Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

If Freedom Is Outlawed Only Outlaws Will Have Freedom


  • This topic is locked This topic is locked
12 replies to this topic

#1 alcastive

alcastive

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lebanon
  • Local time:05:40 AM

Posted 14 June 2007 - 08:10 AM

Hey Guys
I'm A Newbie In Here And I Need Some Help, I Had Some Kind Of A Hijacker Recentlty In My Network
The Infection Doesn't Allow Me To Explore Or Edit The Registry Neither The Task Manager, Also It Doesn't Allow Me To Access My Drives C, D.. I Have To Do A "Right Click" And Then Explore, But When Doing A "Right Click" Two Messages Appear The First One Is "If Freedom Is Outlawed, Only Outlaws Will Have Freedom" And The Second One Is "Just A Game"
This Kind Of A Malware Came From A USB, So Now Every USB Plugged In My Network Will Be Infected, The Infection Also Creates 2 Hidden Files That Cannot Be Removed With Any Software, It's "System.com" And "Recycler.com"
I Used The Most Popular Anti Viruses AVG, Norton(Also Corporate), McAfee, NOD32, Kaspersky,
Also These Anti Spywares And Anti Malwares/Trojans:
Spyware Doctor, AVG Anti Spyware, Spybot, Registry Mechanic/Cleaner Trojan Hunter... And Many None Could Removed It
I Hope That I Can Get Help With This Problem, I Think That There Is No Anti Spyware/Virus Can Remove This, Maybe A Removal Tool.

Thank You For Your Time And Help In Advance

Edited by alcastive, 14 June 2007 - 10:03 AM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,260 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:40 PM

Posted 14 June 2007 - 02:24 PM

Post a Hijack This log in the Hijack This Forum by following the directions in the link below.
DO NOT post the log in this forum.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 alcastive

alcastive
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lebanon
  • Local time:05:40 AM

Posted 15 June 2007 - 12:55 AM

And What Is The Hijack This Forum :thumbsup:
Sorry I Don't Know About That Program I Download It From Another Source And Scanned My PC

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:40 PM

Posted 15 June 2007 - 01:02 AM

HijackThis Forum.

Read through the link given in buddy215's post and it will give you all the info you need.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 alcastive

alcastive
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lebanon
  • Local time:05:40 AM

Posted 15 June 2007 - 01:04 AM

Thank You Guys

I Will

#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:40 PM

Posted 15 June 2007 - 01:12 AM

You're welcome. I hope everything gets sorted out. Just remember that the helpers in the HijackThis forum are very busy and it may take a few days for someone to get to you. Be patient.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 marwov

marwov

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 20 June 2007 - 04:02 AM

Hey I am facing the same problem as follow :
I Had Some Kind Of A Hijacker Recentlty In My Network
The Infection Doesn't Allow Me To Explore Or Edit The Registry Neither The Task Manager, Also It Doesn't Allow Me To Access My Drives C, D.. I Have To Do A "Right Click" And Then Explore, But When Doing A "Right Click" Two Messages Appear The First One Is "If Freedom Is Outlawed, Only Outlaws Will Have Freedom" And The Second One Is "Just A Game"
This Kind Of A Malware Came From A USB, So Now Every USB Plugged In My Network Will Be Infected, The Infection Also Creates 2 Hidden Files That Cannot Be Removed With Any Software, It's "System.com" And "Recycler.com"
I Used The Most Popular Anti Viruses AVG, Norton(Also Corporate), McAfee, NOD32, Kaspersky,
Also These Anti Spywares And Anti Malwares/Trojans:
Spyware Doctor, AVG Anti Spyware, Spybot, Registry Mechanic/Cleaner Trojan Hunter... And Many None Could Removed It
I Hope That I Can Get Help With This Problem, I Think That There Is No Anti Spyware/Virus Can Remove This, Maybe A Removal Tool.

Thank You For Your Time And Help In Advance

here's the HIjackthis :
WinPFind3 logfile created on: 6/19/2007 7:16:04 PM
WinPFind3U by OldTimer - Version 1.0.38 Folder = C:\Documents and Settings\Chaaya\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

767.48 Mb Total Physical Memory | 481.70 Mb Available Physical Memory | 62.76% Memory free
1.83 Gb Paging File | 1.57 Gb Available in Paging File | 85.55% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 24.22 Gb Free Space | 64.98% Space Free
D: Drive not present or media not loaded
Drive E: | 18.99 Gb Total Space | 18.80 Gb Free Space | 99.01% Space Free
F: Drive not present or media not loaded

Computer Name: SANHARIB
Current User Name: Chaaya
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
hwapi.exe -> %CommonProgramFiles%\McAfee\HackerWatch\HWAPI.exe -> McAfee, Inc. [Ver = 8.0.163.0 | Size = 554600 bytes | Modified Date = 7/24/2006 2:49:34 PM | Attr = ]
launchapplication.exe -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 82, 70, 1 | Size = 222208 bytes | Modified Date = 11/8/2006 1:27:54 PM | Attr = ]
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 7,0,317,0 | Size = 562800 bytes | Modified Date = 7/22/2006 10:31:02 PM | Attr = ]
mclogsrv.exe -> %ProgramFiles%\McAfee\MSC\mclogsrv.exe -> McAfee, Inc. [Ver = 7,0,317,0 | Size = 178800 bytes | Modified Date = 7/22/2006 10:32:06 PM | Attr = ]
mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 1,0,176,0 | Size = 2135592 bytes | Modified Date = 7/21/2006 5:30:50 PM | Attr = ]
mcods.exe -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 11,0,201,0 | Size = 353872 bytes | Modified Date = 7/14/2006 9:38:12 PM | Attr = ]
mcpromgr.exe -> %ProgramFiles%\McAfee\MSC\mcpromgr.exe -> McAfee, Inc. [Ver = 7,0,317,0 | Size = 473200 bytes | Modified Date = 7/22/2006 10:31:30 PM | Attr = ]
mcregist.exe -> %ProgramFiles%\McAfee\MSC\mcregist.exe -> McAfee, Inc. [Ver = 5,0,154,0 | Size = 484904 bytes | Modified Date = 7/27/2006 3:59:16 PM | Attr = ]
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> McAfee, Inc. [Ver = 13.2.0.178 | Size = 140864 bytes | Modified Date = 7/14/2006 12:08:42 AM | Attr = ]
mcsysmon.exe -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 11,0,281,0 | Size = 624208 bytes | Modified Date = 7/14/2006 3:42:20 PM | Attr = ]
mctskshd.exe -> %ProgramFiles%\McAfee\MSC\mctskshd.exe -> McAfee, Inc. [Ver = 7,0,317,0 | Size = 189552 bytes | Modified Date = 7/22/2006 10:31:48 PM | Attr = ]
mcuimgr.exe -> %ProgramFiles%\McAfee\MSC\mcuimgr.exe -> McAfee, Inc. [Ver = 7,0,317,0 | Size = 254576 bytes | Modified Date = 7/22/2006 10:31:52 PM | Attr = ]
mcupdmgr.exe -> %ProgramFiles%\McAfee\MSC\mcupdmgr.exe -> McAfee, Inc. [Ver = 7,0,317,0 | Size = 665200 bytes | Modified Date = 7/22/2006 10:32:14 PM | Attr = ]
mcusrmgr.exe -> %ProgramFiles%\McAfee\MSC\mcusrmgr.exe -> McAfee, Inc. [Ver = 7,0,317,0 | Size = 304752 bytes | Modified Date = 7/22/2006 10:31:58 PM | Attr = ]
mcvsshld.exe -> %ProgramFiles%\McAfee\VirusScan\mcvsshld.exe -> McAfee, Inc. [Ver = 11,0,205,0 | Size = 374352 bytes | Modified Date = 7/18/2006 5:19:42 PM | Attr = ]
mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 8.0.198.0 | Size = 804392 bytes | Modified Date = 7/25/2006 11:01:02 AM | Attr = ]
pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0910 | Size = 30208 bytes | Modified Date = 12/7/2005 10:57:00 PM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3249 | Size = 180269 bytes | Modified Date = 3/11/2007 12:54:52 AM | Attr = ]
richvideo.exe -> %ProgramFiles%\CyberLink\Shared files\RichVideo.exe -> [Ver = 1.1.0808 | Size = 167936 bytes | Modified Date = 8/7/2005 10:54:00 PM | Attr = ]
servicelayer.exe -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 82, 69, 3 | Size = 210432 bytes | Modified Date = 11/6/2006 2:21:10 PM | Attr = ]
siteadv.exe -> %ProgramFiles%\SiteAdvisor\SiteAdv.exe -> McAfee, Inc. [Ver = 1.6.0.23 | Size = 35992 bytes | Modified Date = 7/24/2006 1:28:22 PM | Attr = ]
sqlserv.exe -> %AllUsersAppData%\sqlserv.exe -> [Ver = | Size = 196701 bytes | Modified Date = 2/22/2007 11:20:12 AM | Attr = HS]
wincinemamgr.exe -> %ProgramFiles%\InterVideo\Common\Bin\WinCinemaMgr.exe -> InterVideo Inc. [Ver = 1.8.2 | Size = 212992 bytes | Modified Date = 6/4/2004 8:54:00 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 318976 bytes | Modified Date = 5/22/2007 6:27:40 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ]
(Emproxy) McAfee E-mail Proxy [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\McAfee\EmProxy\emproxy.exe -> McAfee, Inc. [Ver = 11,0,170,0 | Size = 341584 bytes | Modified Date = 7/22/2006 3:06:16 PM | Attr = ]
(McAfee HackerWatch Service) McAfee HackerWatch Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\HackerWatch\HWAPI.exe -> McAfee, Inc. [Ver = 8.0.163.0 | Size = 554600 bytes | Modified Date = 7/24/2006 2:49:34 PM | Attr = ]
(McLogManagerService) McAfee Log Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mclogsrv.exe -> McAfee, Inc. [Ver = 7,0,317,0 | Size = 178800 bytes | Modified Date = 7/22/2006 10:32:06 PM | Attr = ]
(mcmispupdmgr) McAfee Update Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcupdmgr.exe -> McAfee, Inc. [Ver = 7,0,317,0 | Size = 665200 bytes | Modified Date = 7/22/2006 10:32:14 PM | Attr = ]
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 1,0,176,0 | Size = 2135592 bytes | Modified Date = 7/21/2006 5:30:50 PM | Attr = ]
(McODS) McAfee Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 11,0,201,0 | Size = 353872 bytes | Modified Date = 7/14/2006 9:38:12 PM | Attr = ]
(mcpromgr) McAfee Protection Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcpromgr.exe -> McAfee, Inc. [Ver = 7,0,317,0 | Size = 473200 bytes | Modified Date = 7/22/2006 10:31:30 PM | Attr = ]
(McRedirector) McAfee Redirector Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\McAfee\RedirSvc\RedirSvc.exe -> McAfee, Inc. [Ver = 1,0,198,0 | Size = 231008 bytes | Modified Date = 7/16/2006 4:22:06 PM | Attr = ]
(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> -> File not found
(McSysmon) McAfee SystemGuards [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 11,0,281,0 | Size = 624208 bytes | Modified Date = 7/14/2006 3:42:20 PM | Attr = ]
(mctskshd.exe) McAfee Task Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mctskshd.exe -> McAfee, Inc. [Ver = 7,0,317,0 | Size = 189552 bytes | Modified Date = 7/22/2006 10:31:48 PM | Attr = ]
(mcusrmgr) McAfee User Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcusrmgr.exe -> McAfee, Inc. [Ver = 7,0,317,0 | Size = 304752 bytes | Modified Date = 7/22/2006 10:31:58 PM | Attr = ]
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 8.0.198.0 | Size = 804392 bytes | Modified Date = 7/25/2006 11:01:02 AM | Attr = ]
(RichVideo) Cyberlink RichVideo Service(CRVS) [Win32_Own | Auto | Running] -> %ProgramFiles%\CyberLink\Shared files\RichVideo.exe -> [Ver = 1.1.0808 | Size = 167936 bytes | Modified Date = 8/7/2005 10:54:00 PM | Attr = ]
(ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Running] -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 82, 69, 3 | Size = 210432 bytes | Modified Date = 11/6/2006 2:21:10 PM | Attr = ]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found
(Aldebaran) Aldebaran - Storage Filter Drivers [Kernel | On_Demand | Stopped] -> %System32%\Drivers\Aldebaran.sys -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found
(asc) asc [Kernel | Disabled | Stopped] -> -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found
(ASPI32) ASPI32 [Kernel | System | Stopped] -> -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/3/2004 11:07:18 PM | Attr = ]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/3/2004 11:07:18 PM | Attr = ]
(dmload) dmload [Kernel | Boot | Running] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found
(hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found
(hpt3xx) hpt3xx [Kernel | Disabled | Stopped] -> -> File not found
(i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found
(ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found
(IntelIde) IntelIde [Kernel | Disabled | Stopped] -> -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(MagicTune) MagicTune [Kernel | On_Demand | Stopped] -> %System32%\drivers\MTictwl.sys -> [Ver = | Size = 13396 bytes | Modified Date = 10/21/2005 7:25:32 AM | Attr = ]
(mfeavfk) McAfee Inc. [Kernel | On_Demand | Running] -> %System32%\drivers\mfeavfk.sys -> McAfee, Inc. [Ver = 13.2.0.157 | Size = 84744 bytes | Modified Date = 7/8/2006 3:46:16 PM | Attr = ]
(mfebopk) McAfee Inc. [Kernel | On_Demand | Running] -> %System32%\drivers\mfebopk.sys -> McAfee, Inc. [Ver = 13.2.0.159 | Size = 33896 bytes | Modified Date = 7/14/2006 12:09:34 AM | Attr = ]
(mfehidk) McAfee Inc. [Kernel | On_Demand | Running] -> %System32%\drivers\mfehidk.sys -> McAfee, Inc. [Ver = 13.2.0.159 | Size = 161768 bytes | Modified Date = 7/14/2006 12:09:48 AM | Attr = ]
(mferkdk) McAfee Inc. [Kernel | On_Demand | Stopped] -> %System32%\drivers\mferkdk.sys -> McAfee, Inc. [Ver = 13.2.0.159 | Size = 31560 bytes | Modified Date = 7/14/2006 12:09:54 AM | Attr = ]
(mfesmfk) McAfee Inc. [Kernel | On_Demand | Running] -> %System32%\drivers\mfesmfk.sys -> McAfee, Inc. [Ver = 13.2.0.159 | Size = 37800 bytes | Modified Date = 7/14/2006 12:10:00 AM | Attr = ]
(MPFP) MPFP [Kernel | System | Running] -> %System32%\drivers\Mpfp.sys -> McAfee, Inc. [Ver = 8.0.158.0 | Size = 104024 bytes | Modified Date = 7/17/2006 9:56:26 PM | Attr = ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found
(Nokia USB Generic) Nokia USB Generic [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcdc.sys -> Nokia [Ver = 6.82.3.0 | Size = 9216 bytes | Modified Date = 10/10/2006 8:54:32 AM | Attr = ]
(Nokia USB Modem) Nokia USB Modem [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcdcm.sys -> Nokia [Ver = 6.82.3.0 | Size = 12800 bytes | Modified Date = 10/10/2006 8:54:32 AM | Attr = ]
(Nokia USB Phone Parent) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcd.sys -> Nokia [Ver = 6.82.3.0 | Size = 138240 bytes | Modified Date = 10/10/2006 8:54:34 AM | Attr = ]
(nv) nv [Kernel | On_Demand | Stopped] -> %System32%\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 8/3/2004 10:29:56 PM | Attr = ]
(nv4) nv4 [Kernel | On_Demand | Stopped] -> %System32%\drivers\nv4.sys -> NVIDIA Corporation [Ver = 5.01.2001.1240 (ReleasedBinaries.010717-0141) | Size = 731648 bytes | Modified Date = 8/17/2001 5:50:26 AM | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys -> [Ver = | Size = 27440 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(SiS7018) Service for AC'97 Sample Driver (WDM) [Kernel | On_Demand | Running] -> %System32%\drivers\ac97sis.sys -> Silicon Integrated Systems Corp. [Ver = 5.1.2501.0 built by: WinDDK | Size = 297728 bytes | Modified Date = 8/17/2001 5:20:16 AM | Attr = ]
(sisagp) SIS AGP Bus Filter [Kernel | Boot | Running] -> %System32%\drivers\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/3/2004 11:07:44 PM | Attr = ]
(SISNIC) SiS PCI Fast Ethernet Adapter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\sisnic.sys -> SiS Corporation [Ver = 1.16.00.05 built by: WinDDK | Size = 32768 bytes | Modified Date = 8/3/2004 10:31:36 PM | Attr = ]
(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %System32%\drivers\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 8/17/2001 2:56:16 PM | Attr = ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found
(symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found
(SYMIDSCO) SYMIDSCO [Kernel | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20040813.178\symidsco.sys -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found
(TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found
(TVICHW32) TVICHW32 [Kernel | On_Demand | Stopped] -> %System32%\drivers\TVicHW32.sys -> EnTech Taiwan [Ver = 1.0 | Size = 24656 bytes | Modified Date = 8/14/2001 5:37:58 AM | Attr = ]
(ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] -> -> File not found
(VICHW00) VICHW00 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\VICHW00.SYS -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
(WmBEnum) Logitech Virtual Bus Enumerator Driver [Kernel | On_Demand | Running] -> %System32%\drivers\WmBEnum.sys -> Logitech Inc. [Ver = 4.40.130 | Size = 10144 bytes | Modified Date = 4/14/2004 11:08:00 AM | Attr = ]
(WmFilter) Logitech WingMan HID Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\WmFilter.sys -> Logitech Inc. [Ver = 4.40.130 | Size = 21280 bytes | Modified Date = 4/14/2004 11:08:00 AM | Attr = ]
(WmVirHid) Logitech Virtual Hid Device Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\WmVirHid.sys -> Logitech Inc. [Ver = 4.40.130 | Size = 5600 bytes | Modified Date = 4/14/2004 11:08:00 AM | Attr = ]
(WmXlCore) Logitech WingMan Translation Layer Driver [Kernel | On_Demand | Running] -> %System32%\drivers\WmXlCore.sys -> Logitech Inc. [Ver = 4.40.130 | Size = 44064 bytes | Modified Date = 4/14/2004 11:08:00 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LanguageShortcut -> %ProgramFiles%\CyberLink\PowerDVD\Language\Language.exe -> [Ver = 1, 0, 1613, 0 | Size = 49152 bytes | Modified Date = 4/13/2006 11:09:00 AM | Attr = ]
MS32DLL -> %SystemRoot%\MS32DLL.dll.vbs -> [Ver = | Size = 3754 bytes | Modified Date = 6/2/2007 2:00:28 AM | Attr = RHS]
PCSuiteTrayApplication -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 82, 70, 1 | Size = 222208 bytes | Modified Date = 11/8/2006 1:27:54 PM | Attr = ]
RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0910 | Size = 30208 bytes | Modified Date = 12/7/2005 10:57:00 PM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3249 | Size = 180269 bytes | Modified Date = 3/11/2007 12:54:52 AM | Attr = ]
userd -> %SystemRoot%\RECYCLER\systems.com -> File not found
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
sqlserv -> %AllUsersAppData%\sqlserv.exe -> [Ver = | Size = 196701 bytes | Modified Date = 2/22/2007 11:20:12 AM | Attr = HS]
Tok-Cirrhatus -> %LocalAppData%\smss.exe -> File not found
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\InterVideo WinCinema Manager.lnk -> %ProgramFiles%\InterVideo\Common\Bin\WinCinemaMgr.exe -> InterVideo Inc. [Ver = 1.8.2 | Size = 212992 bytes | Modified Date = 6/4/2004 8:54:00 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
taskmger.com -> taskmger.com -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFolderOptions -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableCMD -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskmgr -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoFolderOptions -> 1 ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{089FD14D-132B-48FC-8861-0048AE113215} [HKLM] -> %ProgramFiles%\SiteAdvisor\SiteAdv.dll [Reg Data - Value does not exist] -> McAfee, Inc. [Ver = 1.6.0.23 | Size = 960664 bytes | Modified Date = 7/24/2006 1:27:42 PM | Attr = ]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> %ProgramFiles%\McAfee\virusscan\scriptsn.dll [scriptproxy] -> McAfee, Inc. [Ver = 13.2.0.178 | Size = 67136 bytes | Modified Date = 7/14/2006 12:10:34 AM | Attr = ]
{A5366673-E8CA-11D3-9CD9-0090271D075B} [HKLM] -> %ProgramFiles%\FlashGet\Jccatch.dll [IeCatch2 Class] -> Amaze Soft [Ver = 1, 1, 4, 0 | Size = 65536 bytes | Modified Date = 1/16/2002 7:12:18 PM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 2, 0, 114, 10 | Size = 720896 bytes | Modified Date = 5/21/2007 7:37:30 AM | Attr = R ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{0BF43445-2F28-4351-9252-17FE6E806AA0} [HKLM] -> %ProgramFiles%\SiteAdvisor\SiteAdv.dll [McAfee SiteAdvisor] -> McAfee, Inc. [Ver = 1.6.0.23 | Size = 960664 bytes | Modified Date = 7/24/2006 1:27:42 PM | Attr = ]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar1.dll [&Google] -> Google Inc. [Ver = 2, 0, 114, 10 | Size = 720896 bytes | Modified Date = 5/21/2007 7:37:30 AM | Attr = R ]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} [HKLM] -> %ProgramFiles%\FlashGet\fgiebar.dll [FlashGet Bar] -> Amaze Soft [Ver = 1, 2, 0, 0 | Size = 86016 bytes | Modified Date = 5/27/2002 3:17:56 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar1.dll [&Google] -> Google Inc. [Ver = 2, 0, 114, 10 | Size = 720896 bytes | Modified Date = 5/21/2007 7:37:30 AM | Attr = R ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -> Reg Data - Value does not exist [ButtonText: Create Mobile Favorite] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -> %ProgramFiles%\FlashGet\flashget.exe [ButtonText: FlashGet] -> Amaze Soft [Ver = 1, 6, 5, 0 | Size = 1482752 bytes | Modified Date = 9/1/2004 12:22:28 PM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&Google Search -> %ProgramFiles%\Google\GoogleToolbar1.dll\cmsearch.htm -> File not found
Backward Links -> %ProgramFiles%\Google\GoogleToolbar1.dll\cmbacklinks.htm -> File not found
Cached Snapshot of Page -> %ProgramFiles%\Google\GoogleToolbar1.dll\cmcache.htm -> File not found
Download All by FlashGet -> %ProgramFiles%\FlashGet\jc_all.htm -> [Ver = | Size = 575 bytes | Modified Date = 2/6/2000 11:06:06 AM | Attr = ]
Download using FlashGet -> %ProgramFiles%\FlashGet\jc_link.htm -> [Ver = | Size = 1898 bytes | Modified Date = 2/6/2000 11:06:34 AM | Attr = ]
E&xport to Microsoft Excel -> -> File not found
Similar Pages -> %ProgramFiles%\Google\GoogleToolbar1.dll\cmsimilar.htm -> File not found
Translate into English -> %ProgramFiles%\Google\GoogleToolbar1.dll\cmtrans.htm -> File not found
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{3C62E9D0-5D56-4272-889A-038794A2CFB8} -> (Windows Mobile-based Device) ->
{778F7F7D-9762-4C81-9CAC-7CC9D8A3DEF4} -> (Windows Mobile-based Device) ->
{B20DC2B4-85A6-402C-A179-535E16D27D1E} -> (SiS 900 PCI Fast Ethernet Adapter) ->
{CC39594C-3A98-4720-AB19-D9516D920AE5} -> (SiS 900-Based PCI Fast Ethernet Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found


