\Administrator\Local Settings\History"


It may then delete the following registry entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Config.Msi\"" = ""



For successful remove PCDefender virus,you may also need do as following:
1. Temporarily Disable System Restore .

2. Update the virus definitions. Reboot computer in SafeMode;

3. Delete the IE temp files,some PCDefender temp file exisit there.

4.If you failed to remove PCDefender,please go to our remove help forum:http://help.antiviruses123.com

End Of The Article How to remove PCDefender remove process
Advanced Defender
Troj/Decdec-D
Mal/Delf-AI
Troj/HideProc-N
W32/Renocide-B
Mal/DelpDldr-N
Mal/Delf-AH
Secure File Shredder
PcSecureNet
PcsSecure
APcSafe
Desktop Security 2010
APcSecure
ProtectDefender
ArmorDefender
DefendAPc
PCAntiMalware  removal…
PcClient ML  removal i…
Pepakura Designer v2.1…
Autodesk AutoCAD 2006 …
DLoader lhwq  removal …
Downloader BJH  remova…
PcClient LN  removal i…
MalwareDefender2009
Win PC Defender  remov…
Downloader acl  remova…
Downloader acp  remova…
PcClient LA  removal i…
Malware Defender 2009 …
Delfile O  removal ins…
Kaspersky Key Finder  …
PcClient KW  removal i…
Downloader XZ  removal…
PcClient JM  removal i…
ACDSee v10.0 keygen  r…
Downloader AH  removal…
Delf qkt  removal inst…
Downloader zx  removal…
Downloader NSIS Agent …
CodecPack dpd  removal…
Sponsors
Hot Antivirus Article
Elite Antivirus Article
Contact Us
Copyright 2006-2007 Free Antivirus Program