by unbri » August 29th, 2006, 9:30 pm
actually i tried the gpedit thing and that worked...but i put the cmd prompt and other thing to disabled and they work now...only problem is system restore is still disabled...so i ran the winpfind2 thing and here is the log
Logfile created on: 08/29/2006 21:28
WinPFind2 by OldTimer - Version 1.0.7 Folder = C:\WinPFind2\
Microsoft Windows XP (Version = Service Pack 2)
Internet Explorer (Version - 6.0.2900.2180)
[Start Post #1]
Processes
Image Name---------------ProcessID--Thread Count--Parent ID--Base Priority--
#Full Path
##(Version Info)
aim.exe------------------001640-----0008----------001752-----Normal---------
#c:\program files\aim\aim.exe
##(America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Date = 08/05/2005 15:08 | Attr = ])
ati2evxx.exe-------------001048-----0004----------000836-----Normal---------
#c:\windows\system32\ati2evxx.exe
##(ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Date = 02/09/2006 20:51 | Attr = ])
avgamsvr.exe-------------001892-----0009----------000836-----Normal---------
#c:\progra~1\grisoft\avg7\avgamsvr.exe
##(GRISOFT, s.r.o. [Ver = 7,1,0,364 | Size = 330291 bytes | Date = 08/18/2006 23:31 | Attr = ])
avgupsvc.exe-------------001920-----0003----------000836-----Normal---------
#c:\progra~1\grisoft\avg7\avgupsvc.exe
##(GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 39987 bytes | Date = 08/18/2006 23:31 | Attr = ])
btengine.exe-------------002884-----0002----------001752-----Normal---------
#c:\program files\bt engine\btengine.exe
##( [Ver = | Size = 2129408 bytes | Date = 06/05/2006 12:43 | Attr = ])
ctdetect.exe-------------003492-----0005----------001752-----Normal---------
#c:\program files\creative\mediasource\detector\ctdetect.exe
##(Creative Technology Ltd [Ver = 3.0.2.0 | Size = 102400 bytes | Date = 12/02/2004 18:23 | Attr = ])
ctsvccda.exe-------------001940-----0002----------000836-----Normal---------
#c:\windows\system32\ctsvccda.exe
##(Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Date = 12/12/1999 21:01 | Attr = ])
dlactrlw.exe-------------001120-----0003----------001752-----Normal---------
#c:\windows\system32\dla\dlactrlw.exe
##(Sonic Solutions [Ver = 5.20.12a | Size = 122940 bytes | Date = 11/07/2005 05:20 | Attr = ])
guard.exe----------------000228-----0008----------000836-----Normal---------
#c:\program files\ewido anti-spyware 4.0\guard.exe
##(Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 172032 bytes | Date = 06/16/2006 10:38 | Attr = ])
integrator.exe-----------003652-----0001----------003596-----Normal---------
#c:\windows\integrator.exe
##(Dachshund Software [Ver = 1.05.0001 | Size = 151552 bytes | Date = 01/15/2003 11:46 | Attr = ])
issch.exe----------------001256-----0001----------001752-----Normal---------
#c:\program files\common files\installshield\updateservice\issch.exe
##(InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Date = 07/27/2004 16:50 | Attr = ])
nmbgmonitor.exe----------002164-----0006----------001752-----Normal---------
#c:\program files\common files\ahead\lib\nmbgmonitor.exe
##(Nero AG [Ver = 1, 2, 0, 13 | Size = 94208 bytes | Date = 06/01/2006 13:32 | Attr = ])
spysweeper.exe-----------000556-----0022----------000836-----Normal---------
#c:\program files\webroot\spy sweeper\spysweeper.exe
##(Webroot Software, Inc. [Ver = 3,0,5,1286 | Size = 3063808 bytes | Date = 07/07/2006 17:16 | Attr = ])
utorrent.exe-------------001716-----0005----------001752-----Normal---------
#c:\program files\utorrent\utorrent.exe
##( [Ver = | Size = 174163 bytes | Date = 08/16/2006 23:43 | Attr = ])
winpfind2.exe------------003412-----0001----------001752-----Normal---------
#c:\winpfind2\winpfind2.exe
##(OldTimer Tools [Ver = 1.0.7.0 | Size = 386048 bytes | Date = 08/21/2006 20:39 | Attr = ])
Registry Entries
#Value
##(Version Info)
<<< >> Internet Explorer Settings << >>>
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page
#http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
##
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page
#http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
##
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default Page
#http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
##
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default Search
#http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
##
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page
#C:\windows\system32\blank.htm
##
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page
#http://www.msn.com/
##
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page
#http://www.google.com
##
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page
#
##
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable
#0
##
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride
#
##
<<< >> BHO's << >>>
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
#Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
##(Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Date = 01/12/2006 20:38 | Attr = ])
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
# = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
##(Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Date = 05/31/2005 01:04 | Attr = ])
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}
#DriveLetterAccess = C:\WINDOWS\System32\DLA\DLASHX_W.DLL
##(Sonic Solutions [Ver = 5.20.12a | Size = 110652 bytes | Date = 11/07/2005 05:20 | Attr = ])
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
#SSVHelper Class = C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
##(Sun Microsystems, Inc. [Ver = 5.0.70.3 | Size = 434279 bytes | Date = 05/03/2006 03:14 | Attr = ])
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}
#Windows Live Sign-in Helper = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
##(Microsoft Corporation [Ver = 4.000.248.1 | Size = 323904 bytes | Date = 04/17/2006 13:32 | Attr = ])
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
#Google Toolbar Helper = c:\program files\google\googletoolbar3.dll
##(Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Date = 02/14/2006 20:05 | Attr = R ])
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53}
#CPub Object = C:\Program Files\FireTrust\SiteHound\SiteHound.dll