[Registry - Additional Scans - All]
< ActiveX StubPath [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -> ->
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> ->
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ->
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ->
{4b218e3e-bc98-4770-93d3-2731b9329278} -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf ->
{5945c046-1e7d-11d1-bc44-00c04fd912be} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ->
{6BF52A52-394A-11d3-B153-00C04F79FAA6} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub ->
{73FA19D0-2D75-11D2-995D-00C04F98BBC9} -> ->
{7790769C-0471-11d2-AF11-00C04FA35D02} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ->
{89820200-ECBD-11cf-8B85-00AA005B4340} -> regsvr32.exe /s /n /i:U shell32.dll ->
{89820200-ECBD-11cf-8B85-00AA005B4383} -> %SystemRoot%\system32\ie4uinit.exe ->
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP ->
>{26923b43-4d38-484f-9b9e-de460746276c} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ->
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ->
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ->
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{00020D75-0000-0000-C000-000000000046} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\MLSHEXT.DLL [Microsoft Office Outlook Desktop Icon Handler] -> Microsoft Corporation [Ver = 11.0.5510 | Size = 29240 bytes | Modified Date = 7/14/2003 10:41:54 PM | Attr = ]
{00022613-0000-0000-C000-000000000046} [HKLM] -> %System32%\mmsys.cpl [Multimedia File Property Sheet] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 618496 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
{0006F045-0000-0000-C000-000000000046} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\OLKFSTUB.DLL [Microsoft Office Outlook Custom Icon Handler] -> Microsoft Corporation [Ver = 11.0.5510 | Size = 232512 bytes | Modified Date = 7/14/2003 10:46:42 PM | Attr = ]
{00BB2763-6A77-11D0-A535-00C04FD7D062} [HKLM] -> %System32%\browseui.dll [Microsoft AutoComplete] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1016832 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
{00BB2764-6A77-11D0-A535-00C04FD7D062} [HKLM] -> %System32%\browseui.dll [Microsoft History AutoComplete List] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1016832 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
{00BB2765-6A77-11D0-A535-00C04FD7D062} [HKLM] -> %System32%\browseui.dll [Microsoft Multiple AutoComplete List Container] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1016832 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
{01E04581-4EEE-11d0-BFE9-00AA005B4383} [HKLM] -> %System32%\browseui.dll [&Address] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1016832 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
{03C036F1-A186-11D0-824A-00AA005B4383} [HKLM] -> %System32%\browseui.dll [Microsoft Shell Folder AutoComplete List] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1016832 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
{07798131-AF23-11d1-9111-00A0C98BA67D} [HKLM] -> %System32%\browseui.dll [Web Search] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1016832 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
{08165EA0-E946-11CF-9C87-00AA005127ED} [HKLM] -> %System32%\webcheck.dll [WebCheckWebCrawler] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 276480 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
{0A89A860-D7B1-11CE-8350-444553540000} [HKLM] -> %System32%\shdocvw.dll [Shell Automation Inproc Service] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1483264 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{0B124F8F-91F0-11D1-B8B5-006008059382} [HKLM] -> %System32%\appwiz.cpl [Installed Apps Enumerator] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 549888 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} [HKLM] -> %System32%\cabview.dll [.CAB file viewer] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 84480 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
{0D45D530-764B-11d0-A1CA-00AA00C16E65} [HKLM] -> %System32%\dsuiext.dll [Directory Property UI] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 113152 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ]
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} [HKLM] -> %System32%\docprop2.dll [Microsoft DocProp Inplace Droplist Combo Control] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 48128 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ]
{10CFC467-4392-11d2-8DB4-00C04FA31A66} [HKLM] -> %System32%\cscui.dll [Offline Files Folder Options] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 326656 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
{131A6951-7F78-11D0-A979-00C04FD705A2} [HKLM] -> %System32%\shdocvw.dll [ISFBand OC] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1483264 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{143A62C8-C33B-11D1-84FE-00C04FA34A14} [HKLM] -> %SystemRoot%\msagent\agentpsh.dll [Microsoft Agent Character Property Sheet Handler] -> Microsoft Corporation [Ver = 2.00.0.3422 | Size = 24064 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} [HKLM] -> %System32%\dsquery.dll [Directory Object Find] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 239104 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ]
{169A0691-8DF9-11d1-A1C4-00C04FD75D13} [HKLM] -> %System32%\browseui.dll [In-pane search] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1016832 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
{176d6597-26d3-11d1-b350-080036a75b03} [HKLM] -> %System32%\icmui.dll [ICM Scanner Management] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 54784 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
{1F2E5C40-9550-11CE-99D2-00AA006E086C} [HKLM] -> %System32%\rshx32.dll [NTFS Security Page] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 39936 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{2206CDB2-19C1-11D1-89E0-00C04FD7A829} [HKLM] -> %CommonProgramFiles%\System\Ole DB\oledb32.dll [Microsoft Data Link] -> Microsoft Corporation [Ver = 2.81.1117.0 (xpsp_sp2_rtm.040803-2158) | Size = 487424 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{22BF0C20-6DA7-11D0-B373-00A0C9034938} [HKLM] -> %System32%\browseui.dll [Download Status] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1016832 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} [HKLM] -> %System32%\shdocvw.dll [Search] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1483264 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} [HKLM] -> %System32%\shdocvw.dll [Help and Support] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1483264 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} [HKLM] -> %System32%\shdocvw.dll [Help and Support] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1483264 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} [HKLM] -> %System32%\shdocvw.dll [Run...] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1483264 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} [HKLM] -> %System32%\shdocvw.dll [Internet] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1483264 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} [HKLM] -> %System32%\shdocvw.dll [E-mail] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1483264 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} [HKLM] -> %System32%\shdocvw.dll [Set Program Access and Defaults] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1483264 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} [HKLM] -> %System32%\docprop2.dll [Microsoft DocProp Inplace Time Control] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 48128 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ]
{30D02401-6A81-11d0-8274-00C04FD5AE38} [HKLM] -> %System32%\browseui.dll [Search Band] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1016832 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Media Band] -> File not found
{32714800-2E5F-11d0-8B85-00AA0044F941} [HKLM] -> %ProgramFiles%\Outlook Express\wabfind.dll [For &People...] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 32768 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
{352EC2B7-8B9A-11D1-B8AE-006008059382} [HKLM] -> %System32%\appwiz.cpl [Shell Application Manager] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 549888 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
{3C374A40-BAE4-11CF-BF7D-00AA006946EE} [HKLM] -> %System32%\shdocvw.dll [Microsoft Url History Service] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1483264 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} [HKLM] -> %System32%\browseui.dll [Shell DeskBarApp] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1016832 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} [HKLM] -> %System32%\shdocvw.dll [The Internet] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1483264 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{3EA48300-8CF6-101B-84FB-666CCB9BCD32} [HKLM] -> %System32%\docprop.dll [OLE Docfile Property Page] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 46080 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
{3F30C968-480A-4C6C-862D-EFC0897BB84B} [HKLM] -> %System32%\shimgvw.dll [GDI+ file thumbnail extractor] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 438272 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{3F953603-1008-4f6e-A73A-04AAC7A992F1} [HKLM] -> %System32%\wiashext.dll [Scanners & Cameras] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 589312 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} [HKLM] -> %System32%\shmedia.dll [Video Media Properties Handler] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 151552 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{40dd6e20-7c17-11ce-a804-00aa003ca9f6} [HKLM] -> %System32%\ntshrui.dll [Shell extensions for sharing] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 143872 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} [HKLM] -> %ProgramFiles%\Nokia\Nokia PC Suite 6\PhoneBrowser.dll [PhoneBrowser] -> Nokia [Ver = 6, 82, 63, 9 | Size = 566784 bytes | Modified Date = 11/10/2006 9:29:30 AM | Attr = ]
{41E300E0-78B6-11ce-849B-444553540000} [HKLM] -> %System32%\themeui.dll [PlusPack CPL Extension] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 385536 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
{42042206-2D85-11D3-8CFF-005004838597} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\MSOHEV.DLL [Microsoft Office HTML Icon Handler] -> Microsoft Corporation [Ver = 11.0.5510 | Size = 67128 bytes | Modified Date = 7/14/2003 10:52:58 PM | Attr = ]
{42071712-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> %System32%\deskadp.dll [Display Adapter CPL Extension] -> Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 16384 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
{42071713-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> %System32%\deskmon.dll [Display Monitor CPL Extension] -> Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 16896 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{49BF5420-FA7F-11cf-8011-00A0C90A8F78} [HKLM] -> %ProgramFiles%\Microsoft ActiveSync\Wcesview.dll [Mobile Device] -> Microsoft Corporation [Ver = 4.2.4876.0 | Size = 248616 bytes | Modified Date = 6/26/2006 4:13:30 PM | Attr = ]
{4a7ded0a-ad25-11d0-98a8-0800361b1103} [HKLM] -> %System32%\mydocs.dll [MyDocs Properties] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 90624 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{4E40F770-369C-11d0-8922-00A024AB2DBB} [HKLM] -> %System32%\dssec.dll [DS Security Page] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 51200 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ]
{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} [HKLM] -> %System32%\slayerxp.dll [Compatibility Page] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25088 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{56117100-C0CD-101B-81E2-00AA004AE837} [HKLM] -> %System32%\shscrap.dll [Shell Scrap DataHandler] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 27648 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{58f1f272-9240-4f51-b6d4-fd63d1618591} [HKLM] -> %System32%\netplwiz.dll [Get a Passport Wizard] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 875008 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{59099400-57FF-11CE-BD94-0020AF85B590} [HKLM] -> %System32%\diskcopy.dll [Disk Copy Extension] -> Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 1501696 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
{596AB062-B4D2-4215-9F74-E9109B0A8153} [HKLM] -> %System32%\twext.dll [Previous Versions Property Page] -> Microsoft Corporation [Ver = 6.00.3800.2180 (xpsp_sp2_rtm.040803-2158) | Size = 44032 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
{59be4990-f85c-11ce-aff7-00aa003ca9f6} [HKLM] -> %System32%\ntlanui2.dll [Shell extensions for Microsoft Windows Network objects] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 14336 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
{5DB2625A-54DF-11D0-B6C4-0800091AA605} [HKLM] -> %System32%\icmui.dll [ICM Monitor Management] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 54784 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
{5E6AB780-7743-11CF-A12B-00AA004AE837} [HKLM] -> %System32%\browseui.dll [Microsoft Internet Toolbar] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1016832 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
{5F327514-6C5E-4d60-8F16-D07FA08A78ED} [HKLM] -> %System32%\wuaucpl.cpl [Auto Update Property Sheet Extension] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 162304 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
{60254CA5-953B-11CF-8C96-00AA00B8708C} [HKLM] -> %System32%\wshext.dll [Shell extensions for Windows Script Host] -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 65536 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
{60fd46de-f830-4894-a628-6fa81bc0190d} [HKLM] -> %System32%\photowiz.dll [%DESC_PublishDropTarget%] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 176128 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{62AE1F9A-126A-11D0-A14B-0800361B1103} [HKLM] -> %System32%\dsuiext.dll [Directory Context Menu Verbs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 113152 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ]
{63da6ec0-2e98-11cf-8d82-444553540000} [HKLM] -> %System32%\msieftp.dll [FTP Folders Webview] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 248832 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ]
{6413BA2C-B461-11d1-A18A-080036B11A03} [HKLM] -> %System32%\browseui.dll [Augmented Shell Folder 2] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1016832 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} [HKLM] -> %System32%\shimgvw.dll [Shell Image Data Factory] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 438272 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{6756A641-DE71-11d0-831B-00AA005B4383} [HKLM] -> %System32%\browseui.dll [MRU AutoComplete List] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1016832 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
{675F097E-4C4D-11D0-B6C1-0800091AA605} [HKLM] -> %System32%\icmui.dll [ICM Printer Management] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 54784 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
{67EA19A0-CCEF-11d0-8024-00C04FD75D13} [HKLM] -> %System32%\shdocvw.dll [CDF Extension Copy Hook] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1483264 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{692F0339-CBAA-47e6-B5B5-3B84DB604E87} [HKLM] -> %System32%\extmgr.dll [Extensions Manager Folder] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 55808 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ]
{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} [HKLM] -> %System32%\browseui.dll [Custom MRU AutoCompleted List] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1016832 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
{6A205B57-2567-4A2C-B881-F787FAB579A3} [HKLM] -> %System32%\docprop2.dll [Microsoft DocProp Inplace Calendar Control] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 48128 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ]
{6b33163c-76a5-4b6c-bf21-45de9cd503a1} [HKLM] -> %System32%\netplwiz.dll [Shell Publishing Wizard Object] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 875008 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{7007ACC7-3202-11D1-AAD2-00805FC1270E} [HKLM] -> %System32%\netshell.dll [Network Connections] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1708032 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{7376D660-C583-11d0-A3A5-00C04FD706EC} [HKLM] -> %System32%\browseui.dll [TridentImageExtractor] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1016832 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
{7444C717-39BF-11D1-8CD9-00C04FC29D45} [HKLM] -> %System32%\cryptext.dll [Crypto PKO Extension] -> Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 53760 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
{7444C719-39BF-11D1-8CD9-00C04FC29D45} [HKLM] -> %System32%\cryptext.dll [Crypto Sign Extension] -> Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 53760 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
{750fdf0e-2a26-11d1-a3ea-080036587f03} [HKLM] -> %System32%\cscui.dll [Offline Files Menu] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 326656 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{77597368-7b15-11d0-a0c2-080036af3f03} [HKLM] -> %System32%\printui.dll [Web Printer Shell Extension] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 560640 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} [HKLM] -> %System32%\mstask.dll [Tasks Folder Shell Extension] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 274944 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ]
{7988B573-EC89-11cf-9C00-00AA00A14F56} [HKLM] -> %System32%\dskquoui.dll [Disk Quota UI] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 144384 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
{7A80E4A8-8005-11D2-BCF8-00C04F72C717} [HKLM] -> %System32%\mmcshext.dll [MMC Icon Handler] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 50688 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ]
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{7BA4C742-9E81-11CF-99D3-00AA004AE837} [HKLM] -> %System32%\browseui.dll [Microsoft BrowserBand] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1016832 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
{7BD29E00-76C1-11CF-9DD0-00A0C9034933} [HKLM] -> %System32%\shdocvw.dll [Temporary Internet Files] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1483264 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{7BD29E01-76C1-11CF-9DD0-00A0C9034933} [HKLM] -> %System32%\shdocvw.dll [Temporary Internet Files] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1483264 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{7D559C10-9FE9-11d0-93F7-00AA0059CE02} [HKLM] -> %System32%\webcheck.dll [Code Download Agent] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 276480 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
