Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer locks up randomly - Windows 7 64bit


  • Please log in to reply
15 replies to this topic

#1 infamousm

infamousm

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 13 February 2014 - 11:01 AM

Hello, my computer is starting to freeze at random times, for example in the middle of gaming, streaming a movie or even just talking on Skype. The screen just locks up and I have to restart my computer manually for it to work again. I have ran a memory diagnostic test and it found no errors, as well as a chkdsk scan. I have tried sfc /scannow and it said that it found corrupt files but was unable to fix them. I also ran a scan with Malwarebytes and found no infected files. Any help is appreciated, thank you. 


Edited by infamousm, 13 February 2014 - 11:03 AM.


BC AdBot (Login to Remove)

 


#2 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:08:26 PM

Posted 13 February 2014 - 11:06 AM

Hi infamousm and welcome to BleepingComputer! :)

 

:step1:

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

----------------------------------------------------------------

 

:step2:

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

What we need in your next reply:

Adwcleaner log

JRT log

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#3 infamousm

infamousm
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 13 February 2014 - 11:22 AM

Hello, and thank you for such a quick reply :)
 
Here are the logs:
 
# AdwCleaner v3.018 - Report created 13/02/2014 at 11:19:50
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Ultimate  (64 bits)
# Username : Manj - MANJ-PC
# Running from : C:\Users\Manj\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.7600.16385
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Ultimate x64
Ran by Manj on Thu 02/13/2014 at 11:15:22.67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 02/13/2014 at 11:19:16.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Edited by infamousm, 13 February 2014 - 11:27 AM.


#4 infamousm

infamousm
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 13 February 2014 - 01:02 PM

Hello, I am still experiencing the freezing.

 

Mod edit:

log attachment: http://www.bleepstatic.com/fhost/uploads/2/cbs.log


Edited by Andrew, 13 February 2014 - 02:06 PM.


#5 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:08:26 PM

Posted 14 February 2014 - 08:36 AM

Sorry for delay.

 

:step1:

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

:step2:

Please download Minitoolbox and save to your desktop.

Close all programs, run minitoolbox and select these boxes:

  • Flush DNS
  • Report IE proxy settings
  • Reset IE proxy settings
  • Report FF proxy settings
  • Reset proxy settings
  • List Content of Hosts
  • List last 10 Event Viewer Errors
  • List Installed Programs
  • List Devices (Only Problems)
  • List User, partitions and memory size.

Click GO and wait, please post the log here.

 

What we need in your next reply:

FSS log

Minitoolbox log

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#6 infamousm

infamousm
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 14 February 2014 - 09:23 AM

Farbar Service Scanner Version: 02-02-2014
Ran by Manj (administrator) on 14-02-2014 at 09:22:13
Running from "C:\Users\Manj\Downloads"
Microsoft Windows 7 Ultimate   (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
 
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
cryptsvc Service is not running. Checking service configuration:
The start type of cryptsvc service is OK.
The ImagePath of cryptsvc service is OK.
The ServiceDll of cryptsvc: "%SystemRoot%\system32\cryptsvc.dll".
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2009-07-13 18:25] - [2009-07-13 20:45] - 1898576 ____A (Microsoft Corporation) 912107716BAB424C7870E8E6AF5E07E1
 
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****
 
 
MiniToolBox by Farbar  Version: 23-01-2014
Ran by Manj (administrator) on 14-02-2014 at 09:23:47
Running from "C:\Users\Manj\Desktop"
Microsoft Windows 7 Ultimate   (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
 
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (02/13/2014 08:49:56 PM) (Source: Application Error) (User: )
Description: Faulting application name: ENGINE.EXE, version: 0.0.0.33484, time stamp: 0x52ddd7e7
Faulting module name: nexon_api.dll, version: 0.0.0.0, time stamp: 0x51b8b59a
Exception code: 0xc0000005
Fault offset: 0x00002045
Faulting process id: 0x197c
Faulting application start time: 0xENGINE.EXE0
Faulting application path: ENGINE.EXE1
Faulting module path: ENGINE.EXE2
Report Id: ENGINE.EXE3
 
Error: (02/13/2014 08:12:32 PM) (Source: Application Error) (User: )
Description: Faulting application name: ENGINE.EXE, version: 0.0.0.33484, time stamp: 0x52ddd7e7
Faulting module name: nexon_api.dll, version: 0.0.0.0, time stamp: 0x51b8b59a
Exception code: 0xc0000005
Fault offset: 0x00002045
Faulting process id: 0x1f74
Faulting application start time: 0xENGINE.EXE0
Faulting application path: ENGINE.EXE1
Faulting module path: ENGINE.EXE2
Report Id: ENGINE.EXE3
 
Error: (02/13/2014 07:39:39 PM) (Source: Application Error) (User: )
Description: Faulting application name: ENGINE.EXE, version: 0.0.0.33484, time stamp: 0x52ddd7e7
Faulting module name: nexon_api.dll, version: 0.0.0.0, time stamp: 0x51b8b59a
Exception code: 0xc0000005
Fault offset: 0x00002045
Faulting process id: 0x1938
Faulting application start time: 0xENGINE.EXE0
Faulting application path: ENGINE.EXE1
Faulting module path: ENGINE.EXE2
Report Id: ENGINE.EXE3
 
Error: (02/13/2014 07:06:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: ENGINE.EXE, version: 0.0.0.33484, time stamp: 0x52ddd7e7
Faulting module name: nmconew.dll_unloaded, version: 0.0.0.0, time stamp: 0x5178a4ff
Exception code: 0xc0000005
Fault offset: 0x1eb9698d
Faulting process id: 0xf30
Faulting application start time: 0xENGINE.EXE0
Faulting application path: ENGINE.EXE1
Faulting module path: ENGINE.EXE2
Report Id: ENGINE.EXE3
 
Error: (02/13/2014 06:25:31 PM) (Source: Application Error) (User: )
Description: Faulting application name: ENGINE.EXE, version: 0.0.0.33484, time stamp: 0x52ddd7e7
Faulting module name: nexon_api.dll, version: 0.0.0.0, time stamp: 0x51b8b59a
Exception code: 0xc0000005
Fault offset: 0x00002045
Faulting process id: 0x1e0c
Faulting application start time: 0xENGINE.EXE0
Faulting application path: ENGINE.EXE1
Faulting module path: ENGINE.EXE2
Report Id: ENGINE.EXE3
 
Error: (02/13/2014 05:40:03 PM) (Source: Application Error) (User: )
Description: Faulting application name: ENGINE.EXE, version: 0.0.0.33484, time stamp: 0x52ddd7e7
Faulting module name: nexon_api.dll, version: 0.0.0.0, time stamp: 0x51b8b59a
Exception code: 0xc0000005
Fault offset: 0x00002045
Faulting process id: 0x13dc
Faulting application start time: 0xENGINE.EXE0
Faulting application path: ENGINE.EXE1
Faulting module path: ENGINE.EXE2
Report Id: ENGINE.EXE3
 
Error: (02/13/2014 03:42:33 PM) (Source: Application Error) (User: )
Description: Faulting application name: ENGINE.EXE, version: 0.0.0.33484, time stamp: 0x52ddd7e7
Faulting module name: nexon_api.dll, version: 0.0.0.0, time stamp: 0x51b8b59a
Exception code: 0xc0000005
Fault offset: 0x00002045
Faulting process id: 0xb84
Faulting application start time: 0xENGINE.EXE0
Faulting application path: ENGINE.EXE1
Faulting module path: ENGINE.EXE2
Report Id: ENGINE.EXE3
 
Error: (02/13/2014 03:04:26 PM) (Source: Application Error) (User: )
Description: Faulting application name: ENGINE.EXE, version: 0.0.0.33484, time stamp: 0x52ddd7e7
Faulting module name: nexon_api.dll, version: 0.0.0.0, time stamp: 0x51b8b59a
Exception code: 0xc0000005
Fault offset: 0x00002045
Faulting process id: 0x5ec
Faulting application start time: 0xENGINE.EXE0
Faulting application path: ENGINE.EXE1
Faulting module path: ENGINE.EXE2
Report Id: ENGINE.EXE3
 
 
System errors:
=============
Error: (02/14/2014 08:51:30 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1062
 
Error: (02/14/2014 08:51:30 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1062
 
Error: (02/14/2014 08:51:30 AM) (Source: Service Control Manager) (User: )
Description: The System Event Notification Service service terminated with the following error: 
%%997
 
Error: (02/13/2014 08:55:20 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.
 
Error: (02/13/2014 08:54:48 PM) (Source: Service Control Manager) (User: )
Description: The System Event Notification Service service terminated with the following error: 
%%997
 
Error: (02/13/2014 08:54:22 PM) (Source: Service Control Manager) (User: )
Description: The TeamViewer 9 service failed to start due to the following error: 
%%1053
 
Error: (02/13/2014 08:54:22 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the TeamViewer 9 service to connect.
 
Error: (02/13/2014 08:53:48 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 8:50:51 PM on ?2/?13/?2014 was unexpected.
 
Error: (02/13/2014 08:14:15 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1062
 
Error: (02/13/2014 08:14:15 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1062
 
 
Microsoft Office Sessions:
=========================
Error: (02/13/2014 08:49:56 PM) (Source: Application Error)(User: )
Description: ENGINE.EXE0.0.0.3348452ddd7e7nexon_api.dll0.0.0.051b8b59ac000000500002045197c01cf2922182cd0ecC:\Nexon\Combat Arms\ENGINE.EXEC:\Nexon\Combat Arms\nexon_api.dll4dd701b2-951a-11e3-8a05-74d02b2fa880
 
Error: (02/13/2014 08:12:32 PM) (Source: Application Error)(User: )
Description: ENGINE.EXE0.0.0.3348452ddd7e7nexon_api.dll0.0.0.051b8b59ac0000005000020451f7401cf291f0c16b080C:\Nexon\Combat Arms\ENGINE.EXEC:\Nexon\Combat Arms\nexon_api.dll144f92fa-9515-11e3-8a05-74d02b2fa880
 
Error: (02/13/2014 07:39:39 PM) (Source: Application Error)(User: )
Description: ENGINE.EXE0.0.0.3348452ddd7e7nexon_api.dll0.0.0.051b8b59ac000000500002045193801cf2918c271d516C:\Nexon\Combat Arms\ENGINE.EXEC:\Nexon\Combat Arms\nexon_api.dll7c4ffe80-9510-11e3-8a05-74d02b2fa880
 
Error: (02/13/2014 07:06:57 PM) (Source: Application Error)(User: )
Description: ENGINE.EXE0.0.0.3348452ddd7e7nmconew.dll_unloaded0.0.0.05178a4ffc00000051eb9698df3001cf2912f0ce0821C:\Nexon\Combat Arms\ENGINE.EXEnmconew.dlleade36c7-950b-11e3-8a05-74d02b2fa880
 
Error: (02/13/2014 06:25:31 PM) (Source: Application Error)(User: )
Description: ENGINE.EXE0.0.0.3348452ddd7e7nexon_api.dll0.0.0.051b8b59ac0000005000020451e0c01cf290c9a097476C:\Nexon\Combat Arms\ENGINE.EXEC:\Nexon\Combat Arms\nexon_api.dll21188940-9506-11e3-8a05-74d02b2fa880
 