##(Firetrust Limited. [Ver = 1.4.1 | Size = 1335296 bytes | Date = 03/08/2006 09:10 | Attr = ])
<<< >> Internet Explorer Bars, Toolbars and Extensions << >>>
<<< HKLM-> Internet Explorer Bars >>>
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
#&Tip of the Day = %SystemRoot%\system32\shdocvw.dll
##(Microsoft Corporation [Ver = 6.00.2900.2937 (xpsp.060623-0011) | Size = 1497088 bytes | Date = 06/23/2006 07:25 | Attr = ])
<<< HKLM-> Internet Explorer ToolBars >>>
HKLM\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F}
#&Google = c:\program files\google\googletoolbar3.dll
##(Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Date = 02/14/2006 20:05 | Attr = R ])
HKLM\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{73F7F495-A325-4C52-BE48-5F97FA511E89}
#SiteHound = C:\Program Files\FireTrust\SiteHound\SiteHound.dll
##(Firetrust Limited. [Ver = 1.4.1 | Size = 1335296 bytes | Date = 03/08/2006 09:10 | Attr = ])
<<< HKCU-> Internet Explorer ToolBars >>>
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383}
#&Address = %SystemRoot%\system32\browseui.dll
##(Microsoft Corporation [Ver = 6.00.2900.2937 (xpsp.060623-0011) | Size = 1022976 bytes | Date = 06/23/2006 07:25 | Attr = ])
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
#&Links = %SystemRoot%\system32\SHELL32.dll
##(Microsoft Corporation [Ver = 6.00.2900.2951 (xpsp_sp2_gdr.060713-0009) | Size = 8453632 bytes | Date = 07/13/2006 09:33 | Attr = ])
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
#&Google = c:\program files\google\googletoolbar3.dll
##(Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Date = 02/14/2006 20:05 | Attr = R ])
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383}
#&Address = %SystemRoot%\system32\browseui.dll
##(Microsoft Corporation [Ver = 6.00.2900.2937 (xpsp.060623-0011) | Size = 1022976 bytes | Date = 06/23/2006 07:25 | Attr = ])
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
#&Links = %SystemRoot%\system32\SHELL32.dll
##(Microsoft Corporation [Ver = 6.00.2900.2951 (xpsp_sp2_gdr.060713-0009) | Size = 8453632 bytes | Date = 07/13/2006 09:33 | Attr = ])
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
#&Google = c:\program files\google\googletoolbar3.dll
##(Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Date = 02/14/2006 20:05 | Attr = R ])
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
#&Yahoo! Toolbar = Reg Data missing or invalid
##(File not found)
<<< HKCU-> Internet Explorer CmdMapping >>>
HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
#8194 - Sun Java Console
##
HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
#8195 -
##
HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
#8193 -
##
HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683}
#8192 - Windows Messenger
##
HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\NextId
#8196
##
<<< HKLM-> Internet Explorer Extensions >>>
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
#MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
##(Sun Microsystems, Inc. [Ver = 5.0.70.3 | Size = 69746 bytes | Date = 05/03/2006 03:14 | Attr = ])
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
#MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
##(Sun Microsystems, Inc. [Ver = 5.0.70.3 | Size = 434279 bytes | Date = 05/03/2006 03:14 | Attr = ])
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{11316B13-33F0-4C9F-BD55-09994CCFA8EB}
#MenuText: = Reg Data missing or invalid
##(File not found)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{11316B13-33F0-4C9F-BD55-09994CCFA8EB}
#MenuText: = Reg Data missing or invalid
##(File not found)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
#ButtonText: Research =
##(File not found)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
#ButtonText: AIM = C:\Program Files\AIM\aim.exe
##(America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Date = 08/05/2005 15:08 | Attr = ])
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
#ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe
##(Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Date = 10/13/2004 12:24 | Attr = ])
<<< HKCU-> Internet Explorer Menu Extensions >>>
HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Google Search
#res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
##(Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Date = 02/14/2006 20:05 | Attr = R ])
HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Translate English Word
#res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
##(Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Date = 02/14/2006 20:05 | Attr = R ])
HKCU\Software\Microsoft\Internet Explorer\MenuExt\Backward Links
#res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
##(Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Date = 02/14/2006 20:05 | Attr = R ])
HKCU\Software\Microsoft\Internet Explorer\MenuExt\Cached Snapshot of Page
#res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
##(Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Date = 02/14/2006 20:05 | Attr = R ])
HKCU\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel
#res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
##(Microsoft Corporation [Ver = 12.0.4017.1004 | Size = 15715600 bytes | Date = 04/30/2006 13:45 | Attr = ])
HKCU\Software\Microsoft\Internet Explorer\MenuExt\Similar Pages
#res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
##(Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Date = 02/14/2006 20:05 | Attr = R ])
HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate Page into English
#res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
##(Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Date = 02/14/2006 20:05 | Attr = R ])
<<< >> Approved Shell Extensions (Non-Microsoft only) << >>>
<<< HKLM-> Approved Shell Extensions >>>
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}
#Autoplay for SlideShow = Reg Data missing or invalid
##(File not found)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0DF44EAA-FF21-4412-828E-260A8728E7F1}
#Taskbar and Start Menu = Reg Data missing or invalid
##(File not found)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{32020A01-506E-484D-A2A8-BE3CF17601C3}