{7e653215-fa25-46bd-a339-34a2790f3cb7} [HKLM] -> %System32%\browseui.dll [Accessible] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1016832 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} [HKLM] -> %System32%\webcheck.dll [WebCheck SyncMgr Handler] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 276480 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
{83bbcbf3-b28a-4919-a5aa-73027445d672} [HKLM] -> %System32%\wiashext.dll [Scanners & Cameras] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 589312 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{85BBD920-42A0-1069-A2E4-08002B30309D} [HKLM] -> %System32%\syncui.dll [Briefcase] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 191488 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
{871C5380-42A0-1069-A2EA-08002B30309D} [HKLM] -> %System32%\shdocvw.dll [Internet Name Space] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1483264 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} [HKLM] -> %System32%\shmedia.dll [Audio Media Properties Handler] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 151552 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{87D62D94-71B3-4b9a-9489-5FE6850DC73E} [HKLM] -> %System32%\shmedia.dll [Avi Properties Handler] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 151552 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{883373C3-BF89-11D1-BE35-080036B11A03} [HKLM] -> %System32%\docprop2.dll [Microsoft DocProp Shell Ext] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 48128 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ]
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} [HKLM] -> %System32%\zipfldr.dll [Compressed (zipped) Folder SendTo Target] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 337920 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
{88C6C381-2E85-11D0-94DE-444553540000} [HKLM] -> %System32%\occache.dll [ActiveX Cache Folder] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 96256 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{8A23E65E-31C2-11d0-891C-00A024AB2DBB} [HKLM] -> %System32%\dsquery.dll [Directory Query UI] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 239104 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ]
{8DD448E6-C188-4aed-AF92-44956194EB1F} [HKLM] -> %System32%\wmpshell.dll [Windows Media Player Play as Playlist Context Menu Handler] -> Microsoft Corporation [Ver = 9.00.00.3409 | Size = 102400 bytes | Modified Date = 3/26/2004 7:07:20 AM | Attr = ]
{8EE97210-FD1F-4B19-91DA-67914005F020} [HKLM] -> %System32%\docprop2.dll [Microsoft DocProp Inplace ML Edit Box Control] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 48128 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ]
{905667aa-acd6-11d2-8080-00805f6596d2} [HKLM] -> %System32%\wiashext.dll [Scanners & Cameras] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 589312 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
{91EA3F8B-C99B-11d0-9815-00C04FD91972} [HKLM] -> %System32%\browseui.dll [Augmented Shell Folder] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1016832 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
{9461b922-3c5a-11d2-bf8b-00c04fb93661} [HKLM] -> %System32%\shdocvw.dll [Search Assistant OC] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1483264 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{992CFFA0-F557-101A-88EC-00DD010CCC48} [HKLM] -> %System32%\netshell.dll [Network Connections] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1708032 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{9DB7A13C-F208-4981-8353-73CC61AE2783} [HKLM] -> %System32%\twext.dll [Previous Versions] -> Microsoft Corporation [Ver = 6.00.3800.2180 (xpsp_sp2_rtm.040803-2158) | Size = 44032 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
{9DBD2C50-62AD-11d0-B806-00C04FD706EC} [HKLM] -> %System32%\shimgvw.dll [Summary Info Thumbnail handler (DOCFILES)] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 438272 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} [HKLM] -> %System32%\dsquery.dll [Shell properties for a DS object] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 239104 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ]
{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} [HKLM] -> %System32%\sendmail.dll [Sendmail service] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 55296 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} [HKLM] -> %System32%\sendmail.dll [Sendmail service] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 55296 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{A08C11D2-A228-11d0-825B-00AA005B4383} [HKLM] -> %System32%\browseui.dll [Address EditBox] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1016832 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} [HKLM] -> %System32%\shdocvw.dll [IE4 Suite Splash Screen] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1483264 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} [HKLM] -> %System32%\shdocvw.dll [Microsoft Browser Architecture] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1483264 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{A6FD9E45-6E44-43f9-8644-08598F5A74D9} [HKLM] -> %System32%\shmedia.dll [Midi Properties Handler] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 151552 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{A9CF0EAE-901A-4739-A481-E35B73E47F6D} [HKLM] -> %System32%\docprop2.dll [Microsoft DocProp Inplace Edit Box Control] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 48128 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ]
{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} [HKLM] -> %System32%\webcheck.dll [Subscription Mgr] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 276480 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
{ACBA0BA3-ACED-4E02-9221-794F7588DD9C} [HKLM] -> %ProgramFiles%\LitexMedia\All To MP3 Converter\MP3ShellExt.dll [All To MP3 Converter] -> [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 11/14/2005 6:56:34 PM | Attr = ]
{acf35015-526e-4230-9596-becbe19f0ac9} [HKLM] -> %System32%\browseui.dll [Track Popup Bar] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1016832 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
{add36aa8-751a-4579-a266-d66f5202ccbb} [HKLM] -> %System32%\netplwiz.dll [Print Ordering via the Web] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 875008 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{AF4F6510-F982-11d0-8595-00AA004CD6D8} [HKLM] -> %System32%\browseui.dll [Registry Tree Options Utility] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1016832 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} [HKLM] -> %System32%\cscui.dll [Offline Files Folder] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 326656 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
{BD472F60-27FA-11cf-B8B4-444553540000} [HKLM] -> %System32%\zipfldr.dll [Compressed (zipped) Folder Right Drag Handler] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 337920 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
{BD84B380-8CA2-1069-AB1D-08000948F534} [HKLM] -> %System32%\fontext.dll [Fonts] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 382976 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ]
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Web Folders\MSONSEXT.DLL [Web Folders] -> Microsoft Corporation [Ver = 11.0.5510.0 | Size = 1292872 bytes | Modified Date = 7/11/2003 2:15:48 AM | Attr = ]
{c5a40261-cd64-4ccf-84cb-c394da41d590} [HKLM] -> %System32%\shmedia.dll [Video Thumbnail Extractor] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 151552 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{cb004f18-1fd5-431a-9dbb-62db408a1104} [HKLM] -> %ProgramFiles%\WMA To MP3 Encoder\w2m.dll [Wildcard Select context menu extension] -> All Your Software [Ver = 1.1 | Size = 135168 bytes | Modified Date = 12/6/2005 11:29:16 AM | Attr = ]
{CC6EEFFB-43F6-46c5-9619-51D571967F7D} [HKLM] -> %System32%\netplwiz.dll [Web Publishing Wizard] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 875008 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} [HKLM] -> %System32%\wmpshell.dll [Windows Media Player Burn Audio CD Context Menu Handler] -> Microsoft Corporation [Ver = 9.00.00.3409 | Size = 102400 bytes | Modified Date = 3/26/2004 7:07:20 AM | Attr = ]
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} [HKLM] -> %System32%\shdocvw.dll [Microsoft Url Search Hook] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1483264 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{CFCCC7A0-A282-11D1-9082-006008059382} [HKLM] -> %System32%\appwiz.cpl [Darwin App Publisher] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 549888 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
{D20EA4E1-3957-11d2-A40B-0C5020524152} [HKLM] -> %System32%\shdocvw.dll [Fonts] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1483264 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{D20EA4E1-3957-11d2-A40B-0C5020524153} [HKLM] -> %System32%\shdocvw.dll [Administrative Tools] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1483264 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{D6277990-4C6A-11CF-8D87-00AA0060F5BF} [HKLM] -> %System32%\mstask.dll [Scheduled Tasks] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 274944 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ]
{D8BD2030-6FC9-11D0-864F-00AA006809D9} [HKLM] -> %System32%\webcheck.dll [PostAgent] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 276480 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
{DBCE2480-C732-101B-BE72-BA78E9AD5B27} [HKLM] -> %System32%\icmui.dll [ICC Profile] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 54784 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} [HKLM] -> %System32%\mstask.dll [Tasks Folder Icon Handler] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 274944 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ]
{DD313E04-FEFF-11d1-8ECD-0000F87A470C} [HKLM] -> %System32%\browseui.dll [User Assist] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1016832 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
{E0E11A09-5CB8-4B6C-8332-E00720A168F2} [HKLM] -> %System32%\browseui.dll [Address Bar Parser] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1016832 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
{E211B736-43FD-11D1-9EFB-0000F8757FCD} [HKLM] -> %System32%\wiashext.dll [Scanners & Cameras] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 589312 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} [HKLM] -> %System32%\webcheck.dll [WebCheckChannelAgent] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 276480 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
{E4B29F9D-D390-480b-92FD-7DDB47101D71} [HKLM] -> %System32%\shmedia.dll [Wav Properties Handler] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 151552 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} [HKLM] -> %System32%\webcheck.dll [ConnectionAgent] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 276480 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKLM] -> %System32%\webcheck.dll [WebCheck] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 276480 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} [HKLM] -> %System32%\shdocvw.dll [Shell DocObject Viewer] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1483264 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{e84fda7c-1d6a-45f6-b725-cb260c236066} [HKLM] -> %System32%\shimgvw.dll [Shell Image Verbs] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 438272 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} [HKLM] -> %System32%\zipfldr.dll [Compressed (zipped) Folder] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 337920 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} [HKLM] -> %System32%\webcheck.dll [TrayAgent] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 276480 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
{EAB841A0-9550-11cf-8C16-00805F1408F3} [HKLM] -> %System32%\shimgvw.dll [HTML Thumbnail Extractor] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 438272 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} [HKLM] -> %System32%\shimgvw.dll [Shell Image Property Handler] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 438272 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} [HKLM] -> %System32%\dfsshlex.dll [DfsShell] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 28672 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ]
{ECD4FC4C-521C-11D0-B792-00A0C90312E1} [HKLM] -> %System32%\browseui.dll [Shell DeskBar] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1016832 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
{ECD4FC4D-521C-11D0-B792-00A0C90312E1} [HKLM] -> %System32%\browseui.dll [Shell Rebar BandSite] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1016832 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
{ECD4FC4E-521C-11D0-B792-00A0C90312E1} [HKLM] -> %System32%\browseui.dll [Shell Band Site Menu] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1016832 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
{ECF03A32-103D-11d2-854D-006008059367} [HKLM] -> %System32%\mydocs.dll [MyDocs Drop Target] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 90624 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{ECF03A33-103D-11d2-854D-006008059367} [HKLM] -> %System32%\mydocs.dll [MyDocs Copy Hook] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 90624 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} [HKLM] -> %System32%\browseui.dll [Global Folder Settings] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1016832 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
{EFA24E61-B078-11d0-89E4-00C04FC9E26E} [HKLM] -> %System32%\shdocvw.dll [Favorites Band] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1483264 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{EFA24E64-B078-11d0-89E4-00C04FC9E26E} [HKLM] -> %System32%\shdocvw.dll [Explorer Band] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1483264 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{F0152790-D56E-4445-850E-4F3117DB740C} [HKLM] -> %System32%\remotepg.dll [Remote Sessions CPL Extension] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 60416 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{F020E586-5264-11d1-A532-0000F8757D7E} [HKLM] -> %System32%\dsquery.dll [Directory Start/Search Find] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 239104 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ]
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} [HKLM] -> %ProgramFiles%\Real\RealPlayer\rpshell.dll [Shell Extensions for RealOne Player] -> RealNetworks, Inc. [Ver = 1.0.1.1980 | Size = 49198 bytes | Modified Date = 3/11/2007 12:55:04 AM | Attr = ]
{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} [HKLM] -> %System32%\wmpshell.dll [Windows Media Player Add to Playlist Context Menu Handler] -> Microsoft Corporation [Ver = 9.00.00.3409 | Size = 102400 bytes | Modified Date = 3/26/2004 7:07:20 AM | Attr = ]
{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} [HKLM] -> %System32%\rshx32.dll [Printers Security Page] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 39936 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{f39a0dc0-9cc8-11d0-a599-00c04fd64433} [HKLM] -> %System32%\cdfview.dll [Channel File] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 150528 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
{f3aa0dc0-9cc8-11d0-a599-00c04fd64434} [HKLM] -> %System32%\cdfview.dll [Channel Shortcut] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 150528 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
{f3ba0dc0-9cc8-11d0-a599-00c04fd64435} [HKLM] -> %System32%\cdfview.dll [Channel Handler Object] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 150528 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
{f3da0dc0-9cc8-11d0-a599-00c04fd64437} [HKLM] -> %System32%\cdfview.dll [Channel Menu] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 150528 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
{f3ea0dc0-9cc8-11d0-a599-00c04fd64438} [HKLM] -> %System32%\cdfview.dll [Channel Properties] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 150528 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
{F5175861-2688-11d0-9C5E-00AA00A45957} [HKLM] -> %System32%\webcheck.dll [Subscription Folder] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 276480 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
{F61FFEC1-754F-11d0-80CA-00AA005B4383} [HKLM] -> %System32%\browseui.dll [BandProxy] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1016832 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} [HKLM] -> %System32%\ntshrui.dll [Shell extensions for sharing] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 143872 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{f92e8c40-3d33-11d2-b1aa-080036a75b03} [HKLM] -> %System32%\deskperf.dll [Display TroubleShoot CPL Extension] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 18432 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} [HKLM] -> %System32%\wiashext.dll [Scanners & Cameras] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 589312 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
{FBF23B40-E3F0-101B-8488-00AA003E56F8} [HKLM] -> %System32%\shdocvw.dll [InternetShortcut] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1483264 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{FF393560-C2A7-11CF-BFF4-444553540000} [HKLM] -> %System32%\shdocvw.dll [History] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1483264 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
< BotCheck > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate not found. -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos;msv1_0;schannel;wdigest; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 584 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 2dP 52f52857
