HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> %SystemRoot%\system32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Background Intelligent Transfer Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> RpcSs; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> C:\WINDOWS\system32\qmgr.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\0 -> Root\LEGACY_BITS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 1603 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msncall.exe -> C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG Free\avginet.exe -> C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG Free\avgamsvr.exe -> C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG Free\avgcc.exe -> C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG Free\avgemc.exe -> C:\Program Files\Grisoft\AVG Free\avgemc.exe:*:Enabled:avgemc.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe -> C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe:*:Enabled:VoipStunt ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\MsMsgs.EXE -> C:\Program Files\Messenger\MsMsgs.EXE:*:Enabled:Windows Messenger ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe -> C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe -> C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hposid01.exe -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe -> C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe -> C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe -> C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe -> C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe -> C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msncall.exe -> C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
< Session Manager Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
BootExecute -> autocheck autochk *; ->
< Registry Shell Spawning > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command
batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 10/08/2004 20:00:00 | Attr = ]
batfile [open] -> "%1" %* ->
batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 10/08/2004 20:00:00 | Attr = ]
chm.file [open] -> "%SystemRoot%\hh.exe" %1 -> Microsoft Corporation [Ver = 5.2.3790.2453 (srv03_sp1_gdr.050525-1542) | Size = 10752 bytes | Modified Date = 27/05/2005 00:22:02 | Attr = ]
cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 10/08/2004 20:00:00 | Attr = ]
cmdfile [open] -> "%1" %* ->
cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 10/08/2004 20:00:00 | Attr = ]
comfile [open] -> "%1" %* ->
cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 19/12/2006 22:52:18 | Attr = ]
exefile [open] -> "%1" %* ->
helpfile [open] -> winhlp32.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 283648 bytes | Modified Date = 10/08/2004 20:00:00 | Attr = ]
hlpfile [open] -> %SystemRoot%\System32\winhlp32.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 8192 bytes | Modified Date = 10/08/2004 20:00:00 | Attr = ]
htafile [open] -> %System32%\mshta.exe "%1" %* -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 45568 bytes | Modified Date = 17/10/2006 11:56:10 | Attr = ]
htmlfile [edit] -> "%ProgramFiles%\Microsoft Office\OFFICE11\msohtmed.exe" %1 -> Microsoft Corporation [Ver = 11.0.5510 | Size = 55360 bytes | Modified Date = 14/07/2003 22:52:56 | Attr = ]
htmlfile [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" -nohome -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 623616 bytes | Modified Date = 08/01/2007 18:08:42 | Attr = ]
htmlfile [opennew] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" %1 -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 623616 bytes | Modified Date = 08/01/2007 18:08:42 | Attr = ]
htmlfile [print] -> "%ProgramFiles%\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 -> Microsoft Corporation [Ver = 11.0.5510 | Size = 55360 bytes | Modified Date = 14/07/2003 22:52:56 | Attr = ]
http [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" -nohome -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 623616 bytes | Modified Date = 08/01/2007 18:08:42 | Attr = ]
https [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" -nohome -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 623616 bytes | Modified Date = 08/01/2007 18:08:42 | Attr = ]
inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33280 bytes | Modified Date = 10/08/2004 20:00:00 | Attr = ]
inffile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 10/08/2004 20:00:00 | Attr = ]
inffile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 10/08/2004 20:00:00 | Attr = ]
inifile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 10/08/2004 20:00:00 | Attr = ]
inifile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 10/08/2004 20:00:00 | Attr = ]