#AlcoholShellEx = Reg Data missing or invalid
##(File not found)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{42071714-76d4-11d1-8b24-00a0c9068ff3}
#Display Panning CPL Extension = deskpan.dll
##(File not found)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5CA3D70E-1895-11CF-8E15-001234567890}
#DriveLetterAccess = C:\WINDOWS\System32\DLA\DLASHX_W.DLL
##(Sonic Solutions [Ver = 5.20.12a | Size = 110652 bytes | Date = 11/07/2005 05:20 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{764BF0E1-F219-11ce-972D-00AA00A14F56}
#Shell extensions for file compression = Reg Data missing or invalid
##(File not found)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7A9D77BD-5403-11d2-8785-2E0420524153}
#User Accounts = Reg Data missing or invalid
##(File not found)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7C9D5882-CB4A-4090-96C8-430BFE8B795B}
#Webroot Spy Sweeper Context Menu Integration = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
##(Webroot Software, Inc. [Ver = 5,0,5,1286 | Size = 218112 bytes | Date = 07/07/2006 17:16 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7F1CF152-04F8-453A-B34C-E609530A9DC8}
#NeroDigitalPropSheetHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
##(Nero AG [Ver = 2, 0, 0, 8 | Size = 1802240 bytes | Date = 11/15/2005 12:07 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}
#Encryption Context Menu = Reg Data missing or invalid
##(File not found)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{88895560-9AA2-1069-930E-00AA0030EBC8}
#HyperTerminal Icon Ext = C:\WINDOWS\system32\hticons.dll
##(Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Date = 08/10/2004 07:00 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
#AVG7 Shell Extension = C:\Program Files\Grisoft\AVG7\avgse.dll
##(GRISOFT, s.r.o. [Ver = 7,0,0,337 | Size = 29743 bytes | Date = 08/18/2006 23:31 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}
#AVG7 Find Extension = C:\Program Files\Grisoft\AVG7\avgse.dll
##(GRISOFT, s.r.o. [Ver = 7,0,0,337 | Size = 29743 bytes | Date = 08/18/2006 23:31 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B327765E-D724-4347-8B16-78AE18552FC3}
#NeroDigitalIconHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
##(Nero AG [Ver = 2, 0, 0, 8 | Size = 1802240 bytes | Date = 11/15/2005 12:07 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
#WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll
##( [Ver = | Size = 126464 bytes | Date = 04/18/2006 18:15 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B8323370-FF27-11D2-97B6-204C4F4F5020}
#SmartFTP Shell Extension DLL = C:\Program Files\SmartFTP Client 2.0\smarthook.dll
##(SmartFTP [Ver = 1.0.2.1 | Size = 73392 bytes | Date = 01/05/2006 19:58 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}
#iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll
##(Apple Computer, Inc. [Ver = 6.0.5.20 | Size = 102400 bytes | Date = 06/14/2006 16:35 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BF05BB6E-442C-428B-8025-82280B7BC26C}
#Zen Micro Media Explorer = C:\Program Files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll
##(Creative Technology Ltd [Ver = 4.0.27.0 | Size = 1052672 bytes | Date = 02/06/2005 09:19 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0BD38EB-C8EC-11D2-B274-B493B003B125}
#East-Tec Eraser Context Menu Shell Extension = C:\PROGRA~1\EAST-T~1\eteshell.dll
##( [Ver = | Size = 421888 bytes | Date = 12/16/2005 00:40 | Attr = ])
<<< >> ContextMenuHandlers (Non-Microsoft only) << >>>
<<< HKLM-> ContextMenuHandlers >>>
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
# = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll
##(Nero AG [Ver = 2, 2, 7, 0 | Size = 73728 bytes | Date = 06/08/2006 20:29 | Attr = ])
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
#{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG7\avgse.dll
##(GRISOFT, s.r.o. [Ver = 7,0,0,337 | Size = 29743 bytes | Date = 08/18/2006 23:31 | Attr = ])
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\East-TecEraser
#{E0BD38EB-C8EC-11D2-B274-B493B003B125} = C:\PROGRA~1\EAST-T~1\eteshell.dll
##( [Ver = | Size = 421888 bytes | Date = 12/16/2005 00:40 | Attr = ])
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ewido anti-spyware
#{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
##(Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 94208 bytes | Date = 06/16/2006 10:38 | Attr = ])
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\PandoShellExt
#{9C150845-2A2D-44CC-90B3-AA03480AA3D2} = C:\Program Files\Pando Networks\Pando\PandoShellExt.dll
##(TODO: <Company name> [Ver = 1.0.0.1 | Size = 57344 bytes | Date = 06/13/2006 15:24 | Attr = ])
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\WinRAR
#{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
##( [Ver = | Size = 126464 bytes | Date = 04/18/2006 18:15 | Attr = ])
HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\SpySweeper
#{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
##(Webroot Software, Inc. [Ver = 5,0,5,1286 | Size = 218112 bytes | Date = 07/07/2006 17:16 | Attr = ])
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido anti-spyware
#{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
##(Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 94208 bytes | Date = 06/16/2006 10:38 | Attr = ])
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\PandoShellExt
#{9C150845-2A2D-44CC-90B3-AA03480AA3D2} = C:\Program Files\Pando Networks\Pando\PandoShellExt.dll
##(TODO: <Company name> [Ver = 1.0.0.1 | Size = 57344 bytes | Date = 06/13/2006 15:24 | Attr = ])
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
#{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
##( [Ver = | Size = 126464 bytes | Date = 04/18/2006 18:15 | Attr = ])
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
# = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll
##(Nero AG [Ver = 2, 2, 7, 0 | Size = 73728 bytes | Date = 06/08/2006 20:29 | Attr = ])
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
#{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG7\avgse.dll
##(GRISOFT, s.r.o. [Ver = 7,0,0,337 | Size = 29743 bytes | Date = 08/18/2006 23:31 | Attr = ])
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\East-TecEraser