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> =(C>(? ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> FEk* ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> IISSUBA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 903b+ 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 0D< ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\System32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 813 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\rapimgr.exe -> C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\wcescomm.exe -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\WCESMgr.exe -> C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\26675:TCP -> 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\rapimgr.exe -> C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\wcescomm.exe -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\WCESMgr.exe -> C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\InterVideo\DVD6\WinDVD.exe -> C:\Program Files\InterVideo\DVD6\WinDVD.exe:*:Enabled:WinDVD ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -> C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\26675:TCP -> 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{B20DC2B4-85A6-402C-A179-535E16D27D1E} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemRoot%\System32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\System32\wuauserv.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe -k LocalService ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 3 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\System32\tlntsvr.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS;TCPIP;NTLMSSP; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{0D2E74C4-3C34-11d2-A27E-00C04FC30871} [HKLM] -> %System32%\shell32.dll [Reg Data - Value does not exist] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 8384000 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{24F14F01-7B1C-11d1-838f-0000F80461CF} [HKLM] -> %System32%\shell32.dll [Reg Data - Value does not exist] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 8384000 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{24F14F02-7B1C-11d1-838f-0000F80461CF} [HKLM] -> %System32%\shell32.dll [Reg Data - Value does not exist] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 8384000 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{66742402-F9B9-11D1-A202-0000F81FEDEE} [HKLM] -> %System32%\shell32.dll [Reg Data - Value does not exist] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 8384000 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} [HKLM] -> %System32%\shell32.dll [Start Menu Pin] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 8384000 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{162EFDC5-2957-465D-887B-590AF4A7E84D} [HKLM] -> %ProgramFiles%\McAfee\virusscan\mcodsax.dll [MCVSRIGHTCLICKSCANNER] -> McAfee, Inc. [Ver = 11,0,201,0 | Size = 202320 bytes | Modified Date = 7/14/2006 9:38:04 PM | Attr = ]
{750fdf0e-2a26-11d1-a3ea-080036587f03} [HKLM] -> %System32%\cscui.dll [Offline Files] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 326656 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
{09799AFB-AD67-11d1-ABCD-00C04FC30936} [HKLM] -> %System32%\shell32.dll [Open With] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 8384000 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{A470F8CF-A1E8-4f65-8335-227475AA5C46} [HKLM] -> %System32%\shell32.dll [Open With EncryptionMenu] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 8384000 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{cb004f18-1fd5-431a-9dbb-62db408a1104} [HKLM] -> %ProgramFiles%\WMA To MP3 Encoder\w2m.dll [WildcardSelect] -> All Your Software [Ver = 1.1 | Size = 135168 bytes | Modified Date = 12/6/2005 11:29:16 AM | Attr = ]
{ACBA0BA3-ACED-4E02-9221-794F7588DD9C} [HKLM] -> %ProgramFiles%\LitexMedia\All To MP3 Converter\MP3ShellExt.dll [ZMP3ShellExt] -> [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 11/14/2005 6:56:34 PM | Attr = ]
< ContextMenuHandlers - AllFilesystemObjects [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
{7BA4C740-9E81-11CF-99D3-00AA004AE837} [HKLM] -> %System32%\shell32.dll [Send To] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 8384000 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shell\
"C:\Program Files\ACD Systems\ACDSee\7.0\ACDSee7.exe" "%1" -> %ProgramFiles%\ACD Systems\ACDSee\7.0\ACDSee7.exe [ACDBrowse] -> ACD Systems Ltd. [Ver = 7,0,61,2 | Size = 9818112 bytes | Modified Date = 12/6/2004 11:17:34 AM | Attr = ]
%SystemRoot%\Explorer.exe -> %SystemRoot%\explorer.exe [find] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{A470F8CF-A1E8-4f65-8335-227475AA5C46} [HKLM] -> %System32%\shell32.dll [EncryptionMenu] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 8384000 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{750fdf0e-2a26-11d1-a3ea-080036587f03} [HKLM] -> %System32%\cscui.dll [Offline Files] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 326656 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} [HKLM] -> %System32%\ntshrui.dll [Sharing] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 143872 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{cb004f18-1fd5-431a-9dbb-62db408a1104} [HKLM] -> %ProgramFiles%\WMA To MP3 Encoder\w2m.dll [WildcardSelect] -> All Your Software [Ver = 1.1 | Size = 135168 bytes | Modified Date = 12/6/2005 11:29:16 AM | Attr = ]
{ACBA0BA3-ACED-4E02-9221-794F7588DD9C} [HKLM] -> %ProgramFiles%\LitexMedia\All To MP3 Converter\MP3ShellExt.dll [ZMP3ShellExt] -> [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 11/14/2005 6:56:34 PM | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{D969A300-E7FF-11d0-A93B-00A0C90F2719} [HKLM] -> %System32%\shell32.dll [New] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 8384000 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
{cb004f18-1fd5-431a-9dbb-62db408a1104} [HKLM] -> %ProgramFiles%\WMA To MP3 Encoder\w2m.dll [WildcardSelect] -> All Your Software [Ver = 1.1 | Size = 135168 bytes | Modified Date = 12/6/2005 11:29:16 AM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shell\
%SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> %SystemRoot%\explorer.exe [explore] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ]
%SystemRoot%\Explorer.exe /idlist,%I,%L -> %SystemRoot%\explorer.exe [open] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{162EFDC5-2957-465D-887B-590AF4A7E84D} [HKLM] -> %ProgramFiles%\McAfee\virusscan\mcodsax.dll [MCVSRIGHTCLICKSCANNER] -> McAfee, Inc. [Ver = 11,0,201,0 | Size = 202320 bytes | Modified Date = 7/14/2006 9:38:04 PM | Attr = ]
< ControlSets > ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\Current -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\Default -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\Failed -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\LastKnownGood -> 2 ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\
.bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.chm [@ = chm.file] -> PersistentHandler = Reg Data - Key not found ->
.cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.cpl [@ = cplfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.hlp [@ = hlpfile] -> PersistentHandler = Reg Data - Key not found ->
.hta [@ = htafile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
.html [@ = htmlfile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
.inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.ini [@ = inifile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.url [@ = InternetShortcut] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.js [@ = JSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found ->
.pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found ->
.reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found ->
.txt [@ = txtfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found ->
.vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found ->
.wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found ->
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -> 8192 - Reg Data - Value does not exist ->
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -> 8193 - Create Mobile Favorite... ->
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> 8194 - Reg Data - Value does not exist ->
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -> 8196 - &FlashGet ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8195 - Windows Messenger ->
NextId -> 8197 ->
< Security Settings > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 3 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> %SystemRoot%\System32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Background Intelligent Transfer Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> Rpcss; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> C:\WINDOWS\System32\qmgr.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\System32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 813 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\rapimgr.exe -> C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\wcescomm.exe -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\WCESMgr.exe -> C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\26675:TCP -> 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\rapimgr.exe -> C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\wcescomm.exe -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\WCESMgr.exe -> C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\InterVideo\DVD6\WinDVD.exe -> C:\Program Files\InterVideo\DVD6\WinDVD.exe:*:Enabled:WinDVD ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -> C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\26675:TCP -> 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{B20DC2B4-85A6-402C-A179-535E16D27D1E} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemRoot%\System32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\System32\wuauserv.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
< Session Manager Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
BootExecute -> autocheck autochk *; ->
< Session Manager Environment Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment
ComSpec -> C:\WINDOWS\system32\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ]
TEMP -> %SystemRoot%\TEMP ->
TMP -> %SystemRoot%\TEMP ->
windir -> %SystemRoot% ->
*Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path ->
C:\Program Files\PC Connectivity Solution\ -> ->
%SystemRoot%\system32 -> ->
%SystemRoot% -> ->
%SystemRoot%\System32\Wbem -> ->
*PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT ->
.COM -> ->
.EXE -> ->
.BAT -> ->
.CMD -> ->
.VBS -> ->
.VBE -> ->
.JS -> ->
.JSE -> ->
.WSF -> ->
.WSH -> ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command
batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr = ]
batfile [open] -> "%1" %* ->
batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr = ]
chm.file [open] -> "%SystemRoot%\hh.exe" %1 -> Microsoft Corporation [Ver = 5.2.3790.1159 (dnsrv.040209-1620) | Size = 10752 bytes | Modified Date = 8/4/2004 12:56:52 AM | Attr = ]
cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr = ]
cmdfile [open] -> "%1" %* ->
cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr = ]
comfile [open] -> "%1" %* ->
cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 8384000 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
exefile [open] -> "%1" %* ->
helpfile [open] -> winhlp32.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 283648 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
hlpfile [open] -> %SystemRoot%\System32\winhlp32.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 8192 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
htafile [open] -> %System32%\mshta.exe "%1" %* -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 29184 bytes | Modified Date = 8/4/2004 12:56:54 AM | Attr = ]
htmlfile [edit] -> "%ProgramFiles%\Microsoft Office\OFFICE11\msohtmed.exe" %1 -> Microsoft Corporation [Ver = 11.0.5510 | Size = 55360 bytes | Modified Date = 7/14/2003 10:52:56 PM | Attr = ]
htmlfile [open] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -nohome -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/4/2004 12:56:52 AM | Attr = ]
htmlfile [opennew] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" %1 -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/4/2004 12:56:52 AM | Attr = ]
htmlfile [print] -> "%ProgramFiles%\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 -> Microsoft Corporation [Ver = 11.0.5510 | Size = 55360 bytes | Modified Date = 7/14/2003 10:52:56 PM | Attr = ]
http [open] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -nohome -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/4/2004 12:56:52 AM | Attr = ]
https [open] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -nohome -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/4/2004 12:56:52 AM | Attr = ]
inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33280 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr = ]
inffile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr = ]
inffile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr = ]
inifile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr = ]
inifile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr = ]
InternetShortcut [open] -> rundll32.exe shdocvw.dll,OpenURL %l -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1483264 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
InternetShortcut [print] -> rundll32.exe %SystemRoot%\System32\mshtml.dll,PrintHTML "%1" -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 3003392 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ]
jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr = ]
jsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr = ]
jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr = ]
jsefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr = ]
piffile [open] -> "%1" %* ->
regfile [edit] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr = ]
regfile [open] -> regedit.exe "%1" -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 146432 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr = ]
regfile [merge] -> Reg Data - Key not found ->
regfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr = ]
scrfile [config] -> "%1" ->
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
scrfile [open] -> "%1" /S ->
txtfile [edit] -> Reg Data - Key not found ->
txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr = ]
txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr = ]
txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr = ]
vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr = ]
vbefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr = ]
vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr = ]
vbsfile [open] -> E:\Program Files\xmplayer\XMPLAYER.EXE %1 -> File not found
vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr = ]
wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr = ]
wsffile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr = ]
wshfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 8384000 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
Directory [ACDBrowse] -> "%ProgramFiles%\ACD Systems\ACDSee\7.0\ACDSee7.exe" "%1" -> ACD Systems Ltd. [Ver = 7,0,61,2 | Size = 9818112 bytes | Modified Date = 12/6/2004 11:17:34 AM | Attr = ]
Directory [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ]
Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ]
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ]
Drive [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ]
Applications\iexplore.exe [open] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" %1 -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/4/2004 12:56:52 AM | Attr = ]
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/4/2004 12:56:52 AM | Attr = ]
< Software Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\DriverSearching\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\DriverSearching\\DontSearchWindowsUpdate -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\DriverSearching\\DontPromptForWindowsUpdate -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes -> ADE;ADP;BAS;BAT;CHM;CMD;COM;CPL;CRT;EXE;HLP;HTA;INF;INS;ISP;LNK;MDB;MDE;MSC;MSI;MSP;MST;OCX;PCD;PIF;REG;SCR;SHS;URL;VB;WSC; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> ^0OzIj
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize -> ; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> gԋ4:?Ӽdg ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize -> ; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> 2xȓ܊݄} ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize -> ; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> *BV%M/g ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize -> ; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> 8k_ikj" ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize -> r; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> ->
< Software Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\policies\
HKEY_CURRENT_USER\Software\Policies\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> ->
< Uninstall List > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
{0FF1922C-B6C4-40BB-AF30-BEF75A482444} -> Nokia Connectivity Cable Driver ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} -> Google Toolbar for Internet Explorer ->
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP ->
{6811CAA0-BF12-11D4-9EA1-0050BAE317E1} -> PowerDVD ->
{6ACA2FD2-4C4A-42F3-AFB5-7B433BBDF6DB} -> InterVideo WinDVD 6 ->
{784DF107-2945-4B65-ADE3-A58ECD6C37A9} -> Sony Vegas 5.0a ->
{90110409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Professional Edition 2003 ->
{9C44E66B-EAE1-4F51-A005-C64AA5D48930} -> iFD Geometry ->
{AB2347E4-153B-4194-AA3B-97C0A662B369} -> PC Connectivity Solution ->
{B0625F16-B742-4F75-9FD8-20B47ACC7DE2} -> ACDSee 7.0 PowerPack ->
{B208806F-A231-4FA0-AB3F-5C1B8979223E} -> Microsoft ActiveSync 4.0 ->
{B9242864-2841-4ADE-86E0-8F90F91B04DD} -> Logitech Gaming Software ->
{D89AC4DF-7A00-4D0B-BA99-D582C7974A09} -> Nokia PC Suite ->
0852D05415AB9A4F1EF451E342267F76C776ED2F -> Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) ->
4CFD94C379217A02D5EA067615FF789CD731BCDB -> Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2) ->
Absolute MP3 Splitter_is1 -> Absolute MP3 Splitter version 2.3.2 ->
ACDSee Mobile for Windows CE -> ACDSee Mobile for Windows CE ->
All To MP3 Converter_is1 -> All To MP3 Converter 1.6 ->
Audio_Studio -> Audio Studio 2.103 ->
BattleCakeWMDemo -> Battle Cake for Windows Mobile DEMO VERSION by HeroCraft HiTech Co. Ltd (remove only) ->
BEIKS English-Arabic Talking Phrasebook WCE -> BEIKS English-Arabic Talking Phrasebook WCE ->
Billiard Master 2 -> Billiard Master 2 ->
BJF -> BJF ->
Cresotech PocketPoint -> Cresotech PocketPoint ->
CTDVDAudio Plugin -> Creative DVD Audio Plugin for Audigy Series ->
Dr. Hardware 2004 5.5.0e -> Dr. Hardware 2004 5.5.0e ->
Easy Karaoke Player_is1 -> Easy Karaoke Player version 3.0 ->
FlashGet(JetCar) -> FlashGet(JetCar) ->
HijackThis -> HijackThis 1.99.1 ->
HiKeyboard -> HiKeyboard ->
InMobile LighterTrial -> InMobile LighterTrial ->
KB893803v2 -> Windows Installer 3.1 (KB893803) ->
KB909394 -> Hotfix for Windows XP (KB909394) ->
KungFu Fighting Demo -> KungFu Fighting Demo ->
Li-Nuggz -> Li-Nuggz ->
MSC -> McAfee SecurityCenter ->
NVIDIA Drivers -> NVIDIA Drivers ->
Office Key 6.3 -> Office Key ->
RealPlayer 6.0 -> RealPlayer ->
Serials 2000 7.1+_is1 -> Serials 2000 7.1+ ->
Spb Imageer -> Spb Imageer ->
Spb Time -> Spb Time ->
SpbPocketPlus -> SpbPocketPlus ->
S-Tris -> S-Tris ->
TCPMP -> TCPMP ->
Windows Media Format Runtime -> Windows Media Format Runtime ->
Windows Media Player -> Windows Media Player 10 ->
Windows XP Service Pack -> Windows XP Service Pack 2 ->
WMA To MP3 Encoder_is1 -> WMA To MP3 Encoder 5.09 ->
< WOW Settings [HKLM] - Select to Repair > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW
cmdline -> %SystemRoot%\system32\ntvdm.exe ->
wowcmdline -> %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386 ->

