mile.dbsarticles.com

By Pig, April 23, 2010

mile.dbsarticles.com 205.234.222.37

* C&C Server: 205.234.222.37:2345
* Server Password:
* Username: XP-0642
* Nickname: NEW-[DEU|00|P|85489]
* Channel: #imb (Password: test)
* Channeltopic: :.msn.stop|.msn.msg foto 😀 http://expensiveimages.com/image.php?=

Registry Changes by all processes
Create or Open
Changes HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “c:IM35616.JPGwww.myspace.com.exe” = c:IM35616.JPGwww.myspace.com.exe:*:Enabled:Firewall Administrating
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “c:IM35616.JPGwww.myspace.com.exe” = C:WINDOWSinfocard.exe:*:Enabled:Firewall Administrating
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “Firewall Administrating” = C:WINDOWSinfocard.exe
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “Firewall Administrating” = C:WINDOWSinfocard.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTerminal ServerInstallSoftwareMicrosoftWindowsCurrentVersionRun “Firewall Administrating” = C:WINDOWSinfocard.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappcfg “LogSessionName” = [REG_EXPAND_SZ, value: stdout]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappcfg “Active” = [REG_DWORD, value: 00000001]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappcfg “ControlFlags” = [REG_DWORD, value: 00000001]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappcfgtraceIdentifier “Guid” = 5f31090b-d990-4e91-b16d-46121d0255aa
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappcfgtraceIdentifier “BitNames” = Error Unusual Info Debug
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappprxy “LogSessionName” = [REG_EXPAND_SZ, value: stdout]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappprxy “Active” = [REG_DWORD, value: 00000001]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappprxy “ControlFlags” = [REG_DWORD, value: 00000001]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappprxytraceIdentifier “Guid” = 5f31090b-d990-4e91-b16d-46121d0255aa
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappprxytraceIdentifier “BitNames” = Error Unusual Info Debug
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosoftQUtil “LogSessionName” = [REG_EXPAND_SZ, value: stdout]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosoftQUtil “Active” = [REG_DWORD, value: 00000001]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosoftQUtil “ControlFlags” = [REG_DWORD, value: 00000001]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosoftQUtiltraceIdentifier “Guid” = 8aefce96-4618-42ff-a057-3536aa78233e
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosoftQUtiltraceIdentifier “BitNames” = Error Unusual Info Debug
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosoftNAPNetsh “LogSessionName” = [REG_EXPAND_SZ, value: stdout]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosoftNAPNetsh “Active” = [REG_DWORD, value: 00000001]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosoftNAPNetsh “ControlFlags” = [REG_DWORD, value: 00000001]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosoftNAPNetshNapmontr “Guid” = 710adbf0-ce88-40b4-a50d-231ada6593f0
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosoftNAPNetshNapmontr “BitNames” = NAP_TRACE_BASE NAP_TRACE_NETSH
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosoftqagent “LogSessionName” = [REG_EXPAND_SZ, value: stdout]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosoftqagent “Active” = [REG_DWORD, value: 00000001]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosoftqagent “ControlFlags” = [REG_DWORD, value: 00000001]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosoftqagenttraceIdentifier “Guid” = b0278a28-76f1-4e15-b1df-14b209a12613
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosoftqagenttraceIdentifier “BitNames” = Error Unusual Info Debug
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “CompatibilityFlags” = [REG_DWORD, value: 00000000]
HKEY_CURRENT_USERSoftwareMicrosoftCTFTIP{1188450c-fdab-47ae-80d8-c9633f71be64}LanguageProfilex00000000{63800dac-e7ca-4df9-9a5c-20765055488d} “Enable” = [REG_DWORD, value: 00000001]
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “FullScreen” = no
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbar “Locked” = [REG_DWORD, value: 00000001]
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerLowRegistryExtensionsCmdMapping “{5067A26B-1337-4436-8AFE-EE169C2DA79F}” = [REG_DWORD, value: 00002002]
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerLowRegistryExtensionsCmdMapping “NextId” = [REG_DWORD, value: 00002003]
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerLowRegistryExtensionsCmdMapping “{77BF5300-1474-4EC7-9980-D32B190E9B07}” = [REG_DWORD, value: 00002003]
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerLowRegistryExtensionsCmdMapping “NextId” = [REG_DWORD, value: 00002004]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappcfg “LogSessionName” = [REG_EXPAND_SZ, value: stdout]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappcfg “Active” = [REG_DWORD, value: 00000001]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappcfg “ControlFlags” = [REG_DWORD, value: 00000001]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappcfgtraceIdentifier “Guid” = 5f31090b-d990-4e91-b16d-46121d0255aa
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappcfgtraceIdentifier “BitNames” = Error Unusual Info Debug
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappprxy “LogSessionName” = [REG_EXPAND_SZ, value: stdout]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappprxy “Active” = [REG_DWORD, value: 00000001]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappprxy “ControlFlags” = [REG_DWORD, value: 00000001]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappprxytraceIdentifier “Guid” = 5f31090b-d990-4e91-b16d-46121d0255aa
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappprxytraceIdentifier “BitNames” = Error Unusual Info Debug
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosoftQUtil “LogSessionName” = [REG_EXPAND_SZ, value: stdout]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosoftQUtil “Active” = [REG_DWORD, value: 00000001]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosoftQUtil “ControlFlags” = [REG_DWORD, value: 00000001]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosoftQUtiltraceIdentifier “Guid” = 8aefce96-4618-42ff-a057-3536aa78233e
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosoftQUtiltraceIdentifier “BitNames” = Error Unusual Info Debug
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosoftNAPNetsh “LogSessionName” = [REG_EXPAND_SZ, value: stdout]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosoftNAPNetsh “Active” = [REG_DWORD, value: 00000001]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosoftNAPNetsh “ControlFlags” = [REG_DWORD, value: 00000001]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosoftNAPNetshNapmontr “Guid” = 710adbf0-ce88-40b4-a50d-231ada6593f0