#{E0BD38EB-C8EC-11D2-B274-B493B003B125} = C:\PROGRA~1\EAST-T~1\eteshell.dll
##( [Ver = | Size = 421888 bytes | Date = 12/16/2005 00:40 | Attr = ])
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
#{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
##(Webroot Software, Inc. [Ver = 5,0,5,1286 | Size = 218112 bytes | Date = 07/07/2006 17:16 | Attr = ])
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
#{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
##( [Ver = | Size = 126464 bytes | Date = 04/18/2006 18:15 | Attr = ])
<<< >> ColumnHandlers (Non-Microsoft only) << >>>
<<< HKLM-> ColumnHandlers >>>
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882}
#NeroDigitalColumnHandler Class = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
##(Nero AG [Ver = 2, 0, 0, 8 | Size = 1802240 bytes | Date = 11/15/2005 12:07 | Attr = ])
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
#PDF Shell Extension = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
##(Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Date = 12/14/2004 02:20 | Attr = ])
<<< >> Registry Run Keys << >>>
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\!ewido
#"C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
##(Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 6283264 bytes | Date = 06/16/2006 10:39 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ATIPTA
#"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
##(ATI Technologies, Inc. [Ver = 6.14.10.5183 | Size = 344064 bytes | Date = 02/09/2006 21:05 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AVG7_CC
#"C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
##(GRISOFT, s.r.o. [Ver = 7,1,0,404 | Size = 358447 bytes | Date = 08/18/2006 23:31 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DLA
#C:\WINDOWS\System32\DLA\DLACTRLW.EXE
##(Sonic Solutions [Ver = 5.20.12a | Size = 122940 bytes | Date = 11/07/2005 05:20 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ISUSPM Startup
#"C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
##(InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 221184 bytes | Date = 07/27/2004 16:50 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ISUSScheduler
#"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
##(InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Date = 07/27/2004 16:50 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck
#"C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
##(Nero AG [Ver = 1, 0, 0, 5 | Size = 155648 bytes | Date = 01/12/2006 16:40 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SpySweeper
#"C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
##(Webroot Software, Inc. [Ver = 5,0,5,1286 | Size = 3871744 bytes | Date = 07/07/2006 17:16 | Attr = ])
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\µTorrent
#"C:\Program Files\utorrent\utorrent.exe"
##( [Ver = | Size = 174163 bytes | Date = 08/16/2006 23:43 | Attr = ])
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AIM
#"C:\Program Files\AIM\aim.exe" -cnetwait.odl
##(America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Date = 08/05/2005 15:08 | Attr = ])
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
#"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
##(Nero AG [Ver = 1, 2, 0, 13 | Size = 94208 bytes | Date = 06/01/2006 13:32 | Attr = ])
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Creative Detector
#"C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
##(Creative Technology Ltd [Ver = 3.0.2.0 | Size = 102400 bytes | Date = 12/02/2004 18:23 | Attr = ])
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ctfmon.exe
#C:\WINDOWS\system32\ctfmon.exe
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15360 bytes | Date = 08/10/2004 07:00 | Attr = ])
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MSMSGS
#"C:\Program Files\Messenger\msmsgs.exe" /background
##(Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Date = 10/13/2004 12:24 | Attr = ])
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\msnmsgr
#"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
##(Microsoft Corporation [Ver = 8.0.0792.00 | Size = 5324584 bytes | Date = 06/16/2006 14:38 | Attr = ])
#
##
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
#C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
##(Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Date = 09/23/2005 22:05 | Attr = ])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
#C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
##( [Ver = | Size = 84 bytes | Date = 07/16/2006 14:42 | Attr = HS])
C:\Documents and Settings\Unbrix\Start Menu\Programs\Startup\Adobe Gamma.lnk
#C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
##(Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Date = 03/16/2005 19:16 | Attr = ])
C:\Documents and Settings\Unbrix\Start Menu\Programs\Startup\AntiCrash.lnk
#C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
##( [Ver = | Size = 2301798 bytes | Date = 12/17/2002 12:00 | Attr = ])
C:\Documents and Settings\Unbrix\Start Menu\Programs\Startup\desktop.ini
#C:\Documents and Settings\Unbrix\Start Menu\Programs\Startup\desktop.ini
##( [Ver = | Size = 84 bytes | Date = 07/16/2006 14:42 | Attr = HS])
C:\Documents and Settings\Unbrix\Start Menu\Programs\Startup\Hare.lnk
#C:\Program Files\Dachshund Software\Hare\Hare.exe
##( [Ver = | Size = 1874381 bytes | Date = 09/21/2002 12:26 | Attr = ])
<<< >> Disabled MSConfig Items << >>>
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\AIM
#aim = C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
##(File not found)
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\DellSupport
#DSAgnt = "C:\Program Files\Dell Support\DSAgnt.exe" /startup
##(Gteko Ltd. [Ver = 1, 1, 1, 121 | Size = 332800 bytes | Date = 05/15/2005 02:04 | Attr = ])
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\ehTray
#ehtray = C:\WINDOWS\ehome\ehtray.exe
##(Microsoft Corporation [Ver = 5.1.2710.2732 (xpsp(wmbla).050805-1239) | Size = 64512 bytes | Date = 08/05/2005 13:56 | Attr = ])
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\SigmatelSysTrayApp
#stsystra = stsystra.exe
##(SigmaTel, Inc. [Ver = 1.0.4450.0 nd83 cp1 | Size = 339968 bytes | Date = 03/22/2005 17:20 | Attr = ])