Error: (02/13/2014 05:40:03 PM) (Source: Application Error)(User: )
Description: ENGINE.EXE0.0.0.3348452ddd7e7nexon_api.dll0.0.0.051b8b59ac00000050000204513dc01cf2905c7471a55C:\Nexon\Combat Arms\ENGINE.EXEC:\Nexon\Combat Arms\nexon_api.dllc6957ffc-94ff-11e3-8a05-74d02b2fa880
 
Error: (02/13/2014 03:42:33 PM) (Source: Application Error)(User: )
Description: ENGINE.EXE0.0.0.3348452ddd7e7nexon_api.dll0.0.0.051b8b59ac000000500002045b8401cf28f6e3b20cbaC:\Nexon\Combat Arms\ENGINE.EXEC:\Nexon\Combat Arms\nexon_api.dll5cbdea23-94ef-11e3-8bcb-74d02b2fa880
 
Error: (02/13/2014 03:04:26 PM) (Source: Application Error)(User: )
Description: ENGINE.EXE0.0.0.3348452ddd7e7nexon_api.dll0.0.0.051b8b59ac0000005000020455ec01cf28f1b23f107cC:\Nexon\Combat Arms\ENGINE.EXEC:\Nexon\Combat Arms\nexon_api.dll099a040b-94ea-11e3-8bcb-74d02b2fa880
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-02-11 11:25:28.356
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old.000\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-11 11:25:28.289
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old.000\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-11 11:25:28.189
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old.000\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-11 11:25:27.981
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old.000\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-11 11:25:27.915
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old.000\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-11 11:25:27.798
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old.000\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-11 11:25:27.748
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old.000\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-11 11:25:27.657
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old.000\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-11 11:25:27.565
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old.000\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
µTorrent (Version: 3.3.2.30570)
AMD Accelerated Video Transcoding (Version: 13.30.100.40131)
AMD Catalyst Control Center (Version: 2014.0131.1535.27922)
AMD Catalyst Install Manager (Version: 8.0.916.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2014.0131.1535.27922)
AMD Steady Video Plug-In  (Version: 2.07.0000)
AMD Wireless Display v3.0 (Version: 1.0.0.15)
Asmedia ASM104x USB 3.0 Host Controller Driver (Version: 1.16.12.0)
Atheros Driver Installation Program (Version: 9.2)
Bandicam
Bandisoft MPEG-1 Decoder
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2014.0131.1535.27922)
Catalyst Control Center InstallProxy (Version: 2014.0131.1535.27922)
Catalyst Control Center Localization All (Version: 2014.0131.1535.27922)
CCC Help Chinese Standard (Version: 2014.0131.1534.27922)
CCC Help Chinese Traditional (Version: 2014.0131.1534.27922)
CCC Help Czech (Version: 2014.0131.1534.27922)
CCC Help Danish (Version: 2014.0131.1534.27922)
CCC Help Dutch (Version: 2014.0131.1534.27922)
CCC Help English (Version: 2014.0131.1534.27922)
CCC Help Finnish (Version: 2014.0131.1534.27922)
CCC Help French (Version: 2014.0131.1534.27922)
CCC Help German (Version: 2014.0131.1534.27922)
CCC Help Greek (Version: 2014.0131.1534.27922)
CCC Help Hungarian (Version: 2014.0131.1534.27922)
CCC Help Italian (Version: 2014.0131.1534.27922)
CCC Help Japanese (Version: 2014.0131.1534.27922)
CCC Help Korean (Version: 2014.0131.1534.27922)
CCC Help Norwegian (Version: 2014.0131.1534.27922)
CCC Help Polish (Version: 2014.0131.1534.27922)
CCC Help Portuguese (Version: 2014.0131.1534.27922)
CCC Help Russian (Version: 2014.0131.1534.27922)
CCC Help Spanish (Version: 2014.0131.1534.27922)
CCC Help Swedish (Version: 2014.0131.1534.27922)
CCC Help Thai (Version: 2014.0131.1534.27922)
CCC Help Turkish (Version: 2014.0131.1534.27922)
ccc-utility64 (Version: 2014.0131.1535.27922)
Cisco EAP-FAST Module (Version: 2.2.14)
Combat Arms
CPUID HWMonitor 1.24
Driver Booster (Version: 1.2)
EasyBCD 2.0 (Version: 2.0)
Everything 1.2.1.371
f.lux
Game Fire (Version: 3.1.200)
Google Chrome (Version: 32.0.1700.107)
Google Update Helper (Version: 1.3.22.5)
HydraVision (Version: 4.2.252.0)
inSSIDer Home (Version: 3.1.2.1)
Java 7 Update 51 (Version: 7.0.510)
Java Auto Updater (Version: 2.1.9.8)
K-Lite Codec Pack 9.3.0 (Standard) (Version: 9.3.0)
Loadout
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (Version: 11.0.50727.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (Version: 11.0.50727.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (Version: 11.0.50727)
MSI Kombustor 3.3.0
MSVCRT Redists (Version: 1.0)
NetLimiter 3 (Version: 3.0.0.11)
Nexon Game Manager
Paint.NET v3.5.11 (Version: 3.61.0)
Razer DeathAdder™ Mouse (Version: 3.00)
Realtek Ethernet Controller Driver (Version: 7.58.411.2012)
TeamSpeak 3 Client (Version: 3.0.13)
TeamViewer 9 (Version: 9.0.25942)
TL-WN881ND Driver (Version: 1.0.0)
TP-LINK Wireless Configuration Utility (Version: 1.0.0)
uTorrent REPACK 3.3.2 Build 30303 (Version: 3.3.2 Build 30303)
Vegas Pro 12.0 (64-bit) (Version: 12.0.770)
VLC media player 2.0.8 (Version: 2.0.8)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 28%
Total physical RAM: 8091.87 MB
Available physical RAM: 5811.67 MB
Total Pagefile: 20250.02 MB
Available Pagefile: 17528.27 MB
Total Virtual: 4095.88 MB
Available Virtual: 3970.94 MB
 
========================= Partitions: =====================================
 
1 Drive c: (Files) (Fixed) (Total:931.41 GB) (Free:158.38 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\MANJ-PC
 
Administrator            Guest                    Manj                     
 
 
**** End of log ****
 


#7 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:08:26 PM

Posted 15 February 2014 - 04:35 AM

Warning: Please do these in order or we may have difficulties.

 

:step1:

Please open Farbar Service Scanner again, now copy following text into "search" box:

MpsSvc;wscsvc;wuauserv;cryptsvc;WinDefend;LanmanServer;SENS;cryptsvc.dll

Then click "Export Service" and wait, the report will pop up, save it to desktop with name export.txt

 

:step2:

Close the report, then go back to FSS and click "Search Files" (Don't change anything in search box.)

The report will pop up again, save it to desktop with name search.txt

 

:step3:

Copy and paste export.txt and search.txt here. (You may need 2 replies because the reports are long.)

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#8 infamousm

infamousm
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 15 February 2014 - 09:15 AM

Note: The export is in "Windows Registry Editor Version 5.00" format.
 
================== Result for "MpsSvc" ==================
 
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\MpsSvc]
"DisplayName"="@%SystemRoot%\\system32\\FirewallAPI.dll,-23090"
"Group"="NetworkProvider"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
  00,65,00,4e,00,6f,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,00,00
"Description"="@%SystemRoot%\\system32\\FirewallAPI.dll,-23091"
"ObjectName"="NT Authority\\LocalService"
"ErrorControl"=dword:00000001
"Start"=dword:00000002
"Type"=dword:00000020
"DependOnService"=hex(7):6d,00,70,00,73,00,64,00,72,00,76,00,00,00,62,00,66,00,\
  65,00,00,00,00,00
"ServiceSidType"=dword:00000003
"RequiredPrivileges"=hex(7):53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,50,\
  00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,\
  72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,75,\
  00,64,00,69,00,74,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
  00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,00,6f,00,74,00,69,\
  00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\
  53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,\
  00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,\
  65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,00,74,00,65,00,50,\
  00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,\
  6e,00,63,00,72,00,65,00,61,00,73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,\
  00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00
 
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\MpsSvc\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  6d,00,70,00,73,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001
 
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\MpsSvc\Parameters\PortKeywords]
 
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\MpsSvc\Security]
"Security"=hex:01,00,14,80,b4,00,00,00,c0,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,84,00,05,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
  05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\
  00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,28,00,15,00,\
  00,00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,\
  0e,a7,8b,eb,ca,7b,42,13,56,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,\
  00,00,00,05,12,00,00,00
 
================== Result for "wscsvc" ==================
 
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\wscsvc]
"DisplayName"="@%SystemRoot%\\System32\\wscsvc.dll,-200"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
  00,65,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,52,00,65,00,73,00,74,00,\
  72,00,69,00,63,00,74,00,65,00,64,00,00,00
"Start"=dword:00000002
"Type"=dword:00000020
"Description"="@%SystemRoot%\\System32\\wscsvc.dll,-201"
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,57,00,69,00,6e,00,\
  4d,00,67,00,6d,00,74,00,00,00,00,00
"ObjectName"="NT AUTHORITY\\LocalService"
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\
  00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
  67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\
  00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
  00,00,00,00
"DelayedAutoStart"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00
 
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\wscsvc\Parameters]
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  77,00,73,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
 
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\wscsvc\Security]
"Security"=hex:01,00,14,80,c8,00,00,00,d4,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,98,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
  05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\
  00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,\
  00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,28,00,15,00,00,00,01,06,00,\
  00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,\
  7b,42,13,56,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,\
  00,00,00
 
================== Result for "wuauserv" ==================
 
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\wuauserv]
"PreshutdownTimeout"=dword:036ee800
"DisplayName"="@%systemroot%\\system32\\wuaueng.dll,-105"
"ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
  74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"Description"="@%systemroot%\\system32\\wuaueng.dll,-106"
"ObjectName"="LocalSystem"
"ErrorControl"=dword:00000001
"Start"=dword:00000002
"DelayedAutoStart"=dword:00000001
"Type"=dword:00000020
"DependOnService"=hex(7):72,00,70,00,63,00,73,00,73,00,00,00,00,00
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,41,00,75,00,64,00,69,00,74,00,50,00,72,\
  00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,\
  65,00,61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,\
  00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,\
  61,00,74,00,65,00,50,00,61,00,67,00,65,00,46,00,69,00,6c,00,65,00,50,00,72,\
  00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,54,00,63,00,\
  62,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,\
  00,41,00,73,00,73,00,69,00,67,00,6e,00,50,00,72,00,69,00,6d,00,61,00,72,00,\
  79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\
  00,67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,\
  6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\
  00,00,00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,73,00,65,00,51,00,\
  75,00,6f,00,74,00,61,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\
  00,00,00,53,00,65,00,53,00,68,00,75,00,74,00,64,00,6f,00,77,00,6e,00,50,00,\
  72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
 