[Files/Folders - Created Within 60 days]
autorun.inf -> %SystemDrive%\autorun.inf -> [Ver = | Size = 261 bytes | Created Date = 6/17/2007 2:38:20 PM | Attr = RHS]
Belle.wav -> %SystemDrive%\Belle.wav -> [Ver = | Size = 3439846 bytes | Created Date = 6/2/2007 12:17:22 AM | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 6/16/2007 1:11:37 PM | Attr = HS]
found.000 -> %SystemDrive%\found.000 -> [Folder | Created Date = 6/17/2007 2:41:05 AM | Attr = HS]
HEROSOFT -> %SystemDrive%\HEROSOFT -> [Folder | Created Date = 4/27/2007 6:30:41 AM | Attr = ]
log2.txt -> %SystemDrive%\log2.txt -> [Ver = | Size = 134 bytes | Created Date = 5/21/2007 3:22:58 AM | Attr = ]
MyWorks -> %SystemDrive%\MyWorks -> [Folder | Created Date = 4/27/2007 4:23:15 AM | Attr = ]
NVIDIA -> %SystemDrive%\NVIDIA -> [Folder | Created Date = 6/18/2007 7:08:47 PM | Attr = ]
UsageTrack.txt -> %SystemDrive%\UsageTrack.txt -> [Ver = | Size = 16 bytes | Created Date = 4/21/2007 11:09:13 PM | Attr = ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 6/19/2007 6:09:55 PM | Attr = ]
ACD Wallpaper.bmp -> %SystemRoot%\ACD Wallpaper.bmp -> [Ver = | Size = 2256822 bytes | Created Date = 4/21/2007 11:21:41 PM | Attr = ]
Audio Studio Setup Log.txt -> %SystemRoot%\Audio Studio Setup Log.txt -> [Ver = | Size = 13407 bytes | Created Date = 6/2/2007 12:14:02 AM | Attr = ]
DHCPUPG.LOG -> %SystemRoot%\DHCPUPG.LOG -> [Ver = | Size = 225 bytes | Created Date = 6/16/2007 2:37:18 PM | Attr = ]
DPINST.LOG -> %SystemRoot%\DPINST.LOG -> [Ver = | Size = 10472 bytes | Created Date = 5/12/2007 10:43:52 PM | Attr = ]
DVDRegionFree.INI -> %SystemRoot%\DVDRegionFree.INI -> [Ver = | Size = 67 bytes | Created Date = 4/27/2007 4:29:56 AM | Attr = ]
iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.1.4 | Size = 737280 bytes | Created Date = 6/2/2007 12:14:28 AM | Attr = ]
LUINSTALL.LOG -> %SystemRoot%\LUINSTALL.LOG -> [Ver = | Size = 13418 bytes | Created Date = 6/16/2007 1:14:38 PM | Attr = ]
PIF -> %SystemRoot%\PIF -> [Folder | Created Date = 6/18/2007 7:03:55 PM | Attr = H ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 6/17/2007 2:43:04 AM | Attr = ]
RegisteredPackages -> %SystemRoot%\RegisteredPackages -> [Folder | Created Date = 5/21/2007 6:21:34 AM | Attr = ]
setupact.log -> %SystemRoot%\setupact.log -> [Ver = | Size = 2528 bytes | Created Date = 6/18/2007 7:05:13 PM | Attr = ]
setupapi.log -> %SystemRoot%\setupapi.log -> [Ver = | Size = 2288218 bytes | Created Date = 6/17/2007 2:47:08 AM | Attr = ]
setuperr.log -> %SystemRoot%\setuperr.log -> [Ver = | Size = 0 bytes | Created Date = 6/18/2007 7:05:13 PM | Attr = ]
UPGRADE.TXT -> %SystemRoot%\UPGRADE.TXT -> [Ver = | Size = 801 bytes | Created Date = 6/16/2007 2:39:15 PM | Attr = ]
VPPLAYS.INI -> %SystemRoot%\VPPLAYS.INI -> [Ver = | Size = 96 bytes | Created Date = 5/12/2007 10:30:35 PM | Attr = ]
WINNT32.LOG -> %SystemRoot%\WINNT32.LOG -> [Ver = | Size = 2757 bytes | Created Date = 6/16/2007 2:37:14 PM | Attr = ]
wsdu.log -> %SystemRoot%\wsdu.log -> [Ver = | Size = 149 bytes | Created Date = 6/16/2007 2:38:42 PM | Attr = ]
McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job -> [Ver = | Size = 266 bytes | Created Date = 6/16/2007 1:19:33 PM | Attr = ]
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job -> [Ver = | Size = 358 bytes | Created Date = 6/16/2007 1:19:32 PM | Attr = ]
$$TEMP$$.~~~ -> %System32%\$$TEMP$$.~~~ -> [Ver = | Size = 6144 bytes | Created Date = 6/14/2007 12:12:22 PM | Attr = ]
AdCache -> %System32%\AdCache -> [Folder | Created Date = 6/2/2007 12:23:15 AM | Attr = ]
cddvdint.dll -> %System32%\cddvdint.dll -> [Ver = | Size = 122880 bytes | Created Date = 5/1/2007 7:13:48 AM | Attr = ]
Ctaa1.dat -> %System32%\Ctaa1.dat -> [Ver = | Size = 831600 bytes | Created Date = 5/1/2007 7:13:49 AM | Attr = ]
ctdvda32.dll -> %System32%\ctdvda32.dll -> Creative Technology Ltd [Ver = 5.13.01.0410-1.56.0400 | Size = 77824 bytes | Created Date = 5/1/2007 7:13:48 AM | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Created Date = 5/12/2007 10:43:20 PM | Attr = ]
FOLESVR.DLL -> %System32%\FOLESVR.DLL -> [Ver = | Size = 83 bytes | Created Date = 4/27/2007 5:01:46 AM | Attr = ]
IVIresize.dll -> %System32%\IVIresize.dll -> [Ver = | Size = 20480 bytes | Created Date = 5/1/2007 7:14:50 AM | Attr = ]
IVIresizeA6.dll -> %System32%\IVIresizeA6.dll -> [Ver = | Size = 200704 bytes | Created Date = 5/1/2007 7:14:50 AM | Attr = ]
IVIresizeM6.dll -> %System32%\IVIresizeM6.dll -> [Ver = | Size = 192512 bytes | Created Date = 5/1/2007 7:14:50 AM | Attr = ]
IVIresizeP6.dll -> %System32%\IVIresizeP6.dll -> [Ver = | Size = 192512 bytes | Created Date = 5/1/2007 7:14:50 AM | Attr = ]
IVIresizePX.dll -> %System32%\IVIresizePX.dll -> [Ver = | Size = 188416 bytes | Created Date = 5/1/2007 7:14:50 AM | Attr = ]
IVIresizeW7.dll -> %System32%\IVIresizeW7.dll -> [Ver = | Size = 204800 bytes | Created Date = 5/1/2007 7:14:50 AM | Attr = ]
msxml3a.dll -> %System32%\msxml3a.dll -> Microsoft Corporation [Ver = 8.10.8308.0 | Size = 24064 bytes | Created Date = 5/21/2007 6:36:43 AM | Attr = ]
nmwcdcls.dll -> %System32%\nmwcdcls.dll -> Nokia [Ver = 6.82.3.0 | Size = 50688 bytes | Created Date = 5/12/2007 10:43:18 PM | Attr = ]
nmwcdcocls.dll -> %System32%\nmwcdcocls.dll -> Nokia [Ver = 6.82.3.0 | Size = 30720 bytes | Created Date = 5/12/2007 10:43:20 PM | Attr = ]
nmwcdlog.dll -> %System32%\nmwcdlog.dll -> Nokia [Ver = 6.82.3.0 | Size = 4608 bytes | Created Date = 5/12/2007 10:43:20 PM | Attr = ]
NVUNINST.EXE -> %System32%\NVUNINST.EXE -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 41 | Size = 180224 bytes | Created Date = 6/18/2007 7:09:28 PM | Attr = ]
Profiles -> %System32%\Profiles -> [Folder | Created Date = 5/21/2007 6:22:42 AM | Attr = ]
subst.inf -> %System32%\subst.inf -> [Ver = | Size = 1808 bytes | Created Date = 6/16/2007 1:19:55 PM | Attr = ]
TVICHW32.VXD -> %System32%\TVICHW32.VXD -> [Ver = | Size = 18597 bytes | Created Date = 5/21/2007 6:46:38 AM | Attr = ]
W95Inf16.DLL -> %System32%\W95Inf16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Created Date = 5/21/2007 6:46:39 AM | Attr = ]
W95Inf32.DLL -> %System32%\W95Inf32.DLL -> Microsoft Corporation [Ver = 4.71.0017.0 | Size = 4608 bytes | Created Date = 5/21/2007 6:46:39 AM | Attr = ]
ctdvda2k.sys -> %System32%\drivers\ctdvda2k.sys -> Creative Technology Ltd [Ver = 5.13.01.0415-1.56.0450 | Size = 333600 bytes | Created Date = 5/1/2007 7:13:48 AM | Attr = ]
mfeavfk.sys -> %System32%\drivers\mfeavfk.sys -> McAfee, Inc. [Ver = 13.2.0.157 | Size = 84744 bytes | Created Date = 6/16/2007 1:20:20 PM | Attr = ]
mfebopk.sys -> %System32%\drivers\mfebopk.sys -> McAfee, Inc. [Ver = 13.2.0.159 | Size = 33896 bytes | Created Date = 6/16/2007 1:20:24 PM | Attr = ]
mfehidk.sys -> %System32%\drivers\mfehidk.sys -> McAfee, Inc. [Ver = 13.2.0.159 | Size = 161768 bytes | Created Date = 6/16/2007 1:20:21 PM | Attr = ]
mferkdk.sys -> %System32%\drivers\mferkdk.sys -> McAfee, Inc. [Ver = 13.2.0.159 | Size = 31560 bytes | Created Date = 6/16/2007 1:20:25 PM | Attr = ]
mfesmfk.sys -> %System32%\drivers\mfesmfk.sys -> McAfee, Inc. [Ver = 13.2.0.159 | Size = 37800 bytes | Created Date = 6/16/2007 1:20:24 PM | Attr = ]
Mpfp.sys -> %System32%\drivers\Mpfp.sys -> McAfee, Inc. [Ver = 8.0.158.0 | Size = 104024 bytes | Created Date = 6/16/2007 1:20:06 PM | Attr = ]
nmwcd.sys -> %System32%\drivers\nmwcd.sys -> Nokia [Ver = 6.82.3.0 | Size = 138240 bytes | Created Date = 5/12/2007 10:43:20 PM | Attr = ]
nmwcdc.sys -> %System32%\drivers\nmwcdc.sys -> Nokia [Ver = 6.82.3.0 | Size = 9216 bytes | Created Date = 5/12/2007 10:43:23 PM | Attr = ]
nmwcdcm.sys -> %System32%\drivers\nmwcdcm.sys -> Nokia [Ver = 6.82.3.0 | Size = 12800 bytes | Created Date = 5/12/2007 10:43:24 PM | Attr = ]
TVicHW32.sys -> %System32%\drivers\TVicHW32.sys -> EnTech Taiwan [Ver = 1.0 | Size = 24656 bytes | Created Date = 5/21/2007 6:46:38 AM | Attr = ]
Avg7 -> %AllUsersAppData%\Avg7 -> [Folder | Created Date = 6/17/2007 3:41:37 AM | Attr = ]
copy.exe -> %AllUsersAppData%\copy.exe -> [Ver = | Size = 159832 bytes | Created Date = 5/21/2007 2:01:35 AM | Attr = RHS]
CyberLink -> %AllUsersAppData%\CyberLink -> [Folder | Created Date = 4/27/2007 3:59:27 AM | Attr = ]
McAfee -> %AllUsersAppData%\McAfee -> [Folder | Created Date = 6/16/2007 1:17:59 PM | Attr = ]
Newsoft -> %AllUsersAppData%\Newsoft -> [Folder | Created Date = 4/27/2007 4:18:10 AM | Attr = ]
PC Suite -> %AllUsersAppData%\PC Suite -> [Folder | Created Date = 5/12/2007 10:44:42 PM | Attr = ]
sqlserv.exe -> %AllUsersAppData%\sqlserv.exe -> [Ver = | Size = 196701 bytes | Created Date = 5/21/2007 2:01:35 AM | Attr = HS]
CyberLink -> %UserAppData%\CyberLink -> [Folder | Created Date = 4/27/2007 4:00:57 AM | Attr = ]
Engelmann Media -> %UserAppData%\Engelmann Media -> [Folder | Created Date = 5/14/2007 3:36:55 AM | Attr = ]
NetMedia Providers -> %UserAppData%\NetMedia Providers -> [Folder | Created Date = 5/21/2007 6:54:19 AM | Attr = ]
Nokia -> %UserAppData%\Nokia -> [Folder | Created Date = 5/12/2007 10:44:42 PM | Attr = ]
PC Suite -> %UserAppData%\PC Suite -> [Folder | Created Date = 5/12/2007 10:43:50 PM | Attr = ]
Publish Providers -> %UserAppData%\Publish Providers -> [Folder | Created Date = 5/21/2007 6:54:19 AM | Attr = ]
SiteAdvisor -> %UserAppData%\SiteAdvisor -> [Folder | Created Date = 6/16/2007 1:22:06 PM | Attr = ]
Sony -> %UserAppData%\Sony -> [Folder | Created Date = 5/21/2007 6:54:10 AM | Attr = ]
Symantec -> %UserAppData%\Symantec -> [Folder | Created Date = 6/17/2007 3:56:33 AM | Attr = ]
WinTuneup Data -> %UserAppData%\WinTuneup Data -> [Folder | Created Date = 6/2/2007 11:08:14 PM | Attr = ]
XnView -> %UserAppData%\XnView -> [Folder | Created Date = 6/2/2007 10:55:50 PM | Attr = ]
ACDPhotoEditor -> %LocalAppData%\ACDPhotoEditor -> [Folder | Created Date = 4/21/2007 11:08:24 PM | Attr = ]
Google -> %LocalAppData%\Google -> [Folder | Created Date = 5/21/2007 6:37:30 AM | Attr = ]
Xequte -> %LocalAppData%\Xequte -> [Folder | Created Date = 4/27/2007 4:15:36 AM | Attr = ]
Config -> %AllUsersDocuments%\Config -> [Folder | Created Date = 6/2/2007 12:14:42 AM | Attr = ]
Fonts -> %AllUsersDocuments%\Fonts -> [Folder | Created Date = 6/2/2007 12:14:42 AM | Attr = ]
Global.sw -> %AllUsersDocuments%\Global.sw -> [Ver = | Size = 560 bytes | Created Date = 6/2/2007 12:14:43 AM | Attr = ]
Softwrap -> %AllUsersDocuments%\Softwrap -> [Folder | Created Date = 6/2/2007 12:14:42 AM | Attr = ]
belle.MSWMM -> %UserDocuments%\belle.MSWMM -> [Ver = | Size = 39936 bytes | Created Date = 5/14/2007 3:07:30 AM | Attr = ]
BlazeVideo -> %UserDocuments%\BlazeVideo -> [Folder | Created Date = 4/27/2007 4:26:16 AM | Attr = ]
CFC.doc -> %UserDocuments%\CFC.doc -> [Ver = | Size = 32768 bytes | Created Date = 5/30/2007 7:54:50 PM | Attr = ]
CyberLink -> %UserDocuments%\CyberLink -> [Folder | Created Date = 4/27/2007 3:59:28 AM | Attr = ]
Dr majida vaccinc anti tuberculeux -> %UserDocuments%\Dr majida vaccinc anti tuberculeux -> [Folder | Created Date = 5/31/2007 9:19:31 AM | Attr = ]
DVD X Studios -> %UserDocuments%\DVD X Studios -> [Folder | Created Date = 4/27/2007 4:11:05 AM | Attr = ]
InterVideo -> %UserDocuments%\InterVideo -> [Folder | Created Date = 5/1/2007 8:31:50 AM | Attr = ]
jus de fruit projet.doc -> %UserDocuments%\jus de fruit projet.doc -> [Ver = | Size = 47104 bytes | Created Date = 6/2/2007 3:51:46 AM | Attr = ]
lesson plan brevet.doc -> %UserDocuments%\lesson plan brevet.doc -> [Ver = | Size = 38400 bytes | Created Date = 4/22/2007 5:20:26 AM | Attr = ]
lesson plan gr 9.doc -> %UserDocuments%\lesson plan gr 9.doc -> [Ver = | Size = 51712 bytes | Created Date = 5/1/2007 10:50:31 PM | Attr = ]
lesson plan gr7.doc -> %UserDocuments%\lesson plan gr7.doc -> [Ver = | Size = 52224 bytes | Created Date = 4/25/2007 7:50:42 PM | Attr = ]
lesson PLan.doc -> %UserDocuments%\lesson PLan.doc -> [Ver = | Size = 31744 bytes | Created Date = 4/22/2007 5:17:44 AM | Attr = ]