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\SunJavaUpdateSched
#jusched = C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
##(Sun Microsystems, Inc. [Ver = 5.0.70.3 | Size = 36975 bytes | Date = 05/03/2006 02:56 | Attr = ])
<<< >> User Agent Post Platform << >>>
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\\SV1
#
##
<<< >> AppInit DLLs << >>>
<<< >> Image File Execution Options << >>>
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
#Debugger = ntsd -d
##
<<< >> Shell Service Object Delay Load << >>>
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\0aMCPClient
#{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} = Reg Data missing or invalid
##(File not found)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\CDBurn
#{fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
##(Microsoft Corporation [Ver = 6.00.2900.2951 (xpsp_sp2_gdr.060713-0009) | Size = 8453632 bytes | Date = 07/13/2006 09:33 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\PostBootReminder
#{7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
##(Microsoft Corporation [Ver = 6.00.2900.2951 (xpsp_sp2_gdr.060713-0009) | Size = 8453632 bytes | Date = 07/13/2006 09:33 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SysTray
#{35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 121856 bytes | Date = 08/10/2004 07:00 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck
#{E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
##(Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 276480 bytes | Date = 08/10/2004 07:00 | Attr = ])
<<< >> Shell Execute Hooks << >>>
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8}
#CShellExecuteHookImpl Object = C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll
##(Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 73728 bytes | Date = 06/16/2006 10:38 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972}
#URL Exec Hook = shell32.dll
##(Microsoft Corporation [Ver = 6.00.2900.2951 (xpsp_sp2_gdr.060713-0009) | Size = 8453632 bytes | Date = 07/13/2006 09:33 | Attr = ])
<<< >> Shared Task Scheduler << >>>
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{438755C2-A8BA-11D1-B96B-00A0C90312E1}
#Browseui preloader = %SystemRoot%\system32\browseui.dll
##(Microsoft Corporation [Ver = 6.00.2900.2937 (xpsp.060623-0011) | Size = 1022976 bytes | Date = 06/23/2006 07:25 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{8C7461EF-2B13-11d2-BE35-3078302C2030}
#Component Categories cache daemon = %SystemRoot%\system32\browseui.dll
##(Microsoft Corporation [Ver = 6.00.2900.2937 (xpsp.060623-0011) | Size = 1022976 bytes | Date = 06/23/2006 07:25 | Attr = ])
<<< >> Winlogon << >>>
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit
#C:\WINDOWS\system32\userinit.exe,
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Date = 08/10/2004 07:00 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell
#explorer.exe
##(Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Date = 08/10/2004 07:00 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\System
#
##(File not found)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
#crypt32.dll
##(Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 597504 bytes | Date = 08/10/2004 07:00 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
#cryptnet.dll
##(Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 63488 bytes | Date = 08/10/2004 07:00 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
#cscdll.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 101888 bytes | Date = 08/10/2004 07:00 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
#wlnotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 08/10/2004 07:00 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
#wlnotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 08/10/2004 07:00 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
#sclgntfy.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20992 bytes | Date = 08/10/2004 07:00 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
#WlNotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 08/10/2004 07:00 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
#wlnotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 08/10/2004 07:00 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
#WgaLogon.dll
##(Microsoft Corporation [Ver = 1.5.0540.0 | Size = 702768 bytes | Date = 06/19/2006 16:20 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
#wlnotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 08/10/2004 07:00 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier
#WRLogonNTF.dll
##(Webroot Software, Inc. [Ver = 3,0,5,1286 | Size = 208896 bytes | Date = 07/07/2006 17:16 | Attr = ])
<<< >> DNS Name Servers << >>>
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1910EF38-D2DB-4288-960E-265148A163F1}
#192.168.1.1 (Intel(R) PRO/1000 PL Network Connection)
##
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D5EFD61F-77B9-465B-84B2-FF813CEF2674}
# (Realtek RTL8139 Family PCI Fast Ethernet NIC)
##
<<< >> All Winsock2 Catalogs << >>>
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001
#%SystemRoot%\System32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 07:00 | Attr = ])
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002
#%SystemRoot%\System32\winrnr.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 16896 bytes | Date = 08/10/2004 07:00 | Attr = ])
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003
#%SystemRoot%\System32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 07:00 | Attr = ])
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 07:00 | Attr = ])
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 07:00 | Attr = ])
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 07:00 | Attr = ])
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004
#%SystemRoot%\system32\rsvpsp.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 90112 bytes | Date = 08/10/2004 07:00 | Attr = ])
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005
#%SystemRoot%\system32\rsvpsp.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 90112 bytes | Date = 08/10/2004 07:00 | Attr = ])
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 07:00 | Attr = ])