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\wuauserv\Parameters]
"ServiceDll"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,\
  00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  77,00,75,00,61,00,75,00,65,00,6e,00,67,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceMain"="WUServiceMain"
"ServiceDllUnloadOnStop"=dword:00000001
 
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\wuauserv\Security]
"Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,00,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,48,00,03,00,00,00,00,00,14,00,9d,00,02,00,01,01,00,00,00,00,00,\
  05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,ff,01,0f,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\
  01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
 
================== Result for "cryptsvc" ==================
 
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\cryptsvc]
"DisplayName"="@%SystemRoot%\\system32\\cryptsvc.dll,-1001"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,53,00,65,00,72,00,76,\
  00,69,00,63,00,65,00,00,00
"Description"="@%SystemRoot%\\system32\\cryptsvc.dll,-1002"
"ObjectName"="NT Authority\\NetworkService"
"ErrorControl"=dword:00000001
"Start"=dword:00000002
"Type"=dword:00000020
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\
  00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
  67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,00,6c,\
  00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,\
  65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,\
  00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\
  00,00
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
 
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\cryptsvc\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  63,00,72,00,79,00,70,00,74,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,\
  00
"ServiceMain"="CryptServiceMain"
"ServiceDllUnloadOnStop"=dword:00000001
 
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\cryptsvc\Security]
"Security"=hex:00,00,0e,00,01
 
================== Result for "WinDefend" ==================
 
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinDefend]
"DisplayName"="@%ProgramFiles%\\Windows Defender\\MsMpRes.dll,-103"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,73,00,65,00,63,00,73,00,76,00,63,00,73,00,00,00
"Start"=dword:00000002
"Type"=dword:00000020
"Description"="@%ProgramFiles%\\Windows Defender\\MsMpRes.dll,-1176"
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"ObjectName"="LocalSystem"
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,\
  00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,\
  65,00,00,00,53,00,65,00,42,00,61,00,63,00,6b,00,75,00,70,00,50,00,72,00,69,\
  00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,52,00,65,00,73,00,\
  74,00,6f,00,72,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\
  00,00,00,53,00,65,00,44,00,65,00,62,00,75,00,67,00,50,00,72,00,69,00,76,00,\
  69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,\
  00,65,00,4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,\
  6c,00,65,00,67,00,65,00,00,00,53,00,65,00,53,00,65,00,63,00,75,00,72,00,69,\
  00,74,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\
  53,00,65,00,53,00,68,00,75,00,74,00,64,00,6f,00,77,00,6e,00,50,00,72,00,69,\
  00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6e,00,63,00,\
  72,00,65,00,61,00,73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,00,72,00,69,\
  00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,\
  69,00,67,00,6e,00,50,00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,\
  00,65,00,6e,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\
  00,00
"DelayedAutoStart"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00
 
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinDefend\Parameters]
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceDll"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,\
  00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,\
  20,00,44,00,65,00,66,00,65,00,6e,00,64,00,65,00,72,00,5c,00,6d,00,70,00,73,\
  00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
 
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinDefend\Security]
"Security"=hex:01,00,14,80,dc,00,00,00,e8,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,ac,00,06,00,00,00,00,00,28,00,ff,01,0f,00,01,06,00,00,00,00,00,\
  05,50,00,00,00,b5,89,fb,38,19,84,c2,cb,5c,6c,23,6d,57,00,77,6e,c0,02,64,87,\
  00,0b,28,00,00,00,00,10,01,06,00,00,00,00,00,05,50,00,00,00,b5,89,fb,38,19,\
  84,c2,cb,5c,6c,23,6d,57,00,77,6e,c0,02,64,87,00,00,14,00,fd,01,02,00,01,01,\
  00,00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,\
  05,20,00,00,00,20,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,\
  04,00,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,01,\
  01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
 
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinDefend\TriggerInfo]
 
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinDefend\TriggerInfo\0]
"Type"=dword:00000005
"Action"=dword:00000001
"GUID"=hex:e6,ca,9f,65,db,5b,a9,4d,b1,ff,ca,2a,17,8d,46,e0
 
================== Result for "LanmanServer" ==================
 
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\LanmanServer]
"DisplayName"="@%systemroot%\\system32\\srvsvc.dll,-100"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"Description"="@%systemroot%\\system32\\srvsvc.dll,-101"
"ObjectName"="LocalSystem"
"ErrorControl"=dword:00000001
"Start"=dword:00000002
"Type"=dword:00000020
"DependOnService"=hex(7):53,00,61,00,6d,00,53,00,53,00,00,00,53,00,72,00,76,00,\
  00,00,00,00
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\
  00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
  67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\
  00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
  00,00,53,00,65,00,41,00,75,00,64,00,69,00,74,00,50,00,72,00,69,00,76,00,69,\
  00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,4c,00,6f,00,61,00,64,00,44,00,\
  72,00,69,00,76,00,65,00,72,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,\
  00,65,00,00,00,00,00
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,60,ea,00,00,01,00,00,00,c0,d4,01,00,00,00,00,00,00,00,00,00
 
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\LanmanServer\Aliases]
 
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\LanmanServer\AutotunedParameters]
 
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\LanmanServer\DefaultSecurity]
"SrvsvcConfigInfo"=hex:01,00,04,80,a0,00,00,00,ac,00,00,00,00,00,00,00,14,00,\
  00,00,02,00,8c,00,06,00,00,00,00,00,18,00,17,00,0f,00,01,02,00,00,00,00,00,\
  05,20,00,00,00,20,02,00,00,00,00,18,00,17,00,0f,00,01,02,00,00,00,00,00,05,\
  20,00,00,00,25,02,00,00,00,00,14,00,17,00,0f,00,01,01,00,00,00,00,00,05,12,\
  00,00,00,00,00,18,00,03,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,\
  00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,01,00,00,00,00,00,00,14,\
  00,01,00,00,00,01,01,00,00,00,00,00,05,07,00,00,00,01,01,00,00,00,00,00,05,\
  12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
"SrvsvcTransportEnum"=hex:01,00,04,80,8c,00,00,00,98,00,00,00,00,00,00,00,14,\
  00,00,00,02,00,78,00,05,00,00,00,00,00,18,00,17,00,0f,00,01,02,00,00,00,00,\
  00,05,20,00,00,00,20,02,00,00,00,00,18,00,17,00,0f,00,01,02,00,00,00,00,00,\
  05,20,00,00,00,25,02,00,00,00,00,14,00,17,00,0f,00,01,01,00,00,00,00,00,05,\
  12,00,00,00,00,00,18,00,03,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,23,\
  02,00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,05,0b,00,00,00,01,01,\
  00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
"SrvsvcConnection"=hex:01,00,04,80,7c,00,00,00,88,00,00,00,00,00,00,00,14,00,\
  00,00,02,00,68,00,04,00,00,00,00,00,18,00,01,00,0f,00,01,02,00,00,00,00,00,\
  05,20,00,00,00,20,02,00,00,00,00,18,00,01,00,0f,00,01,02,00,00,00,00,00,05,\
  20,00,00,00,25,02,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,05,20,\
  00,00,00,26,02,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,05,20,00,\
  00,00,23,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,\
  05,12,00,00,00
"SrvsvcServerDiskEnum"=hex:01,00,04,80,4c,00,00,00,58,00,00,00,00,00,00,00,14,\
  00,00,00,02,00,38,00,02,00,00,00,00,00,18,00,01,00,0f,00,01,02,00,00,00,00,\
  00,05,20,00,00,00,20,02,00,00,00,00,18,00,01,00,0f,00,01,02,00,00,00,00,00,\
  05,20,00,00,00,25,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,\
  00,00,00,05,12,00,00,00
"SrvsvcFile"=hex:01,00,04,80,64,00,00,00,70,00,00,00,00,00,00,00,14,00,00,00,\
  02,00,50,00,03,00,00,00,00,00,18,00,11,00,0f,00,01,02,00,00,00,00,00,05,20,\
  00,00,00,20,02,00,00,00,00,18,00,11,00,0f,00,01,02,00,00,00,00,00,05,20,00,\
  00,00,25,02,00,00,00,00,18,00,11,00,0f,00,01,02,00,00,00,00,00,05,20,00,00,\
  00,23,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,\
  12,00,00,00
"SrvsvcSessionInfo"=hex:01,00,04,80,78,00,00,00,84,00,00,00,00,00,00,00,14,00,\
  00,00,02,00,64,00,04,00,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,00,\
  05,20,00,00,00,20,02,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,00,05,\
  20,00,00,00,25,02,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,00,05,20,\
  00,00,00,23,02,00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,05,0b,00,\
  00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,\
  00
"SrvsvcShareFileInfo"=hex:01,00,04,80,b4,00,00,00,c0,00,00,00,00,00,00,00,14,\
  00,00,00,02,00,a0,00,07,00,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,\
  00,05,20,00,00,00,20,02,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,00,\
  05,20,00,00,00,25,02,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,00,05,\
  20,00,00,00,23,02,00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,01,00,\
  00,00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,05,07,00,00,00,00,00,\
  14,00,02,00,00,00,01,01,00,00,00,00,00,05,14,00,00,00,00,00,14,00,02,00,00,\
  00,01,01,00,00,00,00,00,05,04,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00,\
  01,01,00,00,00,00,00,05,12,00,00,00
"SrvsvcSharePrintInfo"=hex:01,00,04,80,cc,00,00,00,d8,00,00,00,00,00,00,00,14,\
  00,00,00,02,00,b8,00,08,00,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,\
  00,05,20,00,00,00,20,02,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,00,\
  05,20,00,00,00,25,02,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,00,05,\
  20,00,00,00,26,02,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,00,05,20,\
  00,00,00,23,02,00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,05,07,00,00,00,00,00,14,\
  00,02,00,00,00,01,01,00,00,00,00,00,05,14,00,00,00,00,00,14,00,02,00,00,00,\
  01,01,00,00,00,00,00,05,04,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\
  01,00,00,00,00,00,05,12,00,00,00
"SrvsvcShareAdminInfo"=hex:01,00,04,80,8c,00,00,00,98,00,00,00,00,00,00,00,14,\
  00,00,00,02,00,78,00,05,00,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,\
  00,05,20,00,00,00,20,02,00,00,00,00,18,00,02,00,00,00,01,02,00,00,00,00,00,\
  05,20,00,00,00,25,02,00,00,00,00,18,00,02,00,00,00,01,02,00,00,00,00,00,05,\
  20,00,00,00,23,02,00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,01,00,\
  00,00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,05,07,00,00,00,01,01,\
  00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
"SrvsvcShareChange"=hex:01,00,04,80,a4,00,00,00,b0,00,00,00,00,00,00,00,14,00,\
  00,00,02,00,90,00,06,00,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,00,\
  05,20,00,00,00,20,02,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,00,05,\
  20,00,00,00,25,02,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,00,05,20,\
  00,00,00,23,02,00,00,01,00,18,00,13,00,0f,00,01,02,00,00,00,00,00,05,20,00,\
  00,00,22,02,00,00,01,00,14,00,13,00,0f,00,01,01,00,00,00,00,00,05,07,00,00,\
  00,00,00,14,00,13,00,0f,00,01,01,00,00,00,00,00,05,0b,00,00,00,01,01,00,00,\
  00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
"SrvsvcShareConnect"=hex:01,00,04,80,8c,00,00,00,98,00,00,00,00,00,00,00,14,00,\
  00,00,02,00,78,00,05,00,00,00,00,00,18,00,03,00,0f,00,01,02,00,00,00,00,00,\
  05,20,00,00,00,20,02,00,00,00,00,18,00,03,00,0f,00,01,02,00,00,00,00,00,05,\
  20,00,00,00,25,02,00,00,00,00,18,00,03,00,0f,00,01,02,00,00,00,00,00,05,20,\
  00,00,00,27,02,00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,05,07,00,00,00,01,01,00,\
  00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
"SrvsvcShareAdminConnect"=hex:01,00,04,80,78,00,00,00,84,00,00,00,00,00,00,00,\
  14,00,00,00,02,00,64,00,04,00,00,00,00,00,18,00,03,00,0f,00,01,02,00,00,00,\
  00,00,05,20,00,00,00,20,02,00,00,00,00,18,00,03,00,0f,00,01,02,00,00,00,00,\
  00,05,20,00,00,00,25,02,00,00,00,00,18,00,03,00,0f,00,01,02,00,00,00,00,00,\
  05,20,00,00,00,27,02,00,00,00,00,14,00,03,00,0f,00,01,01,00,00,00,00,00,05,\
  04,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,\
  00,00,00
"SrvsvcStatisticsInfo"=hex:01,00,04,80,60,00,00,00,6c,00,00,00,00,00,00,00,14,\
  00,00,00,02,00,4c,00,03,00,00,00,00,00,18,00,01,00,0f,00,01,02,00,00,00,00,\
  00,05,20,00,00,00,20,02,00,00,00,00,18,00,01,00,0f,00,01,02,00,00,00,00,00,\
  05,20,00,00,00,25,02,00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,02,\
  00,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,\
  00,00,00
"AnonymousDescriptorsUpgraded"=dword:00000001
"PreviousAnonymousRestriction"=dword:00000000
"SessionSecurityDescriptorRegenerated"=dword:00000001
"InteractiveDescriptorsRegenerated"=dword:00000001
 