InternetShortcut [open] -> rundll32.exe ieframe.dll,OpenURL %l -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 6054400 bytes | Modified Date = 12/01/2007 09:27:42 | Attr = ]
InternetShortcut [print] -> rundll32.exe %System32%\mshtml.dll,PrintHTML "%1" -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 3580416 bytes | Modified Date = 12/01/2007 09:27:42 | Attr = ]
jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 10/08/2004 20:00:00 | Attr = ]
jsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 10/08/2004 20:00:00 | Attr = ]
jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 10/08/2004 20:00:00 | Attr = ]
jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 10/08/2004 20:00:00 | Attr = ]
jsefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 10/08/2004 20:00:00 | Attr = ]
jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 10/08/2004 20:00:00 | Attr = ]
piffile [open] -> "%1" %* ->
regfile [edit] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 10/08/2004 20:00:00 | Attr = ]
regfile [open] -> regedit.exe "%1" -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 146432 bytes | Modified Date = 10/08/2004 20:00:00 | Attr = ]
regfile [merge] -> Reg Data - Key not found ->
regfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 10/08/2004 20:00:00 | Attr = ]
scrfile [config] -> "%1" ->
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Modified Date = 10/08/2004 20:00:00 | Attr = ]
scrfile [open] -> "%1" /S ->
txtfile [edit] -> Reg Data - Key not found ->
txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 10/08/2004 20:00:00 | Attr = ]
txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 10/08/2004 20:00:00 | Attr = ]
txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 10/08/2004 20:00:00 | Attr = ]
vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 10/08/2004 20:00:00 | Attr = ]
vbefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 10/08/2004 20:00:00 | Attr = ]
vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 10/08/2004 20:00:00 | Attr = ]
vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 10/08/2004 20:00:00 | Attr = ]
vbsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 10/08/2004 20:00:00 | Attr = ]
vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 10/08/2004 20:00:00 | Attr = ]
wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 10/08/2004 20:00:00 | Attr = ]
wsffile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 10/08/2004 20:00:00 | Attr = ]
wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 10/08/2004 20:00:00 | Attr = ]
wshfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 10/08/2004 20:00:00 | Attr = ]
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 19/12/2006 22:52:18 | Attr = ]
Directory [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 10/08/2004 20:00:00 | Attr = ]
Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 10/08/2004 20:00:00 | Attr = ]
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 10/08/2004 20:00:00 | Attr = ]
Drive [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 10/08/2004 20:00:00 | Attr = ]
Applications\iexplore.exe [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" %1 -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 623616 bytes | Modified Date = 08/01/2007 18:08:42 | Attr = ]
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 623616 bytes | Modified Date = 08/01/2007 18:08:42 | Attr = ]
< WOW Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW
cmdline -> %SystemRoot%\system32\ntvdm.exe ->
wowcmdline -> %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386 ->
[Files/Folders - Created Within 60 days]
Ezy-Data -> %SystemDrive%\Ezy-Data -> [Folder | Created Date = 10/03/2007 23:38:56 | Attr = ]
sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [Ver = | Size = 232 bytes | Created Date = 17/01/2007 19:36:42 | Attr = H ]
sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [Ver = | Size = 268 bytes | Created Date = 17/01/2007 19:37:06 | Attr = H ]
sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [Ver = | Size = 232 bytes | Created Date = 29/01/2007 19:59:42 | Attr = H ]
sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm -> [Ver = | Size = 232 bytes | Created Date = 31/01/2007 15:05:15 | Attr = H ]
sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm -> [Ver = | Size = 268 bytes | Created Date = 01/02/2007 12:40:08 | Attr = H ]
sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> [Ver = | Size = 268 bytes | Created Date = 03/02/2007 21:25:44 | Attr = H ]
sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm -> [Ver = | Size = 232 bytes | Created Date = 05/02/2007 08:37:04 | Attr = H ]
sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm -> [Ver = | Size = 232 bytes | Created Date = 05/02/2007 21:24:21 | Attr = H ]
sqmdata10.sqm -> %SystemDrive%\sqmdata10.sqm -> [Ver = | Size = 232 bytes | Created Date = 10/02/2007 16:05:52 | Attr = H ]
sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [Ver = | Size = 244 bytes | Created Date = 17/01/2007 19:36:42 | Attr = H ]
sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm -> [Ver = | Size = 244 bytes | Created Date = 17/01/2007 19:37:06 | Attr = H ]
sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [Ver = | Size = 244 bytes | Created Date = 29/01/2007 19:59:42 | Attr = H ]
sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm -> [Ver = | Size = 244 bytes | Created Date = 31/01/2007 15:05:15 | Attr = H ]
sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm -> [Ver = | Size = 244 bytes | Created Date = 01/02/2007 12:40:08 | Attr = H ]
sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm -> [Ver = | Size = 244 bytes | Created Date = 03/02/2007 21:25:44 | Attr = H ]
sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm -> [Ver = | Size = 244 bytes | Created Date = 05/02/2007 08:37:04 | Attr = H ]
sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm -> [Ver = | Size = 244 bytes | Created Date = 05/02/2007 21:24:21 | Attr = H ]
sqmnoopt10.sqm -> %SystemDrive%\sqmnoopt10.sqm -> [Ver = | Size = 244 bytes | Created Date = 10/02/2007 16:05:52 | Attr = H ]
$NtUninstallKB918118$ -> %SystemRoot%\$NtUninstallKB918118$ -> [Folder | Created Date = 16/02/2007 03:29:31 | Attr = H ]
$NtUninstallKB924667$ -> %SystemRoot%\$NtUninstallKB924667$ -> [Folder | Created Date = 16/02/2007 03:37:04 | Attr = H ]
$NtUninstallKB926239$ -> %SystemRoot%\$NtUninstallKB926239$ -> [Folder | Created Date = 12/02/2007 21:15:22 | Attr = H ]
$NtUninstallKB926436$ -> %SystemRoot%\$NtUninstallKB926436$ -> [Folder | Created Date = 16/02/2007 03:36:13 | Attr = H ]
$NtUninstallKB927779$ -> %SystemRoot%\$NtUninstallKB927779$ -> [Folder | Created Date = 16/02/2007 03:45:30 | Attr = H ]
$NtUninstallKB927802$ -> %SystemRoot%\$NtUninstallKB927802$ -> [Folder | Created Date = 16/02/2007 03:45:01 | Attr = H ]
$NtUninstallKB928255$ -> %SystemRoot%\$NtUninstallKB928255$ -> [Folder | Created Date = 16/02/2007 03:41:29 | Attr = H ]
$NtUninstallKB928843$ -> %SystemRoot%\$NtUninstallKB928843$ -> [Folder | Created Date = 16/02/2007 03:07:01 | Attr = H ]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Created Date = 14/03/2007 19:31:18 | Attr = H ]
$NtUninstallKB929399$ -> %SystemRoot%\$NtUninstallKB929399$ -> [Folder | Created Date = 14/03/2007 19:35:23 | Attr = H ]
$NtUninstallKB931836$ -> %SystemRoot%\$NtUninstallKB931836$ -> [Folder | Created Date = 16/02/2007 03:36:43 | Attr = H ]
$NtUninstallMSCompPackV1$ -> %SystemRoot%\$NtUninstallMSCompPackV1$ -> [Folder | Created Date = 12/02/2007 21:14:07 | Attr = H ]
$NtUninstallWMFDist11$ -> %SystemRoot%\$NtUninstallWMFDist11$ -> [Folder | Created Date = 12/02/2007 21:04:34 | Attr = H ]
$NtUninstallwmp11$ -> %SystemRoot%\$NtUninstallwmp11$ -> [Folder | Created Date = 12/02/2007 21:10:41 | Attr = H ]
$NtUninstallWudf01000$ -> %SystemRoot%\$NtUninstallWudf01000$ -> [Folder | Created Date = 12/02/2007 21:01:44 | Attr = H ]
hpqEmlSz.INI -> %SystemRoot%\hpqEmlSz.INI -> [Ver = | Size = 0 bytes | Created Date = 12/02/2007 15:57:40 | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Created Date = 14/03/2007 19:32:04 | Attr = ]
PIF -> %SystemRoot%\PIF -> [Folder | Created Date = 15/01/2007 12:34:47 | Attr = H ]
Sun -> %SystemRoot%\Sun -> [Folder | Created Date = 12/02/2007 21:21:23 | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Created Date = 14/03/2007 09:30:34 | Attr = ]
Adobe -> %System32%\Adobe -> [Folder | Created Date = 15/01/2007 10:13:44 | Attr = ]
Anigif.dll -> %System32%\Anigif.dll -> [Ver = 1, 0, 0, 1 | Size = 44544 bytes | Created Date = 11/03/2007 19:49:53 | Attr = ]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 14/03/2007 09:31:52 | Attr = ]
borlndmm.dll -> %System32%\borlndmm.dll -> Inprise Corporation [Ver = 5.0.6.18 | Size = 25600 bytes | Created Date = 10/03/2007 14:13:28 | Attr = ]
ccrpDtp.ocx -> %System32%\ccrpDtp.ocx -> CCRP [Ver = 0.01.0036 | Size = 114176 bytes | Created Date = 11/03/2007 19:49:53 | Attr = ]
ChilkatMail.dll -> %System32%\ChilkatMail.dll -> Chilkat Software, Inc. [Ver = 5, 4, 0, 0 | Size = 1077248 bytes | Created Date = 11/03/2007 20:05:03 | Attr = ]
clarisysdbgrids.bpl -> %System32%\clarisysdbgrids.bpl -> [Ver = 1.0.0.0 | Size = 18944 bytes | Created Date = 10/03/2007 14:13:28 | Attr = ]
clarisys_edit.bpl -> %System32%\clarisys_edit.bpl -> [Ver = 1.0.0.0 | Size = 198656 bytes | Created Date = 10/03/2007 14:13:28 | Attr = ]
d3d8caps.dat -> %System32%\d3d8caps.dat -> [Ver = | Size = 552 bytes | Created Date = 19/01/2007 00:45:49 | Attr = ]