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 07:00 | Attr = ])
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 07:00 | Attr = ])
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 07:00 | Attr = ])
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 07:00 | Attr = ])
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 07:00 | Attr = ])
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 07:00 | Attr = ])
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 07:00 | Attr = ])
<<< >> Protocol Handlers (Non-Microsoft only) << >>>
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ipp
#
##(File not found)
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp
#
##(File not found)
<<< >> Protocol Filters (Non-Microsoft only) << >>>
[Start Post #2]
Services
Name--Internal Name--Startup Type--State--Service Type--
#Path
##(Version Info)
Ati HotKey Poller--Ati HotKey Poller--Automatic--Running--Win32, running in it's own process--
#C:\WINDOWS\system32\Ati2evxx.exe
##(ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Date = 02/09/2006 20:51 | Attr = ])
AVG7 Alert Manager Server--Avg7Alrt--Automatic--Running--Win32, running in it's own process--
#C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
##(GRISOFT, s.r.o. [Ver = 7,1,0,364 | Size = 330291 bytes | Date = 08/18/2006 23:31 | Attr = ])
AVG7 Update Service--Avg7UpdSvc--Automatic--Running--Win32, running in it's own process--
#C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
##(GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 39987 bytes | Date = 08/18/2006 23:31 | Attr = ])
Creative Service for CDROM Access--Creative Service for CDROM Access--Automatic--Running--Win32, running in it's own process--
#C:\WINDOWS\system32\CTsvcCDA.EXE
##(Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Date = 12/12/1999 21:01 | Attr = ])
ewido anti-spyware 4.0 guard--ewido anti-spyware 4.0 guard--Automatic--Running--Win32, running in it's own process--
#C:\Program Files\ewido anti-spyware 4.0\guard.exe
##(Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 172032 bytes | Date = 06/16/2006 10:38 | Attr = ])
Network Location Awareness (NLA)--Nla----Running--Win32, running in a shared process--
#\SystemRoot\C:\WINDOWS\system32\svchost.exe -k netsvcs
##(File not found)
System Event Notification--SENS----Running--Win32, running in a shared process--
#\SystemRoot\C:\WINDOWS\system32\svchost.exe -k netsvcs
##(File not found)
Webroot Spy Sweeper Engine--WebrootSpySweeperService--Automatic--Running--Win32, running in it's own process--
#"C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe"
##(Webroot Software, Inc. [Ver = 3,0,5,1286 | Size = 3063808 bytes | Date = 07/07/2006 17:16 | Attr = ])
Files
Full Path
#Details
%SystemDrive%
#
%ProgramFilesDir%
#
%WinDir%
#
%System%
#
C:\WINDOWS\SYSTEM32\avisynth.dll
#UPX! (The Public [Ver = 2, 5, 6, 0 | Size = 308224 bytes | Date = 10/07/2005 13:14 | Attr = ])
C:\WINDOWS\SYSTEM32\dfrg.msc
#AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213( [Ver = | Size = 41397 bytes | Date = 08/10/2004 07:00 | Attr = ])
C:\WINDOWS\SYSTEM32\DivX.dll
#PEC2 (DivX, Inc. [Ver = 6.2.5.34 | Size = 620180 bytes | Date = 07/03/2006 17:40 | Attr = ])
C:\WINDOWS\SYSTEM32\DivX.dll
#PECompact2 (DivX, Inc. [Ver = 6.2.5.34 | Size = 620180 bytes | Date = 07/03/2006 17:40 | Attr = ])
C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
#RIMAPPTECHNOLOGIES (Microsoft Corporation [Ver = 1.5.0540.0 | Size = 571184 bytes | Date = 06/19/2006 16:19 | Attr = ])
C:\WINDOWS\SYSTEM32\MRT.exe
#(PeCompact2) (Microsoft Corporation [Ver = 1.19.1565.0 | Size = 8255912 bytes | Date = 08/02/2006 21:22 | Attr = ])
C:\WINDOWS\SYSTEM32\MRT.exe
#(ASPack) (Microsoft Corporation [Ver = 1.19.1565.0 | Size = 8255912 bytes | Date = 08/02/2006 21:22 | Attr = ])
C:\WINDOWS\SYSTEM32\nmap.exe
#Unexpected probespec2ascii type encountered( [Ver = 4.X | Size = 452096 bytes | Date = 06/23/2006 21:38 | Attr = ])
C:\WINDOWS\SYSTEM32\ntbackup.exe
#VWSuD (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1200128 bytes | Date = 08/10/2004 07:00 | Attr = ])
C:\WINDOWS\SYSTEM32\ntdll.dll
#.aspack (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 708096 bytes | Date = 08/10/2004 07:00 | Attr = ])
C:\WINDOWS\SYSTEM32\nusrmgr.cpl
#Pln``pmlidb_[ZYWSUdxa\^`^Tsfbeffhjol(Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 08/10/2004 07:00 | Attr = ])
C:\WINDOWS\SYSTEM32\rasdlg.dll
#\DuMonitor SendMessage(WM_RASEVENT) done(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 657920 bytes | Date = 08/10/2004 07:00 | Attr = ])
C:\WINDOWS\SYSTEM32\SrchSTS.exe
#UPX! (S!Ri [Ver = | Size = 288417 bytes | Date = 04/27/2006 17:49 | Attr = ])
C:\WINDOWS\SYSTEM32\swreg.exe
#UPX! ( [Ver = | Size = 42496 bytes | Date = 01/09/2006 10:36 | Attr = ])
C:\WINDOWS\SYSTEM32\swsc.exe
#UPX! ( [Ver = | Size = 40960 bytes | Date = 01/09/2006 10:36 | Attr = ])
C:\WINDOWS\SYSTEM32\wbdbase.deu
#msubjsuchsullsupeswinsyncszens( [Ver = | Size = 1309184 bytes | Date = 08/10/2004 07:00 | Attr = ])
C:\WINDOWS\SYSTEM32\WgaTray.exe
#RIMAPPTECHNOLOGIES (Microsoft Corporation [Ver = 1.5.0540.0 | Size = 304944 bytes | Date = 06/19/2006 16:19 | Attr = ])
%System%\Drivers folder and sub-folders
#
C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
#error finding UPX! header(GRISOFT, s.r.o. [Ver = 7,1,0,402 | Size = 777472 bytes | Date = 08/18/2006 23:31 | Attr = ])
C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
#FSG!u.h (GRISOFT, s.r.o. [Ver = 7,1,0,402 | Size = 777472 bytes | Date = 08/18/2006 23:31 | Attr = ])
C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
#pec2-ext.exe (GRISOFT, s.r.o. [Ver = 7,1,0,402 | Size = 777472 bytes | Date = 08/18/2006 23:31 | Attr = ])
C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
#;PE_ASPACK (GRISOFT, s.r.o. [Ver = 7,1,0,402 | Size = 777472 bytes | Date = 08/18/2006 23:31 | Attr = ])
%windir% + sub-dirs for System or Hidden files less than 60 days old
#
C:\WINDOWS\a3kebook.ini
# ( [Ver = | Size = 4 bytes | Date = 07/24/2006 15:12 | Attr = H ])
C:\WINDOWS\akebook.ini
# ( [Ver = | Size = 20 bytes | Date = 07/24/2006 15:12 | Attr = H ])
C:\WINDOWS\bootstat.dat
# ( [Ver = | Size = 2048 bytes | Date = 08/29/2006 14:10 | Attr = S])
C:\WINDOWS\WindowsShell.Manifest