make up test 3 trem 3 PS.doc -> %UserDocuments%\make up test 3 trem 3 PS.doc -> [Ver = | Size = 48640 bytes | Created Date = 5/27/2007 8:13:18 PM | Attr = ]
MARWAN My Documents -> %UserDocuments%\MARWAN My Documents -> [Folder | Created Date = 6/2/2007 5:40:06 AM | Attr = ]
PixPlay -> %UserDocuments%\PixPlay -> [Folder | Created Date = 4/27/2007 4:15:36 AM | Attr = ]
table des matireres.doc -> %UserDocuments%\table des matireres.doc -> [Ver = | Size = 237056 bytes | Created Date = 5/31/2007 5:23:52 AM | Attr = ]
term 3 brevet 06-07.doc -> %UserDocuments%\term 3 brevet 06-07.doc -> [Ver = | Size = 57344 bytes | Created Date = 5/30/2007 8:13:02 PM | Attr = ]
term3 test3ps.doc -> %UserDocuments%\term3 test3ps.doc -> [Ver = | Size = 46592 bytes | Created Date = 5/21/2007 2:20:10 AM | Attr = ]
test2 term3 gr7.doc -> %UserDocuments%\test2 term3 gr7.doc -> [Ver = | Size = 63488 bytes | Created Date = 5/6/2007 11:39:19 PM | Attr = ]
~$sson plan gr7.doc -> %UserDocuments%\~$sson plan gr7.doc -> [Ver = | Size = 162 bytes | Created Date = 4/26/2007 5:45:35 AM | Attr = H ]
~WRL0003.tmp -> %UserDocuments%\~WRL0003.tmp -> [Ver = | Size = 40960 bytes | Created Date = 4/25/2007 7:50:42 PM | Attr = H ]
~WRL0005.tmp -> %UserDocuments%\~WRL0005.tmp -> [Ver = | Size = 40960 bytes | Created Date = 4/25/2007 7:50:42 PM | Attr = H ]
~WRL0148.tmp -> %UserDocuments%\~WRL0148.tmp -> [Ver = | Size = 42496 bytes | Created Date = 4/25/2007 7:50:42 PM | Attr = H ]
~WRL0149.tmp -> %UserDocuments%\~WRL0149.tmp -> [Ver = | Size = 44032 bytes | Created Date = 4/25/2007 7:50:42 PM | Attr = H ]
~WRL0568.tmp -> %UserDocuments%\~WRL0568.tmp -> [Ver = | Size = 41472 bytes | Created Date = 4/25/2007 7:50:42 PM | Attr = H ]
~WRL0823.tmp -> %UserDocuments%\~WRL0823.tmp -> [Ver = | Size = 44544 bytes | Created Date = 4/25/2007 7:50:42 PM | Attr = H ]
~WRL1083.tmp -> %UserDocuments%\~WRL1083.tmp -> [Ver = | Size = 44032 bytes | Created Date = 4/25/2007 7:50:42 PM | Attr = H ]
~WRL1116.tmp -> %UserDocuments%\~WRL1116.tmp -> [Ver = | Size = 44032 bytes | Created Date = 4/25/2007 7:50:42 PM | Attr = H ]
~WRL1543.tmp -> %UserDocuments%\~WRL1543.tmp -> [Ver = | Size = 41472 bytes | Created Date = 4/25/2007 7:50:42 PM | Attr = H ]
~WRL1687.tmp -> %UserDocuments%\~WRL1687.tmp -> [Ver = | Size = 44032 bytes | Created Date = 4/25/2007 7:50:42 PM | Attr = H ]
~WRL2796.tmp -> %UserDocuments%\~WRL2796.tmp -> [Ver = | Size = 40960 bytes | Created Date = 4/25/2007 7:50:42 PM | Attr = H ]
~WRL2838.tmp -> %UserDocuments%\~WRL2838.tmp -> [Ver = | Size = 43520 bytes | Created Date = 4/25/2007 7:50:42 PM | Attr = H ]
~WRL3773.tmp -> %UserDocuments%\~WRL3773.tmp -> [Ver = | Size = 43520 bytes | Created Date = 4/25/2007 7:50:42 PM | Attr = H ]
~WRL4011.tmp -> %UserDocuments%\~WRL4011.tmp -> [Ver = | Size = 40960 bytes | Created Date = 4/25/2007 7:50:42 PM | Attr = H ]
ACD FotoSlate 3.1.lnk -> %AllUsersDesktop%\ACD FotoSlate 3.1.lnk -> [Ver = | Size = 2659 bytes | Created Date = 5/21/2007 6:40:08 AM | Attr = ]
ACD Photo Editor 3.1.lnk -> %AllUsersDesktop%\ACD Photo Editor 3.1.lnk -> [Ver = | Size = 2787 bytes | Created Date = 5/21/2007 6:40:08 AM | Attr = ]
ACDSee 7.0.lnk -> %AllUsersDesktop%\ACDSee 7.0.lnk -> [Ver = | Size = 2527 bytes | Created Date = 5/21/2007 6:40:08 AM | Attr = ]
InterVideo WinDVD 6.lnk -> %AllUsersDesktop%\InterVideo WinDVD 6.lnk -> [Ver = | Size = 1637 bytes | Created Date = 5/1/2007 7:15:08 AM | Attr = ]
McAfee Security Center.lnk -> %AllUsersDesktop%\McAfee Security Center.lnk -> [Ver = | Size = 671 bytes | Created Date = 6/16/2007 1:22:46 PM | Attr = ]
Nokia PC Suite.lnk -> %AllUsersDesktop%\Nokia PC Suite.lnk -> [Ver = | Size = 1815 bytes | Created Date = 5/12/2007 10:44:18 PM | Attr = ]
Vegas 5.0.lnk -> %AllUsersDesktop%\Vegas 5.0.lnk -> [Ver = | Size = 1763 bytes | Created Date = 5/21/2007 6:53:19 AM | Attr = ]
3100_2kxp -> %UserDesktop%\3100_2kxp -> [Folder | Created Date = 6/18/2007 7:50:10 PM | Attr = ]
3100_2kxp.exe -> %UserDesktop%\3100_2kxp.exe -> [Ver = | Size = 8567069 bytes | Created Date = 6/18/2007 7:03:04 PM | Attr = ]
81.98_forceware_winxp64_english_whql.exe -> %UserDesktop%\81.98_forceware_winxp64_english_whql.exe -> [Ver = | Size = 11134 bytes | Created Date = 6/18/2007 7:02:55 PM | Attr = ]
81_1.98_forceware_winxp64_english_whql.exe -> %UserDesktop%\81_1.98_forceware_winxp64_english_whql.exe -> [Ver = | Size = 35 bytes | Created Date = 6/18/2007 7:02:57 PM | Attr = ]
81_2.98_forceware_winxp64_english_whql.exe -> %UserDesktop%\81_2.98_forceware_winxp64_english_whql.exe -> NVIDIA Corporation [Ver = | Size = 27595136 bytes | Created Date = 6/18/2007 7:02:59 PM | Attr = ]
Absolute MP3 Splitter.lnk -> %UserDesktop%\Absolute MP3 Splitter.lnk -> [Ver = | Size = 760 bytes | Created Date = 5/14/2007 3:53:21 AM | Attr = ]
ACDSee Mobile for Windows CE.lnk -> %UserDesktop%\ACDSee Mobile for Windows CE.lnk -> [Ver = | Size = 1104 bytes | Created Date = 6/12/2007 8:05:33 AM | Attr = ]
audio factory -> %UserDesktop%\audio factory -> [Folder | Created Date = 5/21/2007 3:04:49 AM | Attr = ]
AudioStudio.lnk -> %UserDesktop%\AudioStudio.lnk -> [Ver = | Size = 1799 bytes | Created Date = 6/2/2007 12:14:35 AM | Attr = ]
CyberLink PowerDVD.lnk -> %UserDesktop%\CyberLink PowerDVD.lnk -> [Ver = | Size = 1684 bytes | Created Date = 5/21/2007 6:36:49 AM | Attr = ]
Download_AVsetupRNTrial.exe -> %UserDesktop%\Download_AVsetupRNTrial.exe -> [Ver = | Size = 415 bytes | Created Date = 6/18/2007 7:03:12 PM | Attr = ]
Dr. Hardware 2004 5.5.0e.lnk -> %UserDesktop%\Dr. Hardware 2004 5.5.0e.lnk -> [Ver = | Size = 784 bytes | Created Date = 5/21/2007 6:47:51 AM | Attr = ]
driver -> %UserDesktop%\driver -> [Folder | Created Date = 6/18/2007 7:34:29 PM | Attr = ]
DriverDetective.exe -> %UserDesktop%\DriverDetective.exe -> PC Drivers HeadQuarters [Ver = 6.2.100 | Size = 5043896 bytes | Created Date = 6/18/2007 7:03:13 PM | Attr = ]
Easy Karaoke Player.lnk -> %UserDesktop%\Easy Karaoke Player.lnk -> [Ver = | Size = 616 bytes | Created Date = 6/2/2007 12:16:25 AM | Attr = ]
HijackThis.zip -> %UserDesktop%\HijackThis.zip -> [Ver = | Size = 212849 bytes | Created Date = 6/18/2007 7:03:25 PM | Attr = ]
MARWAN My Documents.LNK -> %UserDesktop%\MARWAN My Documents.LNK -> [Ver = | Size = 1460 bytes | Created Date = 6/2/2007 5:41:18 AM | Attr = ]
mm -> %UserDesktop%\mm -> [Folder | Created Date = 6/19/2007 6:04:25 PM | Attr = ]
OTMoveIt.exe -> %UserDesktop%\OTMoveIt.exe -> OldTimer Tools [Ver = 1.0.12.0 | Size = 210432 bytes | Created Date = 6/18/2007 7:03:26 PM | Attr = ]
S2K 7.1 Plus.lnk -> %UserDesktop%\S2K 7.1 Plus.lnk -> [Ver = | Size = 1669 bytes | Created Date = 6/2/2007 12:06:26 AM | Attr = ]
Shortcut to PICTURES.lnk -> %UserDesktop%\Shortcut to PICTURES.lnk -> [Ver = | Size = 369 bytes | Created Date = 6/2/2007 12:25:25 AM | Attr = ]
WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Created Date = 6/18/2007 7:26:50 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 353274 bytes | Created Date = 6/18/2007 7:03:26 PM | Attr = ]
WMA To MP3 Encoder.lnk -> %UserDesktop%\WMA To MP3 Encoder.lnk -> [Ver = | Size = 705 bytes | Created Date = 5/14/2007 3:33:24 AM | Attr = ]
xplicence.doc -> %UserDesktop%\xplicence.doc -> [Ver = | Size = 19968 bytes | Created Date = 6/17/2007 2:47:14 AM | Attr = ]
InterVideo WinCinema Manager.lnk -> %AllUsersStartup%\InterVideo WinCinema Manager.lnk -> [Ver = | Size = 1777 bytes | Created Date = 5/1/2007 7:15:08 AM | Attr = ]
InterVideo -> %CommonProgramFiles%\InterVideo -> [Folder | Created Date = 5/1/2007 7:14:06 AM | Attr = ]
McAfee -> %CommonProgramFiles%\McAfee -> [Folder | Created Date = 6/16/2007 1:18:39 PM | Attr = ]
Nokia -> %CommonProgramFiles%\Nokia -> [Folder | Created Date = 5/12/2007 10:44:10 PM | Attr = ]
PCSuite -> %CommonProgramFiles%\PCSuite -> [Folder | Created Date = 5/12/2007 10:44:11 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 6/1/2007 10:00:46 AM | Attr = RH ]
autorun.inf -> %SystemDrive%\autorun.inf -> [Ver = | Size = 261 bytes | Modified Date = 6/19/2007 7:10:44 PM | Attr = RHS]
Belle.wav -> %SystemDrive%\Belle.wav -> [Ver = | Size = 3439846 bytes | Modified Date = 6/2/2007 1:18:08 AM | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 6/16/2007 2:14:52 PM | Attr = HS]
found.000 -> %SystemDrive%\found.000 -> [Folder | Modified Date = 6/17/2007 3:41:06 AM | Attr = HS]
HEROSOFT -> %SystemDrive%\HEROSOFT -> [Folder | Modified Date = 5/21/2007 7:32:22 AM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 804835328 bytes | Modified Date = 6/19/2007 7:12:10 PM | Attr = HS]
log2.txt -> %SystemDrive%\log2.txt -> [Ver = | Size = 134 bytes | Modified Date = 5/21/2007 4:23:00 AM | Attr = ]
Marwan -> %SystemDrive%\Marwan -> [Folder | Modified Date = 6/1/2007 5:25:08 AM | Attr = ]
Mirna -> %SystemDrive%\Mirna -> [Folder | Modified Date = 6/18/2007 7:27:22 AM | Attr = ]
MS32DLL.dll.vbs -> %SystemDrive%\MS32DLL.dll.vbs -> [Ver = | Size = 3754 bytes | Modified Date = 6/2/2007 2:00:28 AM | Attr = RHS]
NVIDIA -> %SystemDrive%\NVIDIA -> [Folder | Modified Date = 6/18/2007 8:08:48 PM | Attr = ]
PICTURES -> %SystemDrive%\PICTURES -> [Folder | Modified Date = 6/7/2007 7:17:44 AM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 6/18/2007 8:21:30 PM | Attr = R ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 6/12/2007 8:50:20 AM | Attr = HS]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 6/18/2007 8:05:14 PM | Attr = ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 6/19/2007 7:09:56 PM | Attr = ]
$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [Folder | Modified Date = 6/14/2007 1:10:36 PM | Attr = ]
0.log -> %SystemRoot%\0.log -> [Ver = | Size = 0 bytes | Modified Date = 6/19/2007 7:12:52 PM | Attr = ]
Audio Studio Setup Log.txt -> %SystemRoot%\Audio Studio Setup Log.txt -> [Ver = | Size = 13407 bytes | Modified Date = 6/2/2007 1:14:40 AM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 6/19/2007 7:12:12 PM | Attr = S]
cdplayer.ini -> %SystemRoot%\cdplayer.ini -> [Ver = | Size = 99 bytes | Modified Date = 5/21/2007 4:08:52 AM | Attr = ]
Coffee Bean.bmp -> %SystemRoot%\Coffee Bean.bmp -> [Ver = | Size = 17632 bytes | Modified Date = 6/17/2007 5:02:32 AM | Attr = ]
DHCPUPG.LOG -> %SystemRoot%\DHCPUPG.LOG -> [Ver = | Size = 225 bytes | Modified Date = 6/16/2007 3:39:24 PM | Attr = ]
Driver Cache -> %SystemRoot%\Driver Cache -> [Folder | Modified Date = 6/14/2007 1:10:42 PM | Attr = ]
FaxSetup.log -> %SystemRoot%\FaxSetup.log -> [Ver = | Size = 50499 bytes | Modified Date = 6/16/2007 3:36:54 PM | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 6/14/2007 1:11:56 PM | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 6/14/2007 1:13:24 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 6/16/2007 2:54:56 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 6/16/2007 2:14:50 PM | Attr = HS]
iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.1.4 | Size = 737280 bytes | Modified Date = 6/2/2007 1:14:02 AM | Attr = ]
LUINSTALL.LOG -> %SystemRoot%\LUINSTALL.LOG -> [Ver = | Size = 13418 bytes | Modified Date = 6/16/2007 2:14:48 PM | Attr = ]
Media -> %SystemRoot%\Media -> [Folder | Modified Date = 6/14/2007 1:11:56 PM | Attr = ]
MS32DLL.dll.vbs -> %SystemRoot%\MS32DLL.dll.vbs -> [Ver = | Size = 3754 bytes | Modified Date = 6/2/2007 2:00:28 AM | Attr = RHS]
ocgen.log -> %SystemRoot%\ocgen.log -> [Ver = | Size = 39116 bytes | Modified Date = 6/16/2007 3:36:48 PM | Attr = ]
PIF -> %SystemRoot%\PIF -> [Folder | Modified Date = 6/18/2007 8:03:56 PM | Attr = H ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 6/19/2007 7:04:08 PM | Attr = ]
RegisteredPackages -> %SystemRoot%\RegisteredPackages -> [Folder | Modified Date = 5/21/2007 7:22:52 AM | Attr = ]
SchedLgU.Txt -> %SystemRoot%\SchedLgU.Txt -> [Ver = | Size = 32542 bytes | Modified Date = 6/19/2007 7:10:58 PM | Attr = ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 5/21/2007 7:59:36 AM | Attr = ]
setupact.log -> %SystemRoot%\setupact.log -> [Ver = | Size = 2528 bytes | Modified Date = 6/18/2007 8:57:00 PM | Attr = ]