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosoftNAPNetshNapmontr “BitNames” = NAP_TRACE_BASE NAP_TRACE_NETSH
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosoftqagent “LogSessionName” = [REG_EXPAND_SZ, value: stdout]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosoftqagent “Active” = [REG_DWORD, value: 00000001]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosoftqagent “ControlFlags” = [REG_DWORD, value: 00000001]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosoftqagenttraceIdentifier “Guid” = b0278a28-76f1-4e15-b1df-14b209a12613
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosoftqagenttraceIdentifier “BitNames” = Error Unusual Info Debug
Reads HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter “Installed”
HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter “Installed”
HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter “Installed”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion “CurrentBuildNumber”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “Logging”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “Logging Directory”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “Log File Max Size”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”
HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”
HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “Repository Directory”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentLocalConfig “Enable Tracing”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentLocalConfig “Tracing Level”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79617 “Friendly Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79617 “Description”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79617 “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79617 “Enabled”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79617 “Vendor Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79617 “Info Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79617 “Config Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79617 “Validator Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79617 “Registration Date”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79617 “Component Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79618 “Friendly Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79618 “Description”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79618 “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79618 “Enabled”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79618 “Vendor Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79618 “Info Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79618 “Config Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79618 “Validator Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79618 “Registration Date”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79618 “Component Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79619 “Friendly Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79619 “Description”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79619 “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79619 “Enabled”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79619 “Vendor Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79619 “Info Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79619 “Config Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79619 “Validator Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79619 “Registration Date”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79619 “Component Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79620 “Friendly Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79620 “Description”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79620 “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79620 “Enabled”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79620 “Vendor Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79620 “Info Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79620 “Config Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79620 “Validator Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79620 “Registration Date”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79620 “Component Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79621 “Friendly Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79621 “Description”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79621 “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79621 “Enabled”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79621 “Vendor Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79621 “Info Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79621 “Config Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79621 “Validator Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79621 “Registration Date”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79621 “Component Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79623 “Friendly Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79623 “Description”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79623 “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79623 “Enabled”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79623 “Vendor Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79623 “Info Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79623 “Config Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79623 “Validator Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79623 “Registration Date”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79623 “Component Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentLocalConfig “PlumbIpsecPolicy”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “ProcessID”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “EnablePrivateObjectHeap”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “ContextLimit”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “ObjectLimit”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “IdentifierLimit”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “DefaultAuthLevel”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “1.exe”
HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter “Installed”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSession ManagerAppCompatibility “DisableAppCompat”
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{871C5380-42A0-1069-A2EA-08002B30309D}InProcServer32 “”
HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter “Installed”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionApp PathsIEXPLORE.EXE “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSetup “IExploreLastModifiedLow”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSetup “IExploreLastModifiedHigh”