FileOps.exe -> %System32%\FileOps.exe -> [Ver = | Size = 16384 bytes | Created Date = 15/01/2007 10:13:44 | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 14/03/2007 09:30:38 | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 49248 bytes | Created Date = 12/02/2007 20:17:49 | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 53346 bytes | Created Date = 12/02/2007 20:17:49 | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 127078 bytes | Created Date = 12/02/2007 20:17:49 | Attr = ]
JButton.ocx -> %System32%\JButton.ocx -> Veign Chris Hanscom
Http://www.veign.com [Ver = 2.0.0.5 | Size = 229376 bytes | Created Date = 11/03/2007 19:49:53 | Attr = ]
jpicpl32.cpl -> %System32%\jpicpl32.cpl -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 49265 bytes | Created Date = 12/02/2007 20:17:49 | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 14/03/2007 09:30:37 | Attr = ]
PolySuiteRtD5.bpl -> %System32%\PolySuiteRtD5.bpl -> Pretty Objects Computers Inc [Ver = 5.0.3.0 | Size = 493056 bytes | Created Date = 10/03/2007 14:13:26 | Attr = ]
Qrpt50.bpl -> %System32%\Qrpt50.bpl -> [Ver = 1.0.0.0 | Size = 686592 bytes | Created Date = 10/03/2007 14:13:26 | Attr = ]
ReportExport.bpl -> %System32%\ReportExport.bpl -> [Ver = 1.0.0.0 | Size = 214528 bytes | Created Date = 10/03/2007 14:13:26 | Attr = ]
ReportExport1.bpl -> %System32%\ReportExport1.bpl -> [Ver = 1.0.0.0 | Size = 43520 bytes | Created Date = 10/03/2007 14:13:26 | Attr = ]
sirenacm.dll -> %System32%\sirenacm.dll -> Microsoft Corp. [Ver = 8.1.0178.00 | Size = 51056 bytes | Created Date = 19/01/2007 12:53:04 | Attr = ]
thxcfg.ini -> %System32%\thxcfg.ini -> [Ver = | Size = 32 bytes | Created Date = 12/02/2007 21:42:38 | Attr = ]
tmmute.ini -> %System32%\tmmute.ini -> [Ver = | Size = 2158 bytes | Created Date = 11/03/2007 22:54:25 | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 14/03/2007 09:30:39 | Attr = ]
Vcfi32.ocx -> %System32%\Vcfi32.ocx -> Visual Components, Inc. [Ver = 2.00.00.18 | Size = 304128 bytes | Created Date = 10/03/2007 14:13:26 | Attr = ]
Vcfidl32.dll -> %System32%\Vcfidl32.dll -> Visual Components, Inc. [Ver = 2.00.02 | Size = 1115136 bytes | Created Date = 10/03/2007 14:13:25 | Attr = ]
Vcfiwz32.dll -> %System32%\Vcfiwz32.dll -> Visual Components, Inc. [Ver = 2.00.02 | Size = 566784 bytes | Created Date = 10/03/2007 14:13:25 | Attr = ]
vcl50.bpl -> %System32%\vcl50.bpl -> Inprise Corporation [Ver = 5.0.6.18 | Size = 2023424 bytes | Created Date = 10/03/2007 14:13:25 | Attr = ]
vclbde50.bpl -> %System32%\vclbde50.bpl -> Inprise Corporation [Ver = 5.0.6.18 | Size = 300032 bytes | Created Date = 10/03/2007 14:13:25 | Attr = ]
vcldb50.bpl -> %System32%\vcldb50.bpl -> Inprise Corporation [Ver = 5.0.6.18 | Size = 558080 bytes | Created Date = 10/03/2007 14:13:25 | Attr = ]
vcldbx50.bpl -> %System32%\vcldbx50.bpl -> Inprise Corporation [Ver = 5.0.6.18 | Size = 85504 bytes | Created Date = 10/03/2007 14:13:25 | Attr = ]
vclib50.bpl -> %System32%\vclib50.bpl -> Inprise Corporation [Ver = 5.0.6.18 | Size = 374272 bytes | Created Date = 10/03/2007 14:13:25 | Attr = ]
vclide50.bpl -> %System32%\vclide50.bpl -> Inprise Corporation [Ver = 5.0.6.18 | Size = 863232 bytes | Created Date = 10/03/2007 14:13:25 | Attr = ]
vclsmp50.bpl -> %System32%\vclsmp50.bpl -> Inprise Corporation [Ver = 5.0.6.18 | Size = 66048 bytes | Created Date = 10/03/2007 14:13:25 | Attr = ]
vclx50.bpl -> %System32%\vclx50.bpl -> Inprise Corporation [Ver = 5.0.6.18 | Size = 248832 bytes | Created Date = 10/03/2007 14:13:24 | Attr = ]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 14/03/2007 09:31:51 | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Created Date = 11/03/2007 22:54:14 | Attr = ]
UMDF -> %System32%\drivers\UMDF -> [Folder | Created Date = 12/02/2007 21:02:31 | Attr = ]
tmvsthfss.bin -> %System32%\drivers\etc\tmvsthfss.bin -> [Ver = | Size = 734 bytes | Created Date = 11/03/2007 22:54:44 | Attr = ]
tmvsthfud.bin -> %System32%\drivers\etc\tmvsthfud.bin -> [Ver = | Size = 734 bytes | Created Date = 11/03/2007 22:54:44 | Attr = ]
MsftWdf_user_01_00_00.Wdf -> %System32%\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Created Date = 12/02/2007 21:02:46 | Attr = H ]
Adobe Systems -> %AllUsersAppData%\Adobe Systems -> [Folder | Created Date = 15/01/2007 09:58:44 | Attr = ]
ISx44.tmp -> %AllUsersAppData%\ISx44.tmp -> [Ver = | Size = 0 bytes | Created Date = 04/03/2007 16:47:49 | Attr = ]
Yahoo! Companion -> %AllUsersAppData%\Yahoo! Companion -> [Folder | Created Date = 10/03/2007 14:03:34 | Attr = ]
AdobeUM -> %UserAppData%\AdobeUM -> [Folder | Created Date = 15/01/2007 11:01:51 | Attr = ]
EzySoft -> %UserAppData%\EzySoft -> [Folder | Created Date = 12/03/2007 09:55:22 | Attr = ]
Help -> %UserAppData%\Help -> [Folder | Created Date = 10/03/2007 14:15:30 | Attr = ]
Lavasoft -> %UserAppData%\Lavasoft -> [Folder | Created Date = 16/01/2007 22:52:58 | Attr = ]
OfficeUpdate12 -> %UserAppData%\OfficeUpdate12 -> [Folder | Created Date = 09/02/2007 23:01:29 | Attr = ]