setupapi.log -> %SystemRoot%\setupapi.log -> [Ver = | Size = 2288218 bytes | Modified Date = 6/18/2007 8:58:50 PM | Attr = ]
setupapi.old -> %SystemRoot%\setupapi.old -> [Ver = | Size = 1118157 bytes | Modified Date = 6/12/2007 9:04:14 AM | Attr = ]
setuperr.log -> %SystemRoot%\setuperr.log -> [Ver = | Size = 0 bytes | Modified Date = 6/18/2007 8:05:14 PM | Attr = ]
Soap Bubbles.bmp -> %SystemRoot%\Soap Bubbles.bmp -> [Ver = | Size = 66548 bytes | Modified Date = 6/17/2007 5:02:32 AM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 6/17/2007 4:41:34 AM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 6/19/2007 7:12:10 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 6/16/2007 2:19:34 PM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 6/19/2007 7:15:50 PM | Attr = ]
UPGRADE.TXT -> %SystemRoot%\UPGRADE.TXT -> [Ver = | Size = 801 bytes | Modified Date = 6/16/2007 3:39:16 PM | Attr = ]
wiadebug.log -> %SystemRoot%\wiadebug.log -> [Ver = | Size = 216 bytes | Modified Date = 5/21/2007 7:59:34 AM | Attr = ]
wiaservc.log -> %SystemRoot%\wiaservc.log -> [Ver = | Size = 49 bytes | Modified Date = 5/21/2007 7:59:34 AM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 726 bytes | Modified Date = 6/16/2007 3:09:28 PM | Attr = ]
WindowsUpdate.log -> %SystemRoot%\WindowsUpdate.log -> [Ver = | Size = 486503 bytes | Modified Date = 6/19/2007 7:13:04 PM | Attr = ]
WINNT32.LOG -> %SystemRoot%\WINNT32.LOG -> [Ver = | Size = 2757 bytes | Modified Date = 6/16/2007 3:39:24 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 6/14/2007 1:10:42 PM | Attr = ]
wmsetup.log -> %SystemRoot%\wmsetup.log -> [Ver = | Size = 96245 bytes | Modified Date = 6/2/2007 6:35:04 AM | Attr = ]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 5/21/2007 7:27:52 AM | Attr = ]
wsdu.log -> %SystemRoot%\wsdu.log -> [Ver = | Size = 149 bytes | Modified Date = 6/16/2007 3:38:44 PM | Attr = ]
At1.job -> %SystemRoot%\tasks\At1.job -> [Ver = | Size = 398 bytes | Modified Date = 6/17/2007 5:08:04 PM | Attr = ]
McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job -> [Ver = | Size = 266 bytes | Modified Date = 6/16/2007 2:19:36 PM | Attr = ]
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job -> [Ver = | Size = 358 bytes | Modified Date = 6/16/2007 2:19:34 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 6/19/2007 7:12:16 PM | Attr = H ]
$$TEMP$$.~~~ -> %System32%\$$TEMP$$.~~~ -> [Ver = | Size = 6144 bytes | Modified Date = 6/14/2007 1:13:26 PM | Attr = ]
1033 -> %System32%\1033 -> [Folder | Modified Date = 6/14/2007 1:11:54 PM | Attr = ]
AdCache -> %System32%\AdCache -> [Folder | Modified Date = 6/2/2007 1:23:16 AM | Attr = ]
amcompat.tlb -> %System32%\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 5/21/2007 7:29:16 AM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 6/17/2007 3:47:08 AM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 6/18/2007 8:53:16 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 6/14/2007 1:10:30 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 6/16/2007 2:20:26 PM | Attr = ]
ias -> %System32%\ias -> [Folder | Modified Date = 6/14/2007 1:12:00 PM | Attr = ]
icsxml -> %System32%\icsxml -> [Folder | Modified Date = 6/14/2007 1:12:02 PM | Attr = ]
LuResult.txt -> %System32%\LuResult.txt -> [Ver = | Size = 75 bytes | Modified Date = 6/16/2007 2:12:12 PM | Attr = ]
nscompat.tlb -> %System32%\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 5/21/2007 7:29:16 AM | Attr = ]
oobe -> %System32%\oobe -> [Folder | Modified Date = 6/14/2007 1:10:30 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 41040 bytes | Modified Date = 6/2/2007 6:39:14 AM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 314838 bytes | Modified Date = 6/2/2007 6:39:14 AM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 360124 bytes | Modified Date = 6/2/2007 6:39:14 AM | Attr = ]
Profiles -> %System32%\Profiles -> [Folder | Modified Date = 5/21/2007 7:22:44 AM | Attr = ]
Setup -> %System32%\Setup -> [Folder | Modified Date = 6/14/2007 1:12:00 PM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 6/14/2007 1:12:00 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2262 bytes | Modified Date = 6/17/2007 3:38:10 PM | Attr = ]
Avg7 -> %AllUsersAppData%\Avg7 -> [Folder | Modified Date = 6/17/2007 4:41:38 AM | Attr = ]
McAfee -> %AllUsersAppData%\McAfee -> [Folder | Modified Date = 6/16/2007 2:22:50 PM | Attr = ]
Symantec -> %AllUsersAppData%\Symantec -> [Folder | Modified Date = 6/17/2007 5:01:48 AM | Attr = ]
NetMedia Providers -> %UserAppData%\NetMedia Providers -> [Folder | Modified Date = 5/21/2007 7:54:20 AM | Attr = ]
Publish Providers -> %UserAppData%\Publish Providers -> [Folder | Modified Date = 5/21/2007 7:54:20 AM | Attr = ]
SiteAdvisor -> %UserAppData%\SiteAdvisor -> [Folder | Modified Date = 6/19/2007 7:04:00 PM | Attr = ]
Sony -> %UserAppData%\Sony -> [Folder | Modified Date = 5/21/2007 7:54:12 AM | Attr = ]
Symantec -> %UserAppData%\Symantec -> [Folder | Modified Date = 6/17/2007 5:02:52 AM | Attr = ]
WinTuneup Data -> %UserAppData%\WinTuneup Data -> [Folder | Modified Date = 6/3/2007 12:10:14 AM | Attr = ]
XnView -> %UserAppData%\XnView -> [Folder | Modified Date = 6/2/2007 11:55:52 PM | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 34816 bytes | Modified Date = 6/2/2007 6:24:56 AM | Attr = ]
Google -> %LocalAppData%\Google -> [Folder | Modified Date = 5/21/2007 7:37:32 AM | Attr = ]
Help -> %LocalAppData%\Help -> [Folder | Modified Date = 6/16/2007 1:38:26 PM | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 4804518 bytes | Modified Date = 6/1/2007 10:02:02 AM | Attr = H ]
Config -> %AllUsersDocuments%\Config -> [Folder | Modified Date = 6/2/2007 1:14:44 AM | Attr = ]
Fonts -> %AllUsersDocuments%\Fonts -> [Folder | Modified Date = 6/2/2007 1:14:44 AM | Attr = ]
Global.sw -> %AllUsersDocuments%\Global.sw -> [Ver = | Size = 560 bytes | Modified Date = 6/17/2007 5:02:32 AM | Attr = ]
Softwrap -> %AllUsersDocuments%\Softwrap -> [Folder | Modified Date = 6/2/2007 1:14:44 AM | Attr = ]
CFC.doc -> %UserDocuments%\CFC.doc -> [Ver = | Size = 32768 bytes | Modified Date = 5/30/2007 9:07:06 PM | Attr = ]
Dr majida vaccinc anti tuberculeux -> %UserDocuments%\Dr majida vaccinc anti tuberculeux -> [Folder | Modified Date = 5/31/2007 10:39:50 AM | Attr = ]
jus de fruit projet.doc -> %UserDocuments%\jus de fruit projet.doc -> [Ver = | Size = 47104 bytes | Modified Date = 6/2/2007 4:51:48 AM | Attr = ]
make up test 3 trem 3 PS.doc -> %UserDocuments%\make up test 3 trem 3 PS.doc -> [Ver = | Size = 48640 bytes | Modified Date = 5/27/2007 9:31:54 PM | Attr = ]
MARWAN My Documents -> %UserDocuments%\MARWAN My Documents -> [Folder | Modified Date = 6/12/2007 9:07:20 AM | Attr = ]
My Music -> %UserDocuments%\My Music -> [Folder | Modified Date = 6/2/2007 6:35:06 AM | Attr = R ]
table des matireres.doc -> %UserDocuments%\table des matireres.doc -> [Ver = | Size = 237056 bytes | Modified Date = 5/31/2007 6:34:30 AM | Attr = ]
term 3 brevet 06-07.doc -> %UserDocuments%\term 3 brevet 06-07.doc -> [Ver = | Size = 57344 bytes | Modified Date = 5/30/2007 9:19:58 PM | Attr = ]
term3 test3ps.doc -> %UserDocuments%\term3 test3ps.doc -> [Ver = | Size = 46592 bytes | Modified Date = 5/21/2007 3:20:12 AM | Attr = ]
ACD FotoSlate 3.1.lnk -> %AllUsersDesktop%\ACD FotoSlate 3.1.lnk -> [Ver = | Size = 2659 bytes | Modified Date = 5/21/2007 7:40:10 AM | Attr = ]
ACD Photo Editor 3.1.lnk -> %AllUsersDesktop%\ACD Photo Editor 3.1.lnk -> [Ver = | Size = 2787 bytes | Modified Date = 5/21/2007 7:40:10 AM | Attr = ]
ACDSee 7.0.lnk -> %AllUsersDesktop%\ACDSee 7.0.lnk -> [Ver = | Size = 2527 bytes | Modified Date = 5/21/2007 7:40:32 AM | Attr = ]
McAfee Security Center.lnk -> %AllUsersDesktop%\McAfee Security Center.lnk -> [Ver = | Size = 671 bytes | Modified Date = 6/16/2007 2:22:48 PM | Attr = ]
Vegas 5.0.lnk -> %AllUsersDesktop%\Vegas 5.0.lnk -> [Ver = | Size = 1763 bytes | Modified Date = 5/21/2007 7:53:20 AM | Attr = ]
3100_2kxp -> %UserDesktop%\3100_2kxp -> [Folder | Modified Date = 6/18/2007 8:50:30 PM | Attr = ]
3100_2kxp.exe -> %UserDesktop%\3100_2kxp.exe -> [Ver = | Size = 8567069 bytes | Modified Date = 6/18/2007 10:36:34 AM | Attr = ]
81.98_forceware_winxp64_english_whql.exe -> %UserDesktop%\81.98_forceware_winxp64_english_whql.exe -> [Ver = | Size = 11134 bytes | Modified Date = 6/18/2007 9:30:24 AM | Attr = ]
81_1.98_forceware_winxp64_english_whql.exe -> %UserDesktop%\81_1.98_forceware_winxp64_english_whql.exe -> [Ver = | Size = 35 bytes | Modified Date = 6/18/2007 9:30:36 AM | Attr = ]
81_2.98_forceware_winxp64_english_whql.exe -> %UserDesktop%\81_2.98_forceware_winxp64_english_whql.exe -> NVIDIA Corporation [Ver = | Size = 27595136 bytes | Modified Date = 6/18/2007 10:27:48 AM | Attr = ]
ACDSee Mobile for Windows CE.lnk -> %UserDesktop%\ACDSee Mobile for Windows CE.lnk -> [Ver = | Size = 1104 bytes | Modified Date = 6/12/2007 9:05:34 AM | Attr = ]
audio factory -> %UserDesktop%\audio factory -> [Folder | Modified Date = 5/21/2007 5:48:42 AM | Attr = ]
AudioStudio.lnk -> %UserDesktop%\AudioStudio.lnk -> [Ver = | Size = 1799 bytes | Modified Date = 6/2/2007 1:14:36 AM | Attr = ]
CyberLink PowerDVD.lnk -> %UserDesktop%\CyberLink PowerDVD.lnk -> [Ver = | Size = 1684 bytes | Modified Date = 5/21/2007 7:36:50 AM | Attr = ]
Download_AVsetupRNTrial.exe -> %UserDesktop%\Download_AVsetupRNTrial.exe -> [Ver = | Size = 415 bytes | Modified Date = 6/18/2007 12:15:20 PM | Attr = ]
Dr. Hardware 2004 5.5.0e.lnk -> %UserDesktop%\Dr. Hardware 2004 5.5.0e.lnk -> [Ver = | Size = 784 bytes | Modified Date = 5/21/2007 7:47:52 AM | Attr = ]
driver -> %UserDesktop%\driver -> [Folder | Modified Date = 6/18/2007 8:34:44 PM | Attr = ]
DriverDetective.exe -> %UserDesktop%\DriverDetective.exe -> PC Drivers HeadQuarters [Ver = 6.2.100 | Size = 5043896 bytes | Modified Date = 6/18/2007 10:47:00 AM | Attr = ]
Easy Karaoke Player.lnk -> %UserDesktop%\Easy Karaoke Player.lnk -> [Ver = | Size = 616 bytes | Modified Date = 6/2/2007 1:16:26 AM | Attr = ]
HijackThis.zip -> %UserDesktop%\HijackThis.zip -> [Ver = | Size = 212849 bytes | Modified Date = 6/18/2007 11:09:26 AM | Attr = ]
MARWAN My Documents.LNK -> %UserDesktop%\MARWAN My Documents.LNK -> [Ver = | Size = 1460 bytes | Modified Date = 6/2/2007 6:41:20 AM | Attr = ]
mm -> %UserDesktop%\mm -> [Folder | Modified Date = 6/19/2007 7:04:44 PM | Attr = ]
OTMoveIt.exe -> %UserDesktop%\OTMoveIt.exe -> OldTimer Tools [Ver = 1.0.12.0 | Size = 210432 bytes | Modified Date = 6/18/2007 10:47:44 AM | Attr = ]
S2K 7.1 Plus.lnk -> %UserDesktop%\S2K 7.1 Plus.lnk -> [Ver = | Size = 1669 bytes | Modified Date = 6/2/2007 1:06:28 AM | Attr = ]
Shortcut to PICTURES.lnk -> %UserDesktop%\Shortcut to PICTURES.lnk -> [Ver = | Size = 369 bytes | Modified Date = 6/2/2007 1:25:26 AM | Attr = ]
WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Modified Date = 6/18/2007 8:26:52 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 353274 bytes | Modified Date = 6/18/2007 10:56:56 AM | Attr = ]
ACD Systems -> %CommonProgramFiles%\ACD Systems -> [Folder | Modified Date = 6/12/2007 9:04:22 AM | Attr = ]
McAfee -> %CommonProgramFiles%\McAfee -> [Folder | Modified Date = 6/16/2007 2:20:16 PM | Attr = ]
Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 6/16/2007 2:16:06 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , -> %SystemRoot%\epsuninst.exe -> Marcelo Bona Boff [Ver = 3.7.0.1 | Size = 278668 bytes | Modified Date = 12/12/2003 1:52:36 AM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 10:41:38 PM | Attr = ]
UPX! , UPX0 , -> %UserDocuments%\keyfinder.exe -> [Ver = | Size = 262727 bytes | Modified Date = 11/19/2005 1:43:28 PM | Attr = ]
File scan skipped for file %UserDocuments%\xpsp1a_en_x86.exe -> File size too big (131170400 bytes) ->
UPX! , UPX0 , -> %UserDesktop%\3100_2kxp.exe -> [Ver = | Size = 8567069 bytes | Modified Date = 6/18/2007 10:36:34 AM | Attr = ]
PEC2 , PECompact2 , -> %UserDesktop%\OTMoveIt.exe -> OldTimer Tools [Ver = 1.0.12.0 | Size = 210432 bytes | Modified Date = 6/18/2007 10:47:44 AM | Attr = ]