HKEY_LOCAL_MACHINESOFTWAREClassesInterface{EAB22AC1-30C1-11CF-A7EB-0000C05BAE0B}TypeLib “”
HKEY_LOCAL_MACHINESOFTWAREClassesInterface{B722BCCB-4E68-101B-A2BC-00AA00404770}ProxyStubClsid32 “”
HKEY_LOCAL_MACHINESOFTWAREClassesInterface{79EAC9C4-BAF9-11CE-8C82-00AA004BA90B}ProxyStubClsid32 “”
HKEY_LOCAL_MACHINESOFTWAREClassesInterface{000214E6-0000-0000-C000-000000000046}ProxyStubClsid32 “”
HKEY_LOCAL_MACHINESOFTWAREClassesInterface{93F2F68C-1D1B-11D3-A30E-00C04F79ABD1}ProxyStubClsid32 “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”
HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”
HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “CompatibilityFlags”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerNew Windows “DetourDialogs”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Window_Min_Width”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Window_Min_Height”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIMM “Ime File”
HKEY_CURRENT_USERSoftwareMicrosoftCTF “Disable Thread Input Manager”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerTabbedBrowsing “QuickTabsThreshold”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerTabbedBrowsing “Enabled”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbar “Locked”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerTabbedBrowsing “ActivityMeterTimerInterval”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerTabbedBrowsing “ActivityMeterDisable”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer “SpecifyDefaultButtons”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer “SpecifyDefaultButtons”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerLinksExplorer “Docked”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSession ManagerAppCompatibility “DisableAppCompat”
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{50D5107A-D278-4871-8989-F4CEAAF59CFC}InProcServer32 “”
HKEY_CURRENT_USERSoftwareMicrosoftCTFTIP{1188450c-fdab-47ae-80d8-c9633f71be64}LanguageProfilex00000000{63800dac-e7ca-4df9-9a5c-20765055488d} “Enable”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFTIP{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}CategoryItem{5130A009-5540-4FCF-97EB-AAD33FC0EE09} “Description”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFTIP{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}CategoryItem{7AE86BB7-262C-431E-9111-C974B6B7CAC3} “Description”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFTIP{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}CategoryItem{C6DEBC0A-F2B2-4F17-930E-CA9FAFF4CD04} “Description”
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{750fdf0e-2a26-11d1-a3ea-080036587f03}InProcServer32 “”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Window_Placement”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “FullScreen”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAutoComplete “AlwaysDropUp”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerAutoCompleteClient “”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAutoComplete “Append Completion”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAutoComplete “AutoSuggest”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes “Version”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “SearchMigrated”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “SearchMigratedInstalled”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “SearchMigratedDefaultName”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchUrl “provider”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes “DefaultScope”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A} “SortIndex”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A} “DisplayName”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A} “URL”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A} “Codepage”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsUrl History “DaysToKeep”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSecurityP3Global “Enabled”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “StatusBarWeb”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Enable Browser Extensions”
HKEY_LOCAL_MACHINESOFTWARESkypePhone “SkypePath”
HKEY_CURRENT_USERSoftwareSkypePhoneUI “Version”
HKEY_CURRENT_USERSoftwareSkypePhoneUIGeneral “LastLanguage”
HKEY_LOCAL_MACHINESOFTWARESkypeToolbarsInternet ExplorerPlugin “MSIfirstLaunch”
HKEY_CURRENT_USERSoftwareSkypeToolbarsInternet ExplorerToolbar “needWelcome”
HKEY_LOCAL_MACHINESOFTWAREClassesTypeLib{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}1.1 “win32”
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{9BA05972-F6A8-11CF-A442-00A0C90A8F39}InProcServer32 “”
HKEY_CLASSES_ROOT “Interface{D30C1661-CDAF-11D0-8A3E-00C04FC9E26E}ProxyStubClsid32”
HKEY_CLASSES_ROOT “Interface{D30C1661-CDAF-11D0-8A3E-00C04FC9E26E}Forward”
HKEY_LOCAL_MACHINESOFTWAREClassesInterface{D30C1661-CDAF-11D0-8A3E-00C04FC9E26E}TypeLib “”
HKEY_LOCAL_MACHINESOFTWAREClassesInterface{D30C1661-CDAF-11D0-8A3E-00C04FC9E26E}TypeLib “Version”
HKEY_LOCAL_MACHINESOFTWAREClassesTypeLib{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}1.1win32 “”
HKEY_CLASSES_ROOT “Interface{85CB6900-4D95-11CF-960C-0080C7F4EE85}ProxyStubClsid32”
HKEY_CLASSES_ROOT “Interface{85CB6900-4D95-11CF-960C-0080C7F4EE85}Forward”
HKEY_LOCAL_MACHINESOFTWAREClassesInterface{85CB6900-4D95-11CF-960C-0080C7F4EE85}TypeLib “”
HKEY_LOCAL_MACHINESOFTWAREClassesTypeLib{00020430-0000-0000-C000-000000000046}2.0 “win32”
HKEY_LOCAL_MACHINESOFTWAREClassesInterface{85CB6900-4D95-11CF-960C-0080C7F4EE85}TypeLib “Version”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpc “UDTAlignmentPolicy”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerTabbedBrowsing “LastSessionPages”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “AlwaysShowMenus”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbar “MenuUserExpanded”
HKEY_CLASSES_ROOT “Interface{D30C1661-CDAF-11D0-8A3E-00C04FC9E26E}Forward”
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{871C5380-42A0-1069-A2EA-08002B30309D}InProcServer32 “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerMainFeatureControlFEATURE_INTERNET_SHELL_FOLDERS “iexplore.exe”
HKEY_CURRENT_USERSoftwareMicrosoftInternet Connection Wizard “DisableICW”
HKEY_CURRENT_USERSoftwareMicrosoftInternet Connection Wizard “Completed”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “NoUpdateCheck”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFeeds “UrlCacheVersion”