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\LanmanServer\Linkage]
"Bind"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,53,00,6d,00,62,\
  00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,32,00,35,00,31,00,35,00,\
  36,00,45,00,30,00,34,00,2d,00,46,00,45,00,32,00,45,00,2d,00,34,00,32,00,32,\
  00,35,00,2d,00,39,00,46,00,31,00,31,00,2d,00,31,00,30,00,43,00,34,00,36,00,\
  31,00,36,00,41,00,43,00,42,00,30,00,43,00,7d,00,00,00,5c,00,44,00,65,00,76,\
  00,69,00,63,00,65,00,5c,00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,00,\
  70,00,5f,00,7b,00,36,00,42,00,32,00,42,00,37,00,37,00,44,00,32,00,2d,00,43,\
  00,39,00,37,00,46,00,2d,00,34,00,34,00,34,00,37,00,2d,00,39,00,34,00,34,00,\
  41,00,2d,00,32,00,31,00,36,00,35,00,41,00,45,00,38,00,33,00,30,00,45,00,32,\
  00,46,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,53,00,\
  6d,00,62,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,42,00,43,00,39,\
  00,32,00,36,00,42,00,37,00,39,00,2d,00,46,00,36,00,32,00,42,00,2d,00,34,00,\
  34,00,33,00,39,00,2d,00,39,00,39,00,44,00,39,00,2d,00,35,00,35,00,33,00,30,\
  00,46,00,33,00,41,00,32,00,34,00,44,00,42,00,30,00,7d,00,00,00,5c,00,44,00,\
  65,00,76,00,69,00,63,00,65,00,5c,00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,\
  00,69,00,70,00,36,00,5f,00,7b,00,35,00,33,00,35,00,30,00,46,00,38,00,41,00,\
  45,00,2d,00,39,00,39,00,34,00,43,00,2d,00,34,00,35,00,39,00,30,00,2d,00,41,\
  00,39,00,45,00,45,00,2d,00,43,00,43,00,46,00,45,00,41,00,34,00,45,00,41,00,\
  33,00,34,00,33,00,32,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,\
  00,5c,00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,\
  7b,00,43,00,42,00,39,00,42,00,38,00,30,00,34,00,45,00,2d,00,42,00,31,00,35,\
  00,42,00,2d,00,34,00,31,00,46,00,41,00,2d,00,39,00,34,00,46,00,42,00,2d,00,\
  39,00,45,00,36,00,45,00,45,00,35,00,45,00,31,00,45,00,33,00,34,00,36,00,7d,\
  00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,53,00,6d,00,62,00,\
  5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,32,00,35,00,31,00,35,\
  00,36,00,45,00,30,00,34,00,2d,00,46,00,45,00,32,00,45,00,2d,00,34,00,32,00,\
  32,00,35,00,2d,00,39,00,46,00,31,00,31,00,2d,00,31,00,30,00,43,00,34,00,36,\
  00,31,00,36,00,41,00,43,00,42,00,30,00,43,00,7d,00,00,00,5c,00,44,00,65,00,\
  76,00,69,00,63,00,65,00,5c,00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,\
  00,70,00,36,00,5f,00,7b,00,36,00,42,00,32,00,42,00,37,00,37,00,44,00,32,00,\
  2d,00,43,00,39,00,37,00,46,00,2d,00,34,00,34,00,34,00,37,00,2d,00,39,00,34,\
  00,34,00,41,00,2d,00,32,00,31,00,36,00,35,00,41,00,45,00,38,00,33,00,30,00,\
  45,00,32,00,46,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,\
  00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,\
  35,00,34,00,36,00,44,00,41,00,33,00,36,00,30,00,2d,00,30,00,43,00,31,00,33,\
  00,2d,00,34,00,31,00,45,00,44,00,2d,00,41,00,34,00,34,00,44,00,2d,00,42,00,\
  44,00,30,00,46,00,32,00,38,00,38,00,32,00,43,00,31,00,35,00,44,00,7d,00,00,\
  00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,53,00,6d,00,62,00,5f,00,\
  54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,42,00,43,00,39,00,32,00,36,\
  00,42,00,37,00,39,00,2d,00,46,00,36,00,32,00,42,00,2d,00,34,00,34,00,33,00,\
  39,00,2d,00,39,00,39,00,44,00,39,00,2d,00,35,00,35,00,33,00,30,00,46,00,33,\
  00,41,00,32,00,34,00,44,00,42,00,30,00,7d,00,00,00,5c,00,44,00,65,00,76,00,\
  69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,32,00,35,\
  00,31,00,35,00,36,00,45,00,30,00,34,00,2d,00,46,00,45,00,32,00,45,00,2d,00,\
  34,00,32,00,32,00,35,00,2d,00,39,00,46,00,31,00,31,00,2d,00,31,00,30,00,43,\
  00,34,00,36,00,31,00,36,00,41,00,43,00,42,00,30,00,43,00,7d,00,00,00,5c,00,\
  44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,\
  00,7b,00,36,00,42,00,32,00,42,00,37,00,37,00,44,00,32,00,2d,00,43,00,39,00,\
  37,00,46,00,2d,00,34,00,34,00,34,00,37,00,2d,00,39,00,34,00,34,00,41,00,2d,\
  00,32,00,31,00,36,00,35,00,41,00,45,00,38,00,33,00,30,00,45,00,32,00,46,00,\
  7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,\
  00,69,00,70,00,5f,00,7b,00,42,00,43,00,39,00,32,00,36,00,42,00,37,00,39,00,\
  2d,00,46,00,36,00,32,00,42,00,2d,00,34,00,34,00,33,00,39,00,2d,00,39,00,39,\
  00,44,00,39,00,2d,00,35,00,35,00,33,00,30,00,46,00,33,00,41,00,32,00,34,00,\
  44,00,42,00,30,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,\
  00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,35,00,33,00,35,00,30,00,\
  46,00,38,00,41,00,45,00,2d,00,39,00,39,00,34,00,43,00,2d,00,34,00,35,00,39,\
  00,30,00,2d,00,41,00,39,00,45,00,45,00,2d,00,43,00,43,00,46,00,45,00,41,00,\
  34,00,45,00,41,00,33,00,34,00,33,00,32,00,7d,00,00,00,5c,00,44,00,65,00,76,\
  00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,\
  43,00,42,00,39,00,42,00,38,00,30,00,34,00,45,00,2d,00,42,00,31,00,35,00,42,\
  00,2d,00,34,00,31,00,46,00,41,00,2d,00,39,00,34,00,46,00,42,00,2d,00,39,00,\
  45,00,36,00,45,00,45,00,35,00,45,00,31,00,45,00,33,00,34,00,36,00,7d,00,00,\
  00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,\
  70,00,36,00,5f,00,7b,00,32,00,35,00,31,00,35,00,36,00,45,00,30,00,34,00,2d,\
  00,46,00,45,00,32,00,45,00,2d,00,34,00,32,00,32,00,35,00,2d,00,39,00,46,00,\
  31,00,31,00,2d,00,31,00,30,00,43,00,34,00,36,00,31,00,36,00,41,00,43,00,42,\
  00,30,00,43,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,\
  54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,36,00,42,00,32,00,42,00,37,\
  00,37,00,44,00,32,00,2d,00,43,00,39,00,37,00,46,00,2d,00,34,00,34,00,34,00,\
  37,00,2d,00,39,00,34,00,34,00,41,00,2d,00,32,00,31,00,36,00,35,00,41,00,45,\
  00,38,00,33,00,30,00,45,00,32,00,46,00,7d,00,00,00,5c,00,44,00,65,00,76,00,\
  69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,35,\
  00,34,00,36,00,44,00,41,00,33,00,36,00,30,00,2d,00,30,00,43,00,31,00,33,00,\
  2d,00,34,00,31,00,45,00,44,00,2d,00,41,00,34,00,34,00,44,00,2d,00,42,00,44,\
  00,30,00,46,00,32,00,38,00,38,00,32,00,43,00,31,00,35,00,44,00,7d,00,00,00,\
  5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,\
  00,36,00,5f,00,7b,00,42,00,43,00,39,00,32,00,36,00,42,00,37,00,39,00,2d,00,\
  46,00,36,00,32,00,42,00,2d,00,34,00,34,00,33,00,39,00,2d,00,39,00,39,00,44,\
  00,39,00,2d,00,35,00,35,00,33,00,30,00,46,00,33,00,41,00,32,00,34,00,44,00,\
  42,00,30,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,\
  00,65,00,74,00,62,00,69,00,6f,00,73,00,53,00,6d,00,62,00,00,00,5c,00,44,00,\
  65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,\
  00,63,00,70,00,69,00,70,00,5f,00,7b,00,32,00,35,00,31,00,35,00,36,00,45,00,\
  30,00,34,00,2d,00,46,00,45,00,32,00,45,00,2d,00,34,00,32,00,32,00,35,00,2d,\
  00,39,00,46,00,31,00,31,00,2d,00,31,00,30,00,43,00,34,00,36,00,31,00,36,00,\
  41,00,43,00,42,00,30,00,43,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,\
  00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,\
  70,00,5f,00,7b,00,36,00,42,00,32,00,42,00,37,00,37,00,44,00,32,00,2d,00,43,\
  00,39,00,37,00,46,00,2d,00,34,00,34,00,34,00,37,00,2d,00,39,00,34,00,34,00,\
  41,00,2d,00,32,00,31,00,36,00,35,00,41,00,45,00,38,00,33,00,30,00,45,00,32,\
  00,46,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,\
  65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,42,\
  00,43,00,39,00,32,00,36,00,42,00,37,00,39,00,2d,00,46,00,36,00,32,00,42,00,\
  2d,00,34,00,34,00,33,00,39,00,2d,00,39,00,39,00,44,00,39,00,2d,00,35,00,35,\
  00,33,00,30,00,46,00,33,00,41,00,32,00,34,00,44,00,42,00,30,00,7d,00,00,00,\
  5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,\
  00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,35,00,33,00,35,00,\
  30,00,46,00,38,00,41,00,45,00,2d,00,39,00,39,00,34,00,43,00,2d,00,34,00,35,\