# ( [Ver = | Size = 749 bytes | Date = 07/16/2006 14:40 | Attr = RH ])
C:\WINDOWS\wininf.dat
# ( [Ver = | Size = 314 bytes | Date = 08/28/2006 20:27 | Attr = H ])
C:\WINDOWS\winshell.dat
# ( [Ver = | Size = 199 bytes | Date = 08/29/2006 20:44 | Attr = H ])
C:\WINDOWS\assembly\Desktop.ini
# ( [Ver = | Size = 227 bytes | Date = 07/16/2006 14:38 | Attr = RHS])
C:\WINDOWS\assembly\PublisherPolicy.tme
# ( [Ver = | Size = 0 bytes | Date = 07/17/2006 13:14 | Attr = RH ])
C:\WINDOWS\assembly\pubpol14.dat
# ( [Ver = | Size = 0 bytes | Date = 07/17/2006 13:14 | Attr = RH ])
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index1c.dat
# ( [Ver = | Size = 0 bytes | Date = 07/18/2006 17:42 | Attr = RH ])
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index1d.dat
# ( [Ver = | Size = 0 bytes | Date = 07/18/2006 17:43 | Attr = RH ])
C:\WINDOWS\CSC\00000001
# ( [Ver = | Size = 64 bytes | Date = 07/18/2006 17:34 | Attr = S])
C:\WINDOWS\CSC\00000002
# ( [Ver = | Size = 64 bytes | Date = 07/18/2006 17:22 | Attr = S])
C:\WINDOWS\Downloaded Program Files\desktop.ini
# ( [Ver = | Size = 65 bytes | Date = 07/16/2006 14:40 | Attr = H ])
C:\WINDOWS\Fonts\desktop.ini
# ( [Ver = | Size = 67 bytes | Date = 07/16/2006 14:41 | Attr = HS])
C:\WINDOWS\Help\update.GID
# ( [Ver = | Size = 10820 bytes | Date = 08/23/2006 22:44 | Attr = H ])
C:\WINDOWS\inf\oem1.inf
# ( [Ver = | Size = 0 bytes | Date = 07/16/2006 14:47 | Attr = H ])
C:\WINDOWS\Offline Web Pages\desktop.ini
# ( [Ver = | Size = 65 bytes | Date = 07/16/2006 14:40 | Attr = H ])
C:\WINDOWS\pchealth\helpctr\PackageStore\package_1.cab
# ( [Ver = | Size = 727 bytes | Date = 07/16/2006 14:41 | Attr = RHS])
C:\WINDOWS\pchealth\helpctr\PackageStore\package_2.cab
# ( [Ver = | Size = 19854 bytes | Date = 07/16/2006 14:41 | Attr = RHS])
C:\WINDOWS\pchealth\helpctr\PackageStore\package_3.cab
# ( [Ver = | Size = 244933 bytes | Date = 07/16/2006 14:41 | Attr = RHS])
C:\WINDOWS\repair\ntuser.dat
# ( [Ver = | Size = 229376 bytes | Date = 07/16/2006 14:42 | Attr = H ])
C:\WINDOWS\system32\cdplayer.exe.manifest
# ( [Ver = | Size = 749 bytes | Date = 07/16/2006 14:40 | Attr = RH ])
C:\WINDOWS\system32\logonui.exe.manifest
# ( [Ver = | Size = 488 bytes | Date = 07/16/2006 14:40 | Attr = RH ])
C:\WINDOWS\system32\ncpa.cpl.manifest
# ( [Ver = | Size = 749 bytes | Date = 07/16/2006 14:40 | Attr = RH ])
C:\WINDOWS\system32\nwc.cpl.manifest
# ( [Ver = | Size = 749 bytes | Date = 07/16/2006 14:40 | Attr = RH ])
C:\WINDOWS\system32\sapi.cpl.manifest
# ( [Ver = | Size = 749 bytes | Date = 07/16/2006 14:40 | Attr = RH ])
C:\WINDOWS\system32\WindowsLogon.manifest
# ( [Ver = | Size = 488 bytes | Date = 07/16/2006 14:40 | Attr = RH ])
C:\WINDOWS\system32\wuaucpl.cpl.manifest
# ( [Ver = | Size = 749 bytes | Date = 07/16/2006 14:40 | Attr = RH ])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917422.cat
# ( [Ver = | Size = 10925 bytes | Date = 07/05/2006 08:21 | Attr = S])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918899.cat
# ( [Ver = | Size = 23751 bytes | Date = 07/28/2006 08:16 | Attr = S])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920214.cat
# ( [Ver = | Size = 10337 bytes | Date = 07/27/2006 10:00 | Attr = S])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920670.cat
# ( [Ver = | Size = 10925 bytes | Date = 07/21/2006 05:03 | Attr = S])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB921398.cat
# ( [Ver = | Size = 13050 bytes | Date = 07/13/2006 10:24 | Attr = S])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB921883.cat
# ( [Ver = | Size = 10925 bytes | Date = 07/14/2006 12:13 | Attr = S])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB922616.cat
# ( [Ver = | Size = 10925 bytes | Date = 07/14/2006 11:53 | Attr = S])
C:\WINDOWS\system32\config\default.LOG
# ( [Ver = | Size = 1024 bytes | Date = 08/29/2006 14:14 | Attr = H ])
C:\WINDOWS\system32\config\SAM.LOG
# ( [Ver = | Size = 1024 bytes | Date = 08/29/2006 14:10 | Attr = H ])
C:\WINDOWS\system32\config\SECURITY.LOG
# ( [Ver = | Size = 1024 bytes | Date = 08/29/2006 15:10 | Attr = H ])
C:\WINDOWS\system32\config\software.LOG
# ( [Ver = | Size = 1024 bytes | Date = 08/29/2006 21:23 | Attr = H ])
C:\WINDOWS\system32\config\system.LOG
# ( [Ver = | Size = 1024 bytes | Date = 08/29/2006 21:11 | Attr = H ])
C:\WINDOWS\system32\config\TempKey.LOG
# ( [Ver = | Size = 1024 bytes | Date = 07/16/2006 10:31 | Attr = H ])
C:\WINDOWS\system32\config\userdiff.LOG
# ( [Ver = | Size = 1024 bytes | Date = 07/16/2006 10:31 | Attr = H ])
C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
# ( [Ver = | Size = 1024 bytes | Date = 08/08/2006 15:22 | Attr = H ])
C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini
# ( [Ver = | Size = 62 bytes | Date = 07/16/2006 10:32 | Attr = HS])
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8
# ( [Ver = | Size = 341 bytes | Date = 07/26/2006 22:23 | Attr = S])
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5
# ( [Ver = | Size = 688 bytes | Date = 07/16/2006 14:41 | Attr = S])
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165
# ( [Ver = | Size = 413 bytes | Date = 07/26/2006 22:23 | Attr = S])
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\904590238400AD963F77FAAAADC9BAB5
# ( [Ver = | Size = 574 bytes | Date = 07/26/2006 22:23 | Attr = S])
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD
# ( [Ver = | Size = 558 bytes | Date = 07/28/2006 19:52 | Attr = S])
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735
# ( [Ver = | Size = 558 bytes | Date = 07/16/2006 14:55 | Attr = S])
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\F482C95F83F1B59228F1B1E720F2EDF1
# ( [Ver = | Size = 70226 bytes | Date = 07/16/2006 14:41 | Attr = S])
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8
# ( [Ver = | Size = 126 bytes | Date = 07/26/2006 22:23 | Attr = S])
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5
# ( [Ver = | Size = 94 bytes | Date = 07/16/2006 14:41 | Attr = S])
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165
# ( [Ver = | Size = 98 bytes | Date = 07/26/2006 22:23 | Attr = S])
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\904590238400AD963F77FAAAADC9BAB5
# ( [Ver = | Size = 136 bytes | Date = 07/26/2006 22:23 | Attr = S])
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD
# ( [Ver = | Size = 146 bytes | Date = 07/28/2006 19:52 | Attr = S])
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735
# ( [Ver = | Size = 144 bytes | Date = 07/16/2006 14:55 | Attr = S])
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\F482C95F83F1B59228F1B1E720F2EDF1
# ( [Ver = | Size = 128 bytes | Date = 07/16/2006 14:41 | Attr = S])
C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini
# ( [Ver = | Size = 62 bytes | Date = 07/16/2006 10:32 | Attr = HS])
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini
# ( [Ver = | Size = 113 bytes | Date = 07/16/2006 14:46 | Attr = HS])
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini
# ( [Ver = | Size = 113 bytes | Date = 07/16/2006 14:46 | Attr = HS])
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini
# ( [Ver = | Size = 67 bytes | Date = 07/16/2006 14:46 | Attr = HS])
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
# ( [Ver = | Size = 67 bytes | Date = 07/16/2006 14:46 | Attr = HS])
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\34HI1ZUP\desktop.ini
# ( [Ver = | Size = 67 bytes | Date = 07/16/2006 14:46 | Attr = HS])
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\3MTLMKOS\desktop.ini
# ( [Ver = | Size = 67 bytes | Date = 07/16/2006 14:46 | Attr = HS])
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\BR7KUDW9\desktop.ini
# ( [Ver = | Size = 67 bytes | Date = 07/16/2006 14:46 | Attr = HS])
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VTFGBUPN\desktop.ini
# ( [Ver = | Size = 67 bytes | Date = 07/16/2006 14:46 | Attr = HS])
C:\WINDOWS\system32\config\systemprofile\SendTo\desktop.ini
# ( [Ver = | Size = 181 bytes | Date = 07/16/2006 14:41 | Attr = HS])
C:\WINDOWS\system32\config\systemprofile\Start Menu\desktop.ini
# ( [Ver = | Size = 62 bytes | Date = 07/16/2006 10:32 | Attr = HS])
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\desktop.ini
# ( [Ver = | Size = 148 bytes | Date = 07/16/2006 14:42 | Attr = HS])
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\desktop.ini
# ( [Ver = | Size = 482 bytes | Date = 07/16/2006 14:42 | Attr = HS])
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\desktop.ini
# ( [Ver = | Size = 348 bytes | Date = 07/16/2006 14:42 | Attr = HS])
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\desktop.ini
# ( [Ver = | Size = 84 bytes | Date = 07/16/2006 14:42 | Attr = HS])
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini
# ( [Ver = | Size = 84 bytes | Date = 07/16/2006 14:42 | Attr = HS])
C:\WINDOWS\system32\GroupPolicy\Adm\admfiles.ini
# ( [Ver = | Size = 81 bytes | Date = 08/18/2006 18:28 | Attr = H ])
C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\84ef8e7a-4b84-44c5-97f9-bc5b3d50cc51
# ( [Ver = | Size = 388 bytes | Date = 07/16/2006 16:09 | Attr = HS])
C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
# ( [Ver = | Size = 24 bytes | Date = 07/16/2006 16:09 | Attr = HS])
C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\774edf4d-1c13-4366-9762-7b3e6b337aa2
# ( [Ver = | Size = 388 bytes | Date = 07/16/2006 14:46 | Attr = HS])
C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
# ( [Ver = | Size = 24 bytes | Date = 07/16/2006 14:46 | Attr = HS])
C:\WINDOWS\Tasks\SA.DAT
# ( [Ver = | Size = 6 bytes | Date = 08/29/2006 14:10 | Attr = H ])
CPL files
#
C:\WINDOWS\SYSTEM32\access.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 08/10/2004 07:00 | Attr = ])
C:\WINDOWS\SYSTEM32\appwiz.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 549888 bytes | Date = 08/10/2004 07:00 | Attr = ])
C:\WINDOWS\SYSTEM32\bthprops.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 110592 bytes | Date = 08/10/2004 07:00 | Attr = ])
C:\WINDOWS\SYSTEM32\desk.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Date = 08/10/2004 07:00 | Attr = ])
C:\WINDOWS\SYSTEM32\firewall.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 80384 bytes | Date = 08/10/2004 07:00 | Attr = ])
C:\WINDOWS\SYSTEM32\hdwwiz.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 155136 bytes | Date = 08/10/2004 07:00 | Attr = ])
C:\WINDOWS\SYSTEM32\inetcpl.cpl
# (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 358400 bytes | Date = 08/10/2004 07:00 | Attr = ])
C:\WINDOWS\SYSTEM32\intl.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Date = 08/10/2004 07:00 | Attr = ])
C:\WINDOWS\SYSTEM32\irprops.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 380416 bytes | Date = 08/10/2004 07:00 | Attr = ])
C:\WINDOWS\SYSTEM32\ISUSPM.cpl
# (InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 73728 bytes | Date = 07/27/2004 16:50 | Attr = ])
C:\WINDOWS\SYSTEM32\joy.cpl
# (Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 08/10/2004 07:00 | Attr = ])
C:\WINDOWS\SYSTEM32\jpicpl32.cpl
# (Sun Microsystems, Inc. [Ver = 5.0.70.3 | Size = 49265 bytes | Date = 05/03/2006 02:56 | Attr = ])
C:\WINDOWS\SYSTEM32\main.cpl
# (Microsoft Corporation [Ver = 5.1.2403.1 | Size = 187904 bytes | Date = 08/10/2004 07:00 | Attr = ])
C:\WINDOWS\SYSTEM32\mmsys.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 618496 bytes | Date = 08/10/2004 07:00 | Attr = ])
C:\WINDOWS\SYSTEM32\ncpa.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Date = 08/10/2004 07:00 | Attr = ])
C:\WINDOWS\SYSTEM32\netsetup.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25600 bytes | Date = 08/10/2004 07:00 | Attr = ])
C:\WINDOWS\SYSTEM32\nusrmgr.cpl
# (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 08/10/2004 07:00 | Attr = ])
C:\WINDOWS\SYSTEM32\nwc.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 36864 bytes | Date = 08/10/2004 07:00 | Attr = ])
C:\WINDOWS\SYSTEM32\odbccp32.cpl
# (Microsoft Corporation [Ver = 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) | Size = 32768 bytes | Date = 08/10/2004 07:00 | Attr = ])
C:\WINDOWS\SYSTEM32\powercfg.cpl
# (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 114688 bytes | Date = 08/10/2004 07:00 | Attr = ])
C:\WINDOWS\SYSTEM32\stac97.cpl
# (SigmaTel, Inc. [Ver = 1.0.4823.0 nd322 cp1 | Size = 159825 bytes | Date = 11/16/2005 15:35 | Attr = ])
C:\WINDOWS\SYSTEM32\sysdm.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Date = 08/10/2004 07:00 | Attr = ])
C:\WINDOWS\SYSTEM32\telephon.cpl
# (Microsoft Corporation