HKEY_LOCAL_MACHINESOFTWAREClassesTypeLib{5F226421-415D-408D-9A09-0DCD94E25B48}1.0 “win32”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{5067A26B-1337-4436-8AFE-EE169C2DA79F} “clsid”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{5067A26B-1337-4436-8AFE-EE169C2DA79F} “Icon”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{5067A26B-1337-4436-8AFE-EE169C2DA79F} “Exec”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{5067A26B-1337-4436-8AFE-EE169C2DA79F} “Script”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{5067A26B-1337-4436-8AFE-EE169C2DA79F} “MenuText”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{5067A26B-1337-4436-8AFE-EE169C2DA79F} “MenuCustomize”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{5067A26B-1337-4436-8AFE-EE169C2DA79F} “MenuStatusBar”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerLowRegistryExtensionsCmdMapping “{5067A26B-1337-4436-8AFE-EE169C2DA79F}”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerLowRegistryExtensionsCmdMapping “NextId”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{77BF5300-1474-4EC7-9980-D32B190E9B07} “clsid”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{77BF5300-1474-4EC7-9980-D32B190E9B07} “Icon”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{77BF5300-1474-4EC7-9980-D32B190E9B07} “ButtonText”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{77BF5300-1474-4EC7-9980-D32B190E9B07} “Exec”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{77BF5300-1474-4EC7-9980-D32B190E9B07} “Script”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{77BF5300-1474-4EC7-9980-D32B190E9B07} “MenuText”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerLowRegistryExtensionsCmdMapping “{77BF5300-1474-4EC7-9980-D32B190E9B07}”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{77BF5300-1474-4EC7-9980-D32B190E9B07} “Default Visible”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{e2e2dd38-d088-4134-82b7-f2ba38496583} “clsid”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{e2e2dd38-d088-4134-82b7-f2ba38496583} “Icon”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{e2e2dd38-d088-4134-82b7-f2ba38496583} “Exec”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{e2e2dd38-d088-4134-82b7-f2ba38496583} “Script”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{e2e2dd38-d088-4134-82b7-f2ba38496583} “MenuText”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{e2e2dd38-d088-4134-82b7-f2ba38496583} “MenuCustomize”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{e2e2dd38-d088-4134-82b7-f2ba38496583} “MenuStatusBar”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerLowRegistryExtensionsCmdMapping “{e2e2dd38-d088-4134-82b7-f2ba38496583}”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{FB5F1910-F110-11d2-BB9E-00C04F795683} “clsid”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{FB5F1910-F110-11d2-BB9E-00C04F795683} “Icon”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{FB5F1910-F110-11d2-BB9E-00C04F795683} “ButtonText”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{FB5F1910-F110-11d2-BB9E-00C04F795683} “Exec”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{FB5F1910-F110-11d2-BB9E-00C04F795683} “Script”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{FB5F1910-F110-11d2-BB9E-00C04F795683} “MenuText”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{FB5F1910-F110-11d2-BB9E-00C04F795683} “MenuCustomize”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{FB5F1910-F110-11d2-BB9E-00C04F795683} “MenuStatusBar”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerLowRegistryExtensionsCmdMapping “{FB5F1910-F110-11d2-BB9E-00C04F795683}”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{FB5F1910-F110-11d2-BB9E-00C04F795683} “Default Visible”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesRatings “Key”
HKEY_CURRENT_USERSoftwareMicrosoftInternet Explorer “No3DBorder”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet Explorer “No3DBorder”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings “UrlEncoding”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerInternational “AcceptLanguage”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “DefaultAuthLevel”
HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter “Installed”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”
HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”
HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “10”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSecurityProviders “SecurityProviders”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Comment”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Capabilities”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “RpcId”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “TokenSize”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Comment”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Capabilities”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “RpcId”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “TokenSize”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Comment”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Capabilities”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “RpcId”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “TokenSize”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “DefaultAuthLevel”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion “CurrentBuildNumber”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “Logging”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “Logging Directory”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “Log File Max Size”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”
HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”
HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “Repository Directory”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentLocalConfig “Enable Tracing”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentLocalConfig “Tracing Level”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79617 “Friendly Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79617 “Description”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79617 “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79617 “Enabled”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79617 “Vendor Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79617 “Info Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79617 “Config Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79617 “Validator Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79617 “Registration Date”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79617 “Component Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79618 “Friendly Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79618 “Description”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79618 “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79618 “Enabled”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79618 “Vendor Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79618 “Info Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79618 “Config Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79618 “Validator Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79618 “Registration Date”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79618 “Component Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79619 “Friendly Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79619 “Description”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79619 “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79619 “Enabled”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79619 “Vendor Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79619 “Info Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79619 “Config Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79619 “Validator Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79619 “Registration Date”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79619 “Component Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79620 “Friendly Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79620 “Description”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79620 “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79620 “Enabled”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79620 “Vendor Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79620 “Info Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79620 “Config Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79620 “Validator Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79620 “Registration Date”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79620 “Component Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79621 “Friendly Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79621 “Description”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79621 “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79621 “Enabled”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79621 “Vendor Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79621 “Info Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79621 “Config Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79621 “Validator Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79621 “Registration Date”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79621 “Component Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79623 “Friendly Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79623 “Description”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79623 “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79623 “Enabled”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79623 “Vendor Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79623 “Info Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79623 “Config Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79623 “Validator Clsid”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79623 “Registration Date”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs79623 “Component Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentLocalConfig “PlumbIpsecPolicy”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “ProcessID”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “EnablePrivateObjectHeap”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “ContextLimit”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “ObjectLimit”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “IdentifierLimit”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “DefaultAuthLevel”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “1.exe”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “Sink Transmit Buffer Size”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “DefaultRpcStackSize”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “EnableObjectValidation”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “Logging”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “Log File Max Size”
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{D63A5850-8F16-11CF-9F47-00AA00BF345C}InprocServer32 “ThreadingModel”
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{D63A5850-8F16-11CF-9F47-00AA00BF345C}InprocServer32 “Synchronization”
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{D63A5850-8F16-11CF-9F47-00AA00BF345C}InprocServer32 “”
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{D63A5850-8F16-11CF-9F47-00AA00BF345C} “”
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{D63A5850-8F16-11CF-9F47-00AA00BF345C} “AppId”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionHotFixKB956572 “Installed”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOMSecuredHostProviders “ROOTCIMV2:__Win32Provider.Name=”CIMWin32″”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “Logging Directory”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion “ProductName”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSecurityProviders “SecurityProviders”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Comment”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Capabilities”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “RpcId”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “TokenSize”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Comment”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Capabilities”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “RpcId”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “TokenSize”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Comment”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Capabilities”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “RpcId”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “TokenSize”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlProductOptions “ProductSuite”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion “ProductId”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion “RegisteredOwner”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion “RegisteredOrganization”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion “Plus! ProductId”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion “CurrentType”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion “InstallDate”
HKEY_LOCAL_MACHINESYSTEMSetup “SystemPartition”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPriorityControl “Win32PrioritySeparation”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSession ManagerMemory Management “LargeSystemCache”
HKEY_LOCAL_MACHINEHARDWAREDESCRIPTIONSystemCentralProcessor “ProcessorNameString”
HKEY_LOCAL_MACHINEHARDWAREDESCRIPTIONSystemCentralProcessor “Identifier”
“Counter”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionPerflib “EventLogLevel”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionPerflib “TotalInstanceName”
HKEY_PERFORMANCE_DATA “238”
Enums HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFTIP
HKEY_CURRENT_USERSoftwareMicrosoftCTFTIP{1188450c-fdab-47ae-80d8-c9633f71be64}LanguageProfile
HKEY_CURRENT_USERSoftwareMicrosoftCTFTIP{1188450c-fdab-47ae-80d8-c9633f71be64}LanguageProfilex00000000
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFTIP{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}CategoryCategory{B95F181B-EA4C-