  00,39,00,30,00,2d,00,41,00,39,00,45,00,45,00,2d,00,43,00,43,00,46,00,45,00,\
  41,00,34,00,45,00,41,00,33,00,34,00,33,00,32,00,7d,00,00,00,5c,00,44,00,65,\
  00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,\
  63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,43,00,42,00,39,00,42,00,38,00,30,\
  00,34,00,45,00,2d,00,42,00,31,00,35,00,42,00,2d,00,34,00,31,00,46,00,41,00,\
  2d,00,39,00,34,00,46,00,42,00,2d,00,39,00,45,00,36,00,45,00,45,00,35,00,45,\
  00,31,00,45,00,33,00,34,00,36,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,\
  63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,\
  00,70,00,36,00,5f,00,7b,00,32,00,35,00,31,00,35,00,36,00,45,00,30,00,34,00,\
  2d,00,46,00,45,00,32,00,45,00,2d,00,34,00,32,00,32,00,35,00,2d,00,39,00,46,\
  00,31,00,31,00,2d,00,31,00,30,00,43,00,34,00,36,00,31,00,36,00,41,00,43,00,\
  42,00,30,00,43,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,\
  00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,\
  5f,00,7b,00,36,00,42,00,32,00,42,00,37,00,37,00,44,00,32,00,2d,00,43,00,39,\
  00,37,00,46,00,2d,00,34,00,34,00,34,00,37,00,2d,00,39,00,34,00,34,00,41,00,\
  2d,00,32,00,31,00,36,00,35,00,41,00,45,00,38,00,33,00,30,00,45,00,32,00,46,\
  00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,\
  74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,35,\
  00,34,00,36,00,44,00,41,00,33,00,36,00,30,00,2d,00,30,00,43,00,31,00,33,00,\
  2d,00,34,00,31,00,45,00,44,00,2d,00,41,00,34,00,34,00,44,00,2d,00,42,00,44,\
  00,30,00,46,00,32,00,38,00,38,00,32,00,43,00,31,00,35,00,44,00,7d,00,00,00,\
  5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,\
  00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,42,00,43,00,39,00,\
  32,00,36,00,42,00,37,00,39,00,2d,00,46,00,36,00,32,00,42,00,2d,00,34,00,34,\
  00,33,00,39,00,2d,00,39,00,39,00,44,00,39,00,2d,00,35,00,35,00,33,00,30,00,\
  46,00,33,00,41,00,32,00,34,00,44,00,42,00,30,00,7d,00,00,00,00,00
"Route"=hex(7):22,00,53,00,6d,00,62,00,22,00,20,00,22,00,54,00,63,00,70,00,69,\
  00,70,00,22,00,20,00,22,00,7b,00,32,00,35,00,31,00,35,00,36,00,45,00,30,00,\
  34,00,2d,00,46,00,45,00,32,00,45,00,2d,00,34,00,32,00,32,00,35,00,2d,00,39,\
  00,46,00,31,00,31,00,2d,00,31,00,30,00,43,00,34,00,36,00,31,00,36,00,41,00,\
  43,00,42,00,30,00,43,00,7d,00,22,00,00,00,22,00,53,00,6d,00,62,00,22,00,20,\
  00,22,00,54,00,63,00,70,00,69,00,70,00,22,00,20,00,22,00,7b,00,36,00,42,00,\
  32,00,42,00,37,00,37,00,44,00,32,00,2d,00,43,00,39,00,37,00,46,00,2d,00,34,\
  00,34,00,34,00,37,00,2d,00,39,00,34,00,34,00,41,00,2d,00,32,00,31,00,36,00,\
  35,00,41,00,45,00,38,00,33,00,30,00,45,00,32,00,46,00,7d,00,22,00,00,00,22,\
  00,53,00,6d,00,62,00,22,00,20,00,22,00,54,00,63,00,70,00,69,00,70,00,22,00,\
  20,00,22,00,7b,00,42,00,43,00,39,00,32,00,36,00,42,00,37,00,39,00,2d,00,46,\
  00,36,00,32,00,42,00,2d,00,34,00,34,00,33,00,39,00,2d,00,39,00,39,00,44,00,\
  39,00,2d,00,35,00,35,00,33,00,30,00,46,00,33,00,41,00,32,00,34,00,44,00,42,\
  00,30,00,7d,00,22,00,00,00,22,00,53,00,6d,00,62,00,22,00,20,00,22,00,54,00,\
  63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,35,00,33,00,35,00,30,\
  00,46,00,38,00,41,00,45,00,2d,00,39,00,39,00,34,00,43,00,2d,00,34,00,35,00,\
  39,00,30,00,2d,00,41,00,39,00,45,00,45,00,2d,00,43,00,43,00,46,00,45,00,41,\
  00,34,00,45,00,41,00,33,00,34,00,33,00,32,00,7d,00,22,00,00,00,22,00,53,00,\
  6d,00,62,00,22,00,20,00,22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,\
  00,22,00,7b,00,43,00,42,00,39,00,42,00,38,00,30,00,34,00,45,00,2d,00,42,00,\
  31,00,35,00,42,00,2d,00,34,00,31,00,46,00,41,00,2d,00,39,00,34,00,46,00,42,\
  00,2d,00,39,00,45,00,36,00,45,00,45,00,35,00,45,00,31,00,45,00,33,00,34,00,\
  36,00,7d,00,22,00,00,00,22,00,53,00,6d,00,62,00,22,00,20,00,22,00,54,00,63,\
  00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,32,00,35,00,31,00,35,00,\
  36,00,45,00,30,00,34,00,2d,00,46,00,45,00,32,00,45,00,2d,00,34,00,32,00,32,\
  00,35,00,2d,00,39,00,46,00,31,00,31,00,2d,00,31,00,30,00,43,00,34,00,36,00,\
  31,00,36,00,41,00,43,00,42,00,30,00,43,00,7d,00,22,00,00,00,22,00,53,00,6d,\
  00,62,00,22,00,20,00,22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,\
  22,00,7b,00,36,00,42,00,32,00,42,00,37,00,37,00,44,00,32,00,2d,00,43,00,39,\
  00,37,00,46,00,2d,00,34,00,34,00,34,00,37,00,2d,00,39,00,34,00,34,00,41,00,\
  2d,00,32,00,31,00,36,00,35,00,41,00,45,00,38,00,33,00,30,00,45,00,32,00,46,\
  00,7d,00,22,00,00,00,22,00,53,00,6d,00,62,00,22,00,20,00,22,00,54,00,63,00,\
  70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,35,00,34,00,36,00,44,00,41,\
  00,33,00,36,00,30,00,2d,00,30,00,43,00,31,00,33,00,2d,00,34,00,31,00,45,00,\
  44,00,2d,00,41,00,34,00,34,00,44,00,2d,00,42,00,44,00,30,00,46,00,32,00,38,\
  00,38,00,32,00,43,00,31,00,35,00,44,00,7d,00,22,00,00,00,22,00,53,00,6d,00,\
  62,00,22,00,20,00,22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,\
  00,7b,00,42,00,43,00,39,00,32,00,36,00,42,00,37,00,39,00,2d,00,46,00,36,00,\
  32,00,42,00,2d,00,34,00,34,00,33,00,39,00,2d,00,39,00,39,00,44,00,39,00,2d,\
  00,35,00,35,00,33,00,30,00,46,00,33,00,41,00,32,00,34,00,44,00,42,00,30,00,\
  7d,00,22,00,00,00,22,00,54,00,63,00,70,00,69,00,70,00,22,00,20,00,22,00,7b,\
  00,32,00,35,00,31,00,35,00,36,00,45,00,30,00,34,00,2d,00,46,00,45,00,32,00,\
  45,00,2d,00,34,00,32,00,32,00,35,00,2d,00,39,00,46,00,31,00,31,00,2d,00,31,\
  00,30,00,43,00,34,00,36,00,31,00,36,00,41,00,43,00,42,00,30,00,43,00,7d,00,\
  22,00,00,00,22,00,54,00,63,00,70,00,69,00,70,00,22,00,20,00,22,00,7b,00,36,\
  00,42,00,32,00,42,00,37,00,37,00,44,00,32,00,2d,00,43,00,39,00,37,00,46,00,\
  2d,00,34,00,34,00,34,00,37,00,2d,00,39,00,34,00,34,00,41,00,2d,00,32,00,31,\
  00,36,00,35,00,41,00,45,00,38,00,33,00,30,00,45,00,32,00,46,00,7d,00,22,00,\
  00,00,22,00,54,00,63,00,70,00,69,00,70,00,22,00,20,00,22,00,7b,00,42,00,43,\
  00,39,00,32,00,36,00,42,00,37,00,39,00,2d,00,46,00,36,00,32,00,42,00,2d,00,\
  34,00,34,00,33,00,39,00,2d,00,39,00,39,00,44,00,39,00,2d,00,35,00,35,00,33,\
  00,30,00,46,00,33,00,41,00,32,00,34,00,44,00,42,00,30,00,7d,00,22,00,00,00,\
  22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,35,00,33,\
  00,35,00,30,00,46,00,38,00,41,00,45,00,2d,00,39,00,39,00,34,00,43,00,2d,00,\
  34,00,35,00,39,00,30,00,2d,00,41,00,39,00,45,00,45,00,2d,00,43,00,43,00,46,\
  00,45,00,41,00,34,00,45,00,41,00,33,00,34,00,33,00,32,00,7d,00,22,00,00,00,\
  22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,43,00,42,\
  00,39,00,42,00,38,00,30,00,34,00,45,00,2d,00,42,00,31,00,35,00,42,00,2d,00,\
  34,00,31,00,46,00,41,00,2d,00,39,00,34,00,46,00,42,00,2d,00,39,00,45,00,36,\
  00,45,00,45,00,35,00,45,00,31,00,45,00,33,00,34,00,36,00,7d,00,22,00,00,00,\
  22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,32,00,35,\
  00,31,00,35,00,36,00,45,00,30,00,34,00,2d,00,46,00,45,00,32,00,45,00,2d,00,\
  34,00,32,00,32,00,35,00,2d,00,39,00,46,00,31,00,31,00,2d,00,31,00,30,00,43,\
  00,34,00,36,00,31,00,36,00,41,00,43,00,42,00,30,00,43,00,7d,00,22,00,00,00,\
  22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,36,00,42,\
  00,32,00,42,00,37,00,37,00,44,00,32,00,2d,00,43,00,39,00,37,00,46,00,2d,00,\
  34,00,34,00,34,00,37,00,2d,00,39,00,34,00,34,00,41,00,2d,00,32,00,31,00,36,\
  00,35,00,41,00,45,00,38,00,33,00,30,00,45,00,32,00,46,00,7d,00,22,00,00,00,\
  22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,35,00,34,\
  00,36,00,44,00,41,00,33,00,36,00,30,00,2d,00,30,00,43,00,31,00,33,00,2d,00,\
  34,00,31,00,45,00,44,00,2d,00,41,00,34,00,34,00,44,00,2d,00,42,00,44,00,30,\
  00,46,00,32,00,38,00,38,00,32,00,43,00,31,00,35,00,44,00,7d,00,22,00,00,00,\
  22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,42,00,43,\
  00,39,00,32,00,36,00,42,00,37,00,39,00,2d,00,46,00,36,00,32,00,42,00,2d,00,\