Sun -> %UserAppData%\Sun -> [Folder | Created Date = 12/02/2007 21:21:22 | Attr = ]
WaverlyStreet -> %UserAppData%\WaverlyStreet -> [Folder | Created Date = 11/03/2007 20:05:02 | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 5120 bytes | Created Date = 16/01/2007 23:01:21 | Attr = ]
Help -> %LocalAppData%\Help -> [Folder | Created Date = 10/03/2007 14:15:30 | Attr = ]
Adobe PDF -> %AllUsersDocuments%\Adobe PDF -> [Folder | Created Date = 15/01/2007 09:49:42 | Attr = ]
EzySoft -> %AllUsersDocuments%\EzySoft -> [Folder | Created Date = 12/03/2007 10:19:45 | Attr = ]
DataDVD.cdm -> %UserDocuments%\DataDVD.cdm -> [Ver = | Size = 289057 bytes | Created Date = 27/01/2007 21:48:47 | Attr = ]
DataDVDfeb.cdm -> %UserDocuments%\DataDVDfeb.cdm -> [Ver = | Size = 14317 bytes | Created Date = 08/02/2007 10:21:14 | Attr = ]
Dean Yeclaserve Conversations -> %UserDocuments%\Dean Yeclaserve Conversations -> [Folder | Created Date = 10/02/2007 22:59:45 | Attr = ]
EzySoft -> %UserDocuments%\EzySoft -> [Folder | Created Date = 11/03/2007 17:50:00 | Attr = ]
House in Spain General 07 -> %UserDocuments%\House in Spain General 07 -> [Folder | Created Date = 13/02/2007 10:00:51 | Attr = ]
instinvcbk2007.exe -> %UserDocuments%\instinvcbk2007.exe -> [Ver = | Size = 4538976 bytes | Created Date = 12/03/2007 09:51:44 | Attr = ]
Karens Files -> %UserDocuments%\Karens Files -> [Folder | Created Date = 17/01/2007 21:38:15 | Attr = ]
The DOG.doc -> %UserDocuments%\The DOG.doc -> [Ver = | Size = 26112 bytes | Created Date = 17/02/2007 18:30:15 | Attr = ]
Updater -> %UserDocuments%\Updater -> [Folder | Created Date = 15/01/2007 11:06:23 | Attr = ]
Adobe Acrobat 7.0 Professional.lnk -> %AllUsersDesktop%\Adobe Acrobat 7.0 Professional.lnk -> [Ver = | Size = 1810 bytes | Created Date = 23/01/2007 09:43:52 | Attr = ]
Businessware.lnk -> %AllUsersDesktop%\Businessware.lnk -> [Ver = | Size = 1728 bytes | Created Date = 17/02/2007 23:09:03 | Attr = ]
Trend Micro Anti-Spyware.lnk -> %AllUsersDesktop%\Trend Micro Anti-Spyware.lnk -> [Ver = | Size = 794 bytes | Created Date = 11/03/2007 22:54:24 | Attr = ]
Windows Live Messenger.lnk -> %AllUsersDesktop%\Windows Live Messenger.lnk -> [Ver = | Size = 1782 bytes | Created Date = 21/01/2007 21:03:54 | Attr = ]
3SWin.lnk -> %UserDesktop%\3SWin.lnk -> [Ver = | Size = 1719 bytes | Created Date = 10/03/2007 14:13:57 | Attr = ]
blbeta.exe -> %UserDesktop%\blbeta.exe -> F-Secure Corporation [Ver = 2, 2, 1055, 0 | Size = 899960 bytes | Created Date = 14/03/2007 09:46:45 | Attr = ]
cwshredder.exe -> %UserDesktop%\cwshredder.exe -> Trend Micro Incorporated [Ver = 2.19-1099 | Size = 532480 bytes | Created Date = 11/03/2007 22:47:03 | Attr = ]
Eusing Free Registry Cleaner.lnk -> %UserDesktop%\Eusing Free Registry Cleaner.lnk -> [Ver = | Size = 786 bytes | Created Date = 27/01/2007 17:45:53 | Attr = ]
Instant Invoice n CashBook 2007.lnk -> %UserDesktop%\Instant Invoice n CashBook 2007.lnk -> [Ver = | Size = 905 bytes | Created Date = 12/03/2007 09:54:35 | Attr = ]
Panda ActiveScan.lnk -> %UserDesktop%\Panda ActiveScan.lnk -> [Ver = | Size = 1336 bytes | Created Date = 14/03/2007 09:38:17 | Attr = ]
Proposal Invoice 2.2.lnk -> %UserDesktop%\Proposal Invoice 2.2.lnk -> [Ver = | Size = 721 bytes | Created Date = 11/03/2007 20:05:04 | Attr = ]
Shortcut to HijackThis.lnk -> %UserDesktop%\Shortcut to HijackThis.lnk -> [Ver = | Size = 768 bytes | Created Date = 14/03/2007 09:58:19 | Attr = ]
WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Created Date = 15/03/2007 10:37:27 | Attr = ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 347122 bytes | Created Date = 15/03/2007 10:23:37 | Attr = ]
Trend Micro Anti-Spyware.lnk -> %UserStartup%\Trend Micro Anti-Spyware.lnk -> [Ver = | Size = 828 bytes | Created Date = 11/03/2007 22:54:24 | Attr = ]
Adobe Systems Shared -> %CommonProgramFiles%\Adobe Systems Shared -> [Folder | Created Date = 15/01/2007 09:48:11 | Attr = ]
Borland Shared -> %CommonProgramFiles%\Borland Shared -> [Folder | Created Date = 17/02/2007 23:08:00 | Attr = ]
Java -> %CommonProgramFiles%\Java -> [Folder | Created Date = 12/02/2007 19:45:17 | Attr = ]
[Files/Folders - Modified Within 60 days]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 14/03/2007 19:30:38 | Attr = H ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 08/03/2007 07:40:02 | Attr = ]
Ezy-Data -> %SystemDrive%\Ezy-Data -> [Folder | Modified Date = 10/03/2007 23:38:58 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1063374848 bytes | Modified Date = 15/03/2007 10:12:56 | Attr = HS]
I386 -> %SystemDrive%\I386 -> [Folder | Modified Date = 14/03/2007 19:31:46 | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 11/03/2007 22:54:12 | Attr = R ]
sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [Ver = | Size = 232 bytes | Modified Date = 17/01/2007 19:36:44 | Attr = H ]
sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [Ver = | Size = 268 bytes | Modified Date = 17/01/2007 19:37:08 | Attr = H ]
sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [Ver = | Size = 232 bytes | Modified Date = 29/01/2007 19:59:44 | Attr = H ]
sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm -> [Ver = | Size = 232 bytes | Modified Date = 31/01/2007 15:05:16 | Attr = H ]
sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm -> [Ver = | Size = 268 bytes | Modified Date = 01/02/2007 12:40:10 | Attr = H ]
sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> [Ver = | Size = 268 bytes | Modified Date = 03/02/2007 21:25:46 | Attr = H ]
sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm -> [Ver = | Size = 232 bytes | Modified Date = 05/02/2007 08:37:06 | Attr = H ]
sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm -> [Ver = | Size = 232 bytes | Modified Date = 05/02/2007 21:24:22 | Attr = H ]
sqmdata10.sqm -> %SystemDrive%\sqmdata10.sqm -> [Ver = | Size = 232 bytes | Modified Date = 10/02/2007 16:05:54 | Attr = H ]
sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [Ver = | Size = 244 bytes | Modified Date = 17/01/2007 19:36:42 | Attr = H ]
sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm -> [Ver = | Size = 244 bytes | Modified Date = 17/01/2007 19:37:08 | Attr = H ]
sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [Ver = | Size = 244 bytes | Modified Date = 29/01/2007 19:59:44 | Attr = H ]
sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm -> [Ver = | Size = 244 bytes | Modified Date = 31/01/2007 15:05:16 | Attr = H ]
sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm -> [Ver = | Size = 244 bytes | Modified Date = 01/02/2007 12:40:10 | Attr = H ]
sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm -> [Ver = | Size = 244 bytes | Modified Date = 03/02/2007 21:25:46 | Attr = H ]
sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm -> [Ver = | Size = 244 bytes | Modified Date = 05/02/2007 08:37:06 | Attr = H ]
sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm -> [Ver = | Size = 244 bytes | Modified Date = 05/02/2007 21:24:22 | Attr = H ]
sqmnoopt10.sqm -> %SystemDrive%\sqmnoopt10.sqm -> [Ver = | Size = 244 bytes | Modified Date = 10/02/2007 16:05:54 | Attr = H ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 14/03/2007 09:24:54 | Attr = HS]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 15/03/2007 10:17:56 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 14/03/2007 09:10:10 | Attr = H ]
$NtUninstallKB918118$ -> %SystemRoot%\$NtUninstallKB918118$ -> [Folder | Modified Date = 16/02/2007 03:29:34 | Attr = H ]
$NtUninstallKB924667$ -> %SystemRoot%\$NtUninstallKB924667$ -> [Folder | Modified Date = 16/02/2007 03:37:08 | Attr = H ]
$NtUninstallKB926239$ -> %SystemRoot%\$NtUninstallKB926239$ -> [Folder | Modified Date = 12/02/2007 21:15:24 | Attr = H ]
$NtUninstallKB926436$ -> %SystemRoot%\$NtUninstallKB926436$ -> [Folder | Modified Date = 16/02/2007 03:36:16 | Attr = H ]
$NtUninstallKB927779$ -> %SystemRoot%\$NtUninstallKB927779$ -> [Folder | Modified Date = 16/02/2007 03:45:32 | Attr = H ]
$NtUninstallKB927802$ -> %SystemRoot%\$NtUninstallKB927802$ -> [Folder | Modified Date = 16/02/2007 03:45:04 | Attr = H ]
$NtUninstallKB928255$ -> %SystemRoot%\$NtUninstallKB928255$ -> [Folder | Modified Date = 16/02/2007 03:41:32 | Attr = H ]
$NtUninstallKB928843$ -> %SystemRoot%\$NtUninstallKB928843$ -> [Folder | Modified Date = 16/02/2007 03:07:04 | Attr = H ]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Modified Date = 14/03/2007 19:31:22 | Attr = H ]
$NtUninstallKB929399$ -> %SystemRoot%\$NtUninstallKB929399$ -> [Folder | Modified Date = 14/03/2007 19:35:26 | Attr = H ]
$NtUninstallKB931836$ -> %SystemRoot%\$NtUninstallKB931836$ -> [Folder | Modified Date = 16/02/2007 03:36:44 | Attr = H ]
$NtUninstallMSCompPackV1$ -> %SystemRoot%\$NtUninstallMSCompPackV1$ -> [Folder | Modified Date = 12/02/2007 21:14:08 | Attr = H ]
$NtUninstallWMFDist11$ -> %SystemRoot%\$NtUninstallWMFDist11$ -> [Folder | Modified Date = 12/02/2007 21:04:46 | Attr = H ]
$NtUninstallwmp11$ -> %SystemRoot%\$NtUninstallwmp11$ -> [Folder | Modified Date = 12/02/2007 21:10:58 | Attr = H ]
$NtUninstallWudf01000$ -> %SystemRoot%\$NtUninstallWudf01000$ -> [Folder | Modified Date = 12/02/2007 21:01:46 | Attr = H ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 13/02/2007 08:56:00 | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 15/03/2007 10:13:22 | Attr = S]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 14/03/2007 19:32:52 | Attr = ]
Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 02/03/2007 22:18:36 | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 14/03/2007 09:30:36 | Attr = S]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 15/01/2007 13:12:28 | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 12/02/2007 21:11:34 | Attr = ]