< End of report >

#8 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 20 June 2007 - 04:45 AM

That's not a HijackThis log, it's a WinPFind3U logfile.
Please follow buddy215's advice earlier to run a few preliminary scans before posting your HijackThis log in your own topic in our HijackThis Logs and Analysis forum.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#9 marwov

marwov

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 20 June 2007 - 07:07 AM

ok right WinPFind3U logfile. but i guess no one till now has an answer for this problem !!!!!!!!!!!!!!!!!!!!!!!!!

#10 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:40 PM

Posted 20 June 2007 - 07:12 AM

Did you post your log in the HIjackThis forum?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#11 marwov

marwov

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 20 June 2007 - 07:14 AM

HJT log removed. Only trainned HJT staff can analyze logs.

Edited by rigel, 22 June 2007 - 11:13 AM.
Log removed - rigel


#12 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 20 June 2007 - 10:09 AM

Like we said before, we do not do HijackThis log analysis in this section of the forum. Please start a topic in the HijackThis Logs and Analysis section, so a HJT Team member can help you out.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#13 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:10:40 PM

Posted 22 June 2007 - 11:20 AM

Hi Marwov,

This topic will now be closed. Please post a new HJT log to the HijackThis Logs and Analysis forum. Only trained HJT staff can work logs. Once you post your log there, follow ONLY the advice given by the team member who takes your log.

If you have any questions, please feel free to pm me.

rigel
BleepingComputer Forums Moderator

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users