  34,00,34,00,33,00,39,00,2d,00,39,00,39,00,44,00,39,00,2d,00,35,00,35,00,33,\
  00,30,00,46,00,33,00,41,00,32,00,34,00,44,00,42,00,30,00,7d,00,22,00,00,00,\
  22,00,4e,00,65,00,74,00,62,00,69,00,6f,00,73,00,53,00,6d,00,62,00,22,00,00,\
  00,22,00,4e,00,65,00,74,00,42,00,54,00,22,00,20,00,22,00,54,00,63,00,70,00,\
  69,00,70,00,22,00,20,00,22,00,7b,00,32,00,35,00,31,00,35,00,36,00,45,00,30,\
  00,34,00,2d,00,46,00,45,00,32,00,45,00,2d,00,34,00,32,00,32,00,35,00,2d,00,\
  39,00,46,00,31,00,31,00,2d,00,31,00,30,00,43,00,34,00,36,00,31,00,36,00,41,\
  00,43,00,42,00,30,00,43,00,7d,00,22,00,00,00,22,00,4e,00,65,00,74,00,42,00,\
  54,00,22,00,20,00,22,00,54,00,63,00,70,00,69,00,70,00,22,00,20,00,22,00,7b,\
  00,36,00,42,00,32,00,42,00,37,00,37,00,44,00,32,00,2d,00,43,00,39,00,37,00,\
  46,00,2d,00,34,00,34,00,34,00,37,00,2d,00,39,00,34,00,34,00,41,00,2d,00,32,\
  00,31,00,36,00,35,00,41,00,45,00,38,00,33,00,30,00,45,00,32,00,46,00,7d,00,\
  22,00,00,00,22,00,4e,00,65,00,74,00,42,00,54,00,22,00,20,00,22,00,54,00,63,\
  00,70,00,69,00,70,00,22,00,20,00,22,00,7b,00,42,00,43,00,39,00,32,00,36,00,\
  42,00,37,00,39,00,2d,00,46,00,36,00,32,00,42,00,2d,00,34,00,34,00,33,00,39,\
  00,2d,00,39,00,39,00,44,00,39,00,2d,00,35,00,35,00,33,00,30,00,46,00,33,00,\
  41,00,32,00,34,00,44,00,42,00,30,00,7d,00,22,00,00,00,22,00,4e,00,65,00,74,\
  00,42,00,54,00,22,00,20,00,22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,\
  20,00,22,00,7b,00,35,00,33,00,35,00,30,00,46,00,38,00,41,00,45,00,2d,00,39,\
  00,39,00,34,00,43,00,2d,00,34,00,35,00,39,00,30,00,2d,00,41,00,39,00,45,00,\
  45,00,2d,00,43,00,43,00,46,00,45,00,41,00,34,00,45,00,41,00,33,00,34,00,33,\
  00,32,00,7d,00,22,00,00,00,22,00,4e,00,65,00,74,00,42,00,54,00,22,00,20,00,\
  22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,43,00,42,\
  00,39,00,42,00,38,00,30,00,34,00,45,00,2d,00,42,00,31,00,35,00,42,00,2d,00,\
  34,00,31,00,46,00,41,00,2d,00,39,00,34,00,46,00,42,00,2d,00,39,00,45,00,36,\
  00,45,00,45,00,35,00,45,00,31,00,45,00,33,00,34,00,36,00,7d,00,22,00,00,00,\
  22,00,4e,00,65,00,74,00,42,00,54,00,22,00,20,00,22,00,54,00,63,00,70,00,69,\
  00,70,00,36,00,22,00,20,00,22,00,7b,00,32,00,35,00,31,00,35,00,36,00,45,00,\
  30,00,34,00,2d,00,46,00,45,00,32,00,45,00,2d,00,34,00,32,00,32,00,35,00,2d,\
  00,39,00,46,00,31,00,31,00,2d,00,31,00,30,00,43,00,34,00,36,00,31,00,36,00,\
  41,00,43,00,42,00,30,00,43,00,7d,00,22,00,00,00,22,00,4e,00,65,00,74,00,42,\
  00,54,00,22,00,20,00,22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,\
  22,00,7b,00,36,00,42,00,32,00,42,00,37,00,37,00,44,00,32,00,2d,00,43,00,39,\
  00,37,00,46,00,2d,00,34,00,34,00,34,00,37,00,2d,00,39,00,34,00,34,00,41,00,\
  2d,00,32,00,31,00,36,00,35,00,41,00,45,00,38,00,33,00,30,00,45,00,32,00,46,\
  00,7d,00,22,00,00,00,22,00,4e,00,65,00,74,00,42,00,54,00,22,00,20,00,22,00,\
  54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,35,00,34,00,36,\
  00,44,00,41,00,33,00,36,00,30,00,2d,00,30,00,43,00,31,00,33,00,2d,00,34,00,\
  31,00,45,00,44,00,2d,00,41,00,34,00,34,00,44,00,2d,00,42,00,44,00,30,00,46,\
  00,32,00,38,00,38,00,32,00,43,00,31,00,35,00,44,00,7d,00,22,00,00,00,22,00,\
  4e,00,65,00,74,00,42,00,54,00,22,00,20,00,22,00,54,00,63,00,70,00,69,00,70,\
  00,36,00,22,00,20,00,22,00,7b,00,42,00,43,00,39,00,32,00,36,00,42,00,37,00,\
  39,00,2d,00,46,00,36,00,32,00,42,00,2d,00,34,00,34,00,33,00,39,00,2d,00,39,\
  00,39,00,44,00,39,00,2d,00,35,00,35,00,33,00,30,00,46,00,33,00,41,00,32,00,\
  34,00,44,00,42,00,30,00,7d,00,22,00,00,00,00,00
"Export"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,\
  00,6d,00,61,00,6e,00,53,00,65,00,72,00,76,00,65,00,72,00,5f,00,53,00,6d,00,\
  62,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,32,00,35,00,31,00,35,\
  00,36,00,45,00,30,00,34,00,2d,00,46,00,45,00,32,00,45,00,2d,00,34,00,32,00,\
  32,00,35,00,2d,00,39,00,46,00,31,00,31,00,2d,00,31,00,30,00,43,00,34,00,36,\
  00,31,00,36,00,41,00,43,00,42,00,30,00,43,00,7d,00,00,00,5c,00,44,00,65,00,\
  76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,53,00,65,\
  00,72,00,76,00,65,00,72,00,5f,00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,\
  69,00,70,00,5f,00,7b,00,36,00,42,00,32,00,42,00,37,00,37,00,44,00,32,00,2d,\
  00,43,00,39,00,37,00,46,00,2d,00,34,00,34,00,34,00,37,00,2d,00,39,00,34,00,\
  34,00,41,00,2d,00,32,00,31,00,36,00,35,00,41,00,45,00,38,00,33,00,30,00,45,\
  00,32,00,46,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,\
  4c,00,61,00,6e,00,6d,00,61,00,6e,00,53,00,65,00,72,00,76,00,65,00,72,00,5f,\
  00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,42,00,\
  43,00,39,00,32,00,36,00,42,00,37,00,39,00,2d,00,46,00,36,00,32,00,42,00,2d,\
  00,34,00,34,00,33,00,39,00,2d,00,39,00,39,00,44,00,39,00,2d,00,35,00,35,00,\
  33,00,30,00,46,00,33,00,41,00,32,00,34,00,44,00,42,00,30,00,7d,00,00,00,5c,\
  00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,\
  6e,00,53,00,65,00,72,00,76,00,65,00,72,00,5f,00,53,00,6d,00,62,00,5f,00,54,\
  00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,35,00,33,00,35,00,30,00,46,00,\
  38,00,41,00,45,00,2d,00,39,00,39,00,34,00,43,00,2d,00,34,00,35,00,39,00,30,\
  00,2d,00,41,00,39,00,45,00,45,00,2d,00,43,00,43,00,46,00,45,00,41,00,34,00,\
  45,00,41,00,33,00,34,00,33,00,32,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,\
  00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,53,00,65,00,72,00,\
  76,00,65,00,72,00,5f,00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,00,70,\
  00,36,00,5f,00,7b,00,43,00,42,00,39,00,42,00,38,00,30,00,34,00,45,00,2d,00,\
  42,00,31,00,35,00,42,00,2d,00,34,00,31,00,46,00,41,00,2d,00,39,00,34,00,46,\
  00,42,00,2d,00,39,00,45,00,36,00,45,00,45,00,35,00,45,00,31,00,45,00,33,00,\
  34,00,36,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,\
  00,61,00,6e,00,6d,00,61,00,6e,00,53,00,65,00,72,00,76,00,65,00,72,00,5f,00,\
  53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,32,\
  00,35,00,31,00,35,00,36,00,45,00,30,00,34,00,2d,00,46,00,45,00,32,00,45,00,\
  2d,00,34,00,32,00,32,00,35,00,2d,00,39,00,46,00,31,00,31,00,2d,00,31,00,30,\
  00,43,00,34,00,36,00,31,00,36,00,41,00,43,00,42,00,30,00,43,00,7d,00,00,00,\
  5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,\
  00,6e,00,53,00,65,00,72,00,76,00,65,00,72,00,5f,00,53,00,6d,00,62,00,5f,00,\
  54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,36,00,42,00,32,00,42,00,37,\
  00,37,00,44,00,32,00,2d,00,43,00,39,00,37,00,46,00,2d,00,34,00,34,00,34,00,\
  37,00,2d,00,39,00,34,00,34,00,41,00,2d,00,32,00,31,00,36,00,35,00,41,00,45,\
  00,38,00,33,00,30,00,45,00,32,00,46,00,7d,00,00,00,5c,00,44,00,65,00,76,00,\
  69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,53,00,65,00,72,\
  00,76,00,65,00,72,00,5f,00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,00,\
  70,00,36,00,5f,00,7b,00,35,00,34,00,36,00,44,00,41,00,33,00,36,00,30,00,2d,\
  00,30,00,43,00,31,00,33,00,2d,00,34,00,31,00,45,00,44,00,2d,00,41,00,34,00,\
  34,00,44,00,2d,00,42,00,44,00,30,00,46,00,32,00,38,00,38,00,32,00,43,00,31,\
  00,35,00,44,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,\
  4c,00,61,00,6e,00,6d,00,61,00,6e,00,53,00,65,00,72,00,76,00,65,00,72,00,5f,\
  00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,\
  42,00,43,00,39,00,32,00,36,00,42,00,37,00,39,00,2d,00,46,00,36,00,32,00,42,\
  00,2d,00,34,00,34,00,33,00,39,00,2d,00,39,00,39,00,44,00,39,00,2d,00,35,00,\
  35,00,33,00,30,00,46,00,33,00,41,00,32,00,34,00,44,00,42,00,30,00,7d,00,00,\
  00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,\
  61,00,6e,00,53,00,65,00,72,00,76,00,65,00,72,00,5f,00,54,00,63,00,70,00,69,\
  00,70,00,5f,00,7b,00,32,00,35,00,31,00,35,00,36,00,45,00,30,00,34,00,2d,00,\