hpqEmlSz.INI -> %SystemRoot%\hpqEmlSz.INI -> [Ver = | Size = 0 bytes | Modified Date = 12/02/2007 15:57:42 | Attr = ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 16/02/2007 03:34:02 | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 14/03/2007 19:32:10 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 14/03/2007 19:35:30 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 14/03/2007 19:30:40 | Attr = HS]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 15/03/2007 17:30:36 | Attr = ]
mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 3589 bytes | Modified Date = 12/02/2007 20:18:12 | Attr = ]
PIF -> %SystemRoot%\PIF -> [Folder | Modified Date = 15/01/2007 12:34:48 | Attr = H ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 15/03/2007 17:19:42 | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 15/03/2007 10:16:34 | Attr = ]
Sun -> %SystemRoot%\Sun -> [Folder | Modified Date = 12/02/2007 21:21:24 | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 15/03/2007 10:20:06 | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 27/01/2007 17:45:00 | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 15/03/2007 13:09:00 | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 758 bytes | Modified Date = 14/03/2007 10:04:40 | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 16/02/2007 03:37:20 | Attr = ]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 12/02/2007 21:06:42 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 15/03/2007 10:14:44 | Attr = H ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 14/03/2007 09:35:12 | Attr = ]
Adobe -> %System32%\Adobe -> [Folder | Modified Date = 15/01/2007 10:13:46 | Attr = ]
amcompat.tlb -> %System32%\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 13/02/2007 20:43:54 | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 13/02/2007 20:45:46 | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 15/03/2007 01:18:30 | Attr = ]
d3d8caps.dat -> %System32%\d3d8caps.dat -> [Ver = | Size = 552 bytes | Modified Date = 19/01/2007 00:45:50 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 14/03/2007 19:35:28 | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 11/03/2007 22:54:16 | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Modified Date = 10/02/2007 11:41:02 | Attr = ]
en-US -> %System32%\en-US -> [Folder | Modified Date = 16/02/2007 03:35:42 | Attr = ]
eRLog.ini -> %System32%\eRLog.ini -> [Ver = | Size = 450 bytes | Modified Date = 15/03/2007 10:20:20 | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 309192 bytes | Modified Date = 28/01/2007 09:42:06 | Attr = ]
FxsTmp -> %System32%\FxsTmp -> [Folder | Modified Date = 02/03/2007 21:55:10 | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 14/03/2007 09:38:58 | Attr = ]
LogFiles -> %System32%\LogFiles -> [Folder | Modified Date = 12/02/2007 21:02:32 | Attr = ]
nscompat.tlb -> %System32%\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 13/02/2007 20:43:54 | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 14/03/2007 09:38:58 | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 54682 bytes | Modified Date = 16/02/2007 08:34:52 | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 385164 bytes | Modified Date = 16/02/2007 08:34:52 | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 443254 bytes | Modified Date = 16/02/2007 08:34:52 | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 14/03/2007 09:24:54 | Attr = ]
sirenacm.dll -> %System32%\sirenacm.dll -> Microsoft Corp. [Ver = 8.1.0178.00 | Size = 51056 bytes | Modified Date = 19/01/2007 12:53:04 | Attr = ]
thxcfg.ini -> %System32%\thxcfg.ini -> [Ver = | Size = 32 bytes | Modified Date = 19/02/2007 15:40:02 | Attr = ]
tmmute.ini -> %System32%\tmmute.ini -> [Ver = | Size = 2158 bytes | Modified Date = 11/03/2007 22:54:34 | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 14/03/2007 09:38:58 | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 48883 bytes | Modified Date = 15/03/2007 10:16:38 | Attr = H ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 16/02/2007 08:34:54 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 13/02/2007 20:33:44 | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.444 | Size = 775680 bytes | Modified Date = 25/02/2007 09:21:08 | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 25/02/2007 09:21:10 | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 19392 bytes | Modified Date = 25/02/2007 09:21:08 | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 15/03/2007 17:32:44 | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Modified Date = 11/03/2007 22:54:14 | Attr = ]
UMDF -> %System32%\drivers\UMDF -> [Folder | Modified Date = 12/02/2007 21:06:02 | Attr = ]
hosts.ics -> %System32%\drivers\etc\hosts.ics -> [Ver = | Size = 374 bytes | Modified Date = 15/03/2007 10:16:42 | Attr = ]
tmvsthfss.bin -> %System32%\drivers\etc\tmvsthfss.bin -> [Ver = | Size = 734 bytes | Modified Date = 15/03/2007 17:26:42 | Attr = ]
tmvsthfud.bin -> %System32%\drivers\etc\tmvsthfud.bin -> [Ver = | Size = 734 bytes | Modified Date = 15/03/2007 17:32:44 | Attr = ]
MsftWdf_user_01_00_00.Wdf -> %System32%\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 12/02/2007 21:02:48 | Attr = H ]
Adobe -> %AllUsersAppData%\Adobe -> [Folder | Modified Date = 15/01/2007 09:46:58 | Attr = ]
Adobe Systems -> %AllUsersAppData%\Adobe Systems -> [Folder | Modified Date = 15/01/2007 09:58:46 | Attr = ]
avg7 -> %AllUsersAppData%\avg7 -> [Folder | Modified Date = 15/03/2007 11:00:04 | Attr = ]
Google Updater -> %AllUsersAppData%\Google Updater -> [Folder | Modified Date = 15/03/2007 16:15:38 | Attr = ]
ISx44.tmp -> %AllUsersAppData%\ISx44.tmp -> [Ver = | Size = 0 bytes | Modified Date = 04/03/2007 16:47:50 | Attr = ]
Microsoft -> %AllUsersAppData%\Microsoft -> [Folder | Modified Date = 22/02/2007 07:31:16 | Attr = S]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Modified Date = 11/03/2007 23:43:18 | Attr = ]
Yahoo! Companion -> %AllUsersAppData%\Yahoo! Companion -> [Folder | Modified Date = 10/03/2007 14:03:36 | Attr = ]
Adobe -> %UserAppData%\Adobe -> [Folder | Modified Date = 10/03/2007 11:52:24 | Attr = ]
AdobeUM -> %UserAppData%\AdobeUM -> [Folder | Modified Date = 30/01/2007 08:52:46 | Attr = ]
AVG7 -> %UserAppData%\AVG7 -> [Folder | Modified Date = 14/03/2007 08:58:54 | Attr = ]
EzySoft -> %UserAppData%\EzySoft -> [Folder | Modified Date = 12/03/2007 09:55:24 | Attr = ]
Help -> %UserAppData%\Help -> [Folder | Modified Date = 10/03/2007 14:15:32 | Attr = ]
Image Zone Express -> %UserAppData%\Image Zone Express -> [Folder | Modified Date = 14/02/2007 16:48:42 | Attr = ]
Lavasoft -> %UserAppData%\Lavasoft -> [Folder | Modified Date = 16/01/2007 22:53:00 | Attr = ]
Microsoft -> %UserAppData%\Microsoft -> [Folder | Modified Date = 12/03/2007 20:17:10 | Attr = S]
OfficeUpdate12 -> %UserAppData%\OfficeUpdate12 -> [Folder | Modified Date = 09/02/2007 23:01:44 | Attr = ]
Sun -> %UserAppData%\Sun -> [Folder | Modified Date = 12/02/2007 21:21:24 | Attr = ]
WaverlyStreet -> %UserAppData%\WaverlyStreet -> [Folder | Modified Date = 11/03/2007 20:05:28 | Attr = ]
Adobe -> %LocalAppData%\Adobe -> [Folder | Modified Date = 15/01/2007 11:04:40 | Attr = ]
ApplicationHistory -> %LocalAppData%\ApplicationHistory -> [Folder | Modified Date = 12/03/2007 17:17:14 | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 5120 bytes | Modified Date = 10/03/2007 14:43:00 | Attr = ]
GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 86592 bytes | Modified Date = 28/01/2007 09:47:58 | Attr = ]
Google -> %LocalAppData%\Google -> [Folder | Modified Date = 11/02/2007 10:38:54 | Attr = ]
Help -> %LocalAppData%\Help -> [Folder | Modified Date = 10/03/2007 14:15:32 | Attr = ]
Microsoft -> %LocalAppData%\Microsoft -> [Folder | Modified Date = 16/02/2007 21:02:54 | Attr = ]
Adobe PDF -> %AllUsersDocuments%\Adobe PDF -> [Folder | Modified Date = 29/01/2007 21:51:34 | Attr = ]
EzySoft -> %AllUsersDocuments%\EzySoft -> [Folder | Modified Date = 12/03/2007 10:19:46 | Attr = ]
Computer Aids -> %UserDocuments%\Computer Aids -> [Folder | Modified Date = 14/03/2007 09:58:26 | Attr = ]
DataDVD.cdm -> %UserDocuments%\DataDVD.cdm -> [Ver = | Size = 289057 bytes | Modified Date = 27/01/2007 22:46:06 | Attr = ]
DataDVDfeb.cdm -> %UserDocuments%\DataDVDfeb.cdm -> [Ver = | Size = 14317 bytes | Modified Date = 08/02/2007 10:21:16 | Attr = ]
Dean Yeclaserve Conversations -> %UserDocuments%\Dean Yeclaserve Conversations -> [Folder | Modified Date = 10/02/2007 23:00:42 | Attr = ]
EzySoft -> %UserDocuments%\EzySoft -> [Folder | Modified Date = 12/03/2007 10:15:06 | Attr = ]
House in Spain General 07 -> %UserDocuments%\House in Spain General 07 -> [Folder | Modified Date = 24/02/2007 14:53:38 | Attr = ]
instinvcbk2007.exe -> %UserDocuments%\instinvcbk2007.exe -> [Ver = | Size = 4538976 bytes | Modified Date = 12/03/2007 09:52:36 | Attr = ]
Karens Files -> %UserDocuments%\Karens Files -> [Folder | Modified Date = 17/01/2007 21:38:42 | Attr = ]
My Pictures -> %UserDocuments%\My Pictures -> [Folder | Modified Date = 04/03/2007 16:50:42 | Attr = R ]
My Received Files -> %UserDocuments%\My Received Files -> [Folder | Modified Date = 09/02/2007 23:38:40 | Attr = ]
My Scans -> %UserDocuments%\My Scans -> [Folder | Modified Date = 02/03/2007 21:56:00 | Attr = ]
My Sharing Folders.lnk -> %UserDocuments%\My Sharing Folders.lnk -> [Ver = | Size = 642 bytes | Modified Date = 14/03/2007 15:05:40 | Attr = ]
Solar Sky -> %UserDocuments%\Solar Sky -> [Folder | Modified Date = 12/02/2007 15:51:56 | Attr = ]
Th