  46,00,45,00,32,00,45,00,2d,00,34,00,32,00,32,00,35,00,2d,00,39,00,46,00,31,\
  00,31,00,2d,00,31,00,30,00,43,00,34,00,36,00,31,00,36,00,41,00,43,00,42,00,\
  30,00,43,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,\
  00,61,00,6e,00,6d,00,61,00,6e,00,53,00,65,00,72,00,76,00,65,00,72,00,5f,00,\
  54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,36,00,42,00,32,00,42,00,37,00,37,\
  00,44,00,32,00,2d,00,43,00,39,00,37,00,46,00,2d,00,34,00,34,00,34,00,37,00,\
  2d,00,39,00,34,00,34,00,41,00,2d,00,32,00,31,00,36,00,35,00,41,00,45,00,38,\
  00,33,00,30,00,45,00,32,00,46,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,\
  63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,53,00,65,00,72,00,76,\
  00,65,00,72,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,42,00,43,00,\
  39,00,32,00,36,00,42,00,37,00,39,00,2d,00,46,00,36,00,32,00,42,00,2d,00,34,\
  00,34,00,33,00,39,00,2d,00,39,00,39,00,44,00,39,00,2d,00,35,00,35,00,33,00,\
  30,00,46,00,33,00,41,00,32,00,34,00,44,00,42,00,30,00,7d,00,00,00,5c,00,44,\
  00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,\
  53,00,65,00,72,00,76,00,65,00,72,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,\
  00,5f,00,7b,00,35,00,33,00,35,00,30,00,46,00,38,00,41,00,45,00,2d,00,39,00,\
  39,00,34,00,43,00,2d,00,34,00,35,00,39,00,30,00,2d,00,41,00,39,00,45,00,45,\
  00,2d,00,43,00,43,00,46,00,45,00,41,00,34,00,45,00,41,00,33,00,34,00,33,00,\
  32,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,\
  00,6e,00,6d,00,61,00,6e,00,53,00,65,00,72,00,76,00,65,00,72,00,5f,00,54,00,\
  63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,43,00,42,00,39,00,42,00,38,00,30,\
  00,34,00,45,00,2d,00,42,00,31,00,35,00,42,00,2d,00,34,00,31,00,46,00,41,00,\
  2d,00,39,00,34,00,46,00,42,00,2d,00,39,00,45,00,36,00,45,00,45,00,35,00,45,\
  00,31,00,45,00,33,00,34,00,36,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,\
  63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,53,00,65,00,72,00,76,\
  00,65,00,72,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,32,00,\
  35,00,31,00,35,00,36,00,45,00,30,00,34,00,2d,00,46,00,45,00,32,00,45,00,2d,\
  00,34,00,32,00,32,00,35,00,2d,00,39,00,46,00,31,00,31,00,2d,00,31,00,30,00,\
  43,00,34,00,36,00,31,00,36,00,41,00,43,00,42,00,30,00,43,00,7d,00,00,00,5c,\
  00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,\
  6e,00,53,00,65,00,72,00,76,00,65,00,72,00,5f,00,54,00,63,00,70,00,69,00,70,\
  00,36,00,5f,00,7b,00,36,00,42,00,32,00,42,00,37,00,37,00,44,00,32,00,2d,00,\
  43,00,39,00,37,00,46,00,2d,00,34,00,34,00,34,00,37,00,2d,00,39,00,34,00,34,\
  00,41,00,2d,00,32,00,31,00,36,00,35,00,41,00,45,00,38,00,33,00,30,00,45,00,\
  32,00,46,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,\
  00,61,00,6e,00,6d,00,61,00,6e,00,53,00,65,00,72,00,76,00,65,00,72,00,5f,00,\
  54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,35,00,34,00,36,00,44,00,41,\
  00,33,00,36,00,30,00,2d,00,30,00,43,00,31,00,33,00,2d,00,34,00,31,00,45,00,\
  44,00,2d,00,41,00,34,00,34,00,44,00,2d,00,42,00,44,00,30,00,46,00,32,00,38,\
  00,38,00,32,00,43,00,31,00,35,00,44,00,7d,00,00,00,5c,00,44,00,65,00,76,00,\
  69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,53,00,65,00,72,\
  00,76,00,65,00,72,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,\
  42,00,43,00,39,00,32,00,36,00,42,00,37,00,39,00,2d,00,46,00,36,00,32,00,42,\
  00,2d,00,34,00,34,00,33,00,39,00,2d,00,39,00,39,00,44,00,39,00,2d,00,35,00,\
  35,00,33,00,30,00,46,00,33,00,41,00,32,00,34,00,44,00,42,00,30,00,7d,00,00,\
  00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,\
  61,00,6e,00,53,00,65,00,72,00,76,00,65,00,72,00,5f,00,4e,00,65,00,74,00,62,\
  00,69,00,6f,00,73,00,53,00,6d,00,62,00,00,00,5c,00,44,00,65,00,76,00,69,00,\
  63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,53,00,65,00,72,00,76,\
  00,65,00,72,00,5f,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,\
  69,00,70,00,5f,00,7b,00,32,00,35,00,31,00,35,00,36,00,45,00,30,00,34,00,2d,\
  00,46,00,45,00,32,00,45,00,2d,00,34,00,32,00,32,00,35,00,2d,00,39,00,46,00,\
  31,00,31,00,2d,00,31,00,30,00,43,00,34,00,36,00,31,00,36,00,41,00,43,00,42,\
  00,30,00,43,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,\
  4c,00,61,00,6e,00,6d,00,61,00,6e,00,53,00,65,00,72,00,76,00,65,00,72,00,5f,\
  00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,\
  7b,00,36,00,42,00,32,00,42,00,37,00,37,00,44,00,32,00,2d,00,43,00,39,00,37,\
  00,46,00,2d,00,34,00,34,00,34,00,37,00,2d,00,39,00,34,00,34,00,41,00,2d,00,\
  32,00,31,00,36,00,35,00,41,00,45,00,38,00,33,00,30,00,45,00,32,00,46,00,7d,\
  00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,\
  6d,00,61,00,6e,00,53,00,65,00,72,00,76,00,65,00,72,00,5f,00,4e,00,65,00,74,\
  00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,42,00,43,00,\
  39,00,32,00,36,00,42,00,37,00,39,00,2d,00,46,00,36,00,32,00,42,00,2d,00,34,\
  00,34,00,33,00,39,00,2d,00,39,00,39,00,44,00,39,00,2d,00,35,00,35,00,33,00,\
  30,00,46,00,33,00,41,00,32,00,34,00,44,00,42,00,30,00,7d,00,00,00,5c,00,44,\
  00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,\
  53,00,65,00,72,00,76,00,65,00,72,00,5f,00,4e,00,65,00,74,00,42,00,54,00,5f,\
  00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,35,00,33,00,35,00,30,00,\
  46,00,38,00,41,00,45,00,2d,00,39,00,39,00,34,00,43,00,2d,00,34,00,35,00,39,\
  00,30,00,2d,00,41,00,39,00,45,00,45,00,2d,00,43,00,43,00,46,00,45,00,41,00,\
  34,00,45,00,41,00,33,00,34,00,33,00,32,00,7d,00,00,00,5c,00,44,00,65,00,76,\
  00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,53,00,65,00,\
  72,00,76,00,65,00,72,00,5f,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,\
  00,70,00,69,00,70,00,36,00,5f,00,7b,00,43,00,42,00,39,00,42,00,38,00,30,00,\
  34,00,45,00,2d,00,42,00,31,00,35,00,42,00,2d,00,34,00,31,00,46,00,41,00,2d,\
  00,39,00,34,00,46,00,42,00,2d,00,39,00,45,00,36,00,45,00,45,00,35,00,45,00,\
  31,00,45,00,33,00,34,00,36,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,\
  00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,53,00,65,00,72,00,76,00,\
  65,00,72,00,5f,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,\
  00,70,00,36,00,5f,00,7b,00,32,00,35,00,31,00,35,00,36,00,45,00,30,00,34,00,\
  2d,00,46,00,45,00,32,00,45,00,2d,00,34,00,32,00,32,00,35,00,2d,00,39,00,46,\
  00,31,00,31,00,2d,00,31,00,30,00,43,00,34,00,36,00,31,00,36,00,41,00,43,00,\
  42,00,30,00,43,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,\
  00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,53,00,65,00,72,00,76,00,65,00,72,00,\
  5f,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,\
  00,5f,00,7b,00,36,00,42,00,32,00,42,00,37,00,37,00,44,00,32,00,2d,00,43,00,\
  39,00,37,00,46,00,2d,00,34,00,34,00,34,00,37,00,2d,00,39,00,34,00,34,00,41,\
  00,2d,00,32,00,31,00,36,00,35,00,41,00,45,00,38,00,33,00,30,00,45,00,32,00,\
  46,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,\
  00,6e,00,6d,00,61,00,6e,00,53,00,65,00,72,00,76,00,65,00,72,00,5f,00,4e,00,\
  65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,\
  00,35,00,34,00,36,00,44,00,41,00,33,00,36,00,30,00,2d,00,30,00,43,00,31,00,\
  33,00,2d,00,34,00,31,00,45,00,44,00,2d,00,41,00,34,00,34,00,44,00,2d,00,42,\
  00,44,00,30,00,46,00,32,00,38,00,38,00,32,00,43,00,31,00,35,00,44,00,7d,00,\
  00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,\
  00,61,00,6e,00,53,00,65,00,72,00,76,00,65,00,72,00,5f,00,4e,00,65,00,74,00,\
  42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,42,00,43,\
  00,39,00,32,00,36,00,42,00,37,00,39,00,2d,00,46,00,36,00,32,00,42,00,2d,00,\
  34,00,34,00,33,00,39,00,2d,00,39,00,39,00,44,00,39,00,2d,00,35,00,35,00,33,\
  00,30,00,46,00,33,00,41,00,32,00,34,00,44,00,42,00,30,00,7d,00,00,00,00,00
 
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\LanmanServer\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  73,00,72,00,76,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001
"EnableAuthenticateUserSharing"=dword:00000000
"NullSessionPipes"=hex(7):00,00
"autodisconnect"=dword:0000000f
"enableforcedlogoff"=dword:00000001
"enablesecuritysignature"=dword:00000000
"requiresecuritysignature"=dword:00000000
"restrictnullsessaccess"=dword:00000001
"Lmannounce"=dword:00000000
"Size"=dword:00000003
"AdjustedNullSessionPipes"=dword:00000003
"SizReqBuf"=dword:00004000
"Guid"=hex:a5,54,81,c7,de,c3,ee,44,b0,68,fd,c7,a0,c0,58,3d
 
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\LanmanServer\ShareProviders]
 
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\LanmanServer\Shares]
 
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\LanmanServer\Shares\Security]
 
================== Result for "SENS" ==================
 
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\SENS]
"DisplayName"="@%SystemRoot%\\system32\\Sens.dll,-200"
"Group"="ProfSvc_Group"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"Description"="@%SystemRoot%\\system32\\Sens.dll,-201"
"ObjectName"="LocalSystem"
"ErrorControl"=dword:00000001
"Start"=dword:00000002
"Type"=dword:00000020
"DependOnService"=hex(7):45,00,76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,\
  65,00,6d,00,00,00,00,00
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,41,00,75,00,64,00,69,00,74,00,50,00,72,\
  00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,68,00,\
  61,00,6e,00,67,00,65,00,4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,\
  00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,\
  61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,00,76,\
  00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,\
  72,00,73,00,6f,00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,\
  00,65,00,67,00,65,00,00,00,53,00,65,00,54,00,63,00,62,00,50,00,72,00,69,00,\
  76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00
 
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\SENS\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  73,00,65,00,6e,00,73,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceMain"="ServiceMain"
"ServiceDllUnloadOnStop"=dword:00000001
 
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\SENS\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
  05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,25,\
  02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
  00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
 
================== Result for "cryptsvc.dll" ==================
 
 
 
================== End Of Export =============

Farbar Service Scanner Version: 02-02-2014
Ran by Manj (administrator) on 15-02-2014 at 09:12:16
Microsoft Windows 7 Ultimate   (X64)
 
************************************************
======== Search: "MpsSvc;wscsvc;wuauserv;cryptsvc;WinDefend;LanmanServer;SENS;cryptsvc.dll" =========
 
C:\Windows\System32\cryptsvc.dll
[2009-07-13 18:49] - [2009-07-13 20:40] - 0175104 ____A (Microsoft Corporation) 8C57411B66282C01533CB776F98AD384
 
C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2009-07-13 18:33] - [2009-07-13 20:15] - 0135680 ____A (Microsoft Corporation) 9C231178CE4FB385F4B54B0A9080B8A4
 
C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009-07-13 18:49] - [2009-07-13 20:40] - 0175104 ____A (Microsoft Corporation) 8C57411B66282C01533CB776F98AD384
 
C:\Windows\SysWOW64\cryptsvc.dll
[2009-07-13 18:33] - [2009-07-13 20:15] - 0135680 ____A (Microsoft Corporation) 9C231178CE4FB385F4B54B0A9080B8A4
 
====== End Of Search ======


#9 infamousm

infamousm
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 15 February 2014 - 09:18 AM

Farbar Service Scanner Version: 02-02-2014
Ran by Manj (administrator) on 15-02-2014 at 09:12:16
Microsoft Windows 7 Ultimate   (X64)
 
************************************************
======== Search: "MpsSvc;wscsvc;wuauserv;cryptsvc;WinDefend;LanmanServer;SENS;cryptsvc.dll" =========
 
C:\Windows\System32\cryptsvc.dll
[2009-07-13 18:49] - [2009-07-13 20:40] - 0175104 ____A (Microsoft Corporation) 8C57411B66282C01533CB776F98AD384
 
C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2009-07-13 18:33] - [2009-07-13 20:15] - 0135680 ____A (Microsoft Corporation) 9C231178CE4FB385F4B54B0A9080B8A4
 
C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009-07-13 18:49] - [2009-07-13 20:40] - 0175104 ____A (Microsoft Corporation) 8C57411B66282C01533CB776F98AD384
 
C:\Windows\SysWOW64\cryptsvc.dll
[2009-07-13 18:33] - [2009-07-13 20:15] - 0135680 ____A (Microsoft Corporation) 9C231178CE4FB385F4B54B0A9080B8A4
 
====== End Of Search ======


#10 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:08:26 PM

Posted 15 February 2014 - 10:07 AM

Please be patient since this log will takes some time to analyze.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#11 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:08:26 PM

Posted 16 February 2014 - 07:43 AM

I need some more information.

 

Please open Farbar Service Scanner again, now copy following text into "search" box:

RpcSs;RpcEptMapper;DCOMLaunch

Then click "Export Service" and wait, post the report here.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#12 infamousm

infamousm
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 16 February 2014 - 07:56 AM

Farbar Service Scanner Version: 02-02-2014
Ran by Manj (administrator) on 16-02-2014 at 07:56:26
Microsoft Windows 7 Ultimate   (X64)
 
************************************************
======== Search: "RpcSs;RpcEptMapper;DCOMLaunch" =========
 
====== End Of Search ======


#13 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:08:26 PM

Posted 16 February 2014 - 08:13 AM

Please click on "Export services" not "search". :)

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#14 infamousm

infamousm
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 16 February 2014 - 09:34 AM

Sorry xD

 

Note: The export is in "Windows Registry Editor Version 5.00" format.
 
================== Result for "RpcSs" ==================
 
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\RpcSs]
"DisplayName"="@oleres.dll,-5010"
"Group"="COM Infrastructure"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,72,00,70,00,63,00,73,00,73,00,00,00
"Description"="@oleres.dll,-5011"
"ObjectName"="NT AUTHORITY\\NetworkService"
"ErrorControl"=dword:00000001
"Start"=dword:00000002
"Type"=dword:00000020
"DependOnService"=hex(7):52,00,70,00,63,00,45,00,70,00,74,00,4d,00,61,00,70,00,\
  70,00,65,00,72,00,00,00,44,00,63,00,6f,00,6d,00,4c,00,61,00,75,00,6e,00,63,\
  00,68,00,00,00,00,00
"FailureActions"=hex:00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,\
  00,02,00,00,00,60,ea,00,00
"RequiredPrivileges"=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\
  00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
  67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,00,6c,\
  00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,\
  65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,\
  00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\
  00,00
"ServiceSidType"=dword:00000001
 
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\RpcSs\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  72,00,70,00,63,00,73,00,73,00,2e,00,64,00,6c,00,6c,00,00,00
 
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\RpcSs\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,00,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,60,00,04,00,00,00,00,00,14,00,85,00,02,00,01,01,00,00,00,00,00,\
  05,0b,00,00,00,00,00,14,00,ff,00,0e,00,01,01,00,00,00,00,00,05,12,00,00,00,\
  00,00,18,00,fd,00,0e,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,\
  00,18,00,85,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,21,02,00,00,01,01,\
  00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
 
================== Result for "RpcEptMapper" ==================
 
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\RpcEptMapper]
"DisplayName"="@%windir%\\system32\\RpcEpMap.dll,-1001"
"Group"="COM Infrastructure"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,52,00,50,00,43,00,53,00,53,00,00,00
"Description"="@%windir%\\system32\\RpcEpMap.dll,-1002"
"ObjectName"="NT AUTHORITY\\NetworkService"
"ErrorControl"=dword:00000001
"Start"=dword:00000002
"Type"=dword:00000020
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\
  00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
  67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\
  00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
  00,00,53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,00,6c,00,6f,00,62,\
  00,61,00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\
  00,00
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00
 
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\RpcEptMapper\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  52,00,70,00,63,00,45,00,70,00,4d,00,61,00,70,00,2e,00,64,00,6c,00,6c,00,00,\
  00
 
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\RpcEptMapper\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,00,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,60,00,04,00,00,00,00,00,14,00,85,00,02,00,01,01,00,00,00,00,00,\
  05,0b,00,00,00,00,00,14,00,ff,00,0e,00,01,01,00,00,00,00,00,05,12,00,00,00,\
  00,00,18,00,fd,00,0e,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,\
  00,18,00,95,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,21,02,00,00,01,01,\
  00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
 
================== Result for "DCOMLaunch" ==================
 
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\DCOMLaunch]
"DisplayName"="@oleres.dll,-5012"
"Group"="COM Infrastructure"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,44,00,63,00,6f,00,6d,00,4c,00,61,00,75,00,6e,00,63,00,68,00,00,\
  00
"Description"="@oleres.dll,-5013"
"ObjectName"="LocalSystem"
"ErrorControl"=dword:00000001
"Start"=dword:00000002
"Type"=dword:00000020
"FailureActions"=hex:00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,\
  00,02,00,00,00,60,ea,00,00
"RequiredPrivileges"=hex(7):53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,50,\
  00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,\
  72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,75,\
  00,64,00,69,00,74,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
  00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,00,6f,00,74,00,69,\
  00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\
  53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,\
  00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,\
  65,00,44,00,65,00,62,00,75,00,67,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\
  00,67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,\
  6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\
  00,00,00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,73,00,65,00,51,00,\
  75,00,6f,00,74,00,61,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\
  00,00,00,53,00,65,00,54,00,63,00,62,00,50,00,72,00,69,00,76,00,69,00,6c,00,\
  65,00,67,00,65,00,00,00,53,00,65,00,42,00,61,00,63,00,6b,00,75,00,70,00,50,\
  00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,52,00,\
  65,00,73,00,74,00,6f,00,72,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\
  00,67,00,65,00,00,00,00,00
"ServiceSidType"=dword:00000001
 
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\DCOMLaunch\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  72,00,70,00,63,00,73,00,73,00,2e,00,64,00,6c,00,6c,00,00,00
 
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\DCOMLaunch\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,00,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,60,00,04,00,00,00,00,00,14,00,85,00,02,00,01,01,00,00,00,00,00,\
  05,0b,00,00,00,00,00,14,00,ff,00,0e,00,01,01,00,00,00,00,00,05,12,00,00,00,\
  00,00,18,00,fd,00,0e,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,\
  00,18,00,85,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,21,02,00,00,01,01,\
  00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
 
 
 
================== End Of Export =============


#15 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:08:26 PM

Posted 16 February 2014 - 01:19 PM

So, can you try these options if possible?

 

:step1: Boot into safe mode by click on F8 button when the computer is booting. (Before "starting windows" appear on the screen.) and select "Safe Mode"

Did the freeze occur there too?

 

:step2: If possible, uninstall Nexon Game Manager and check that the problem occur or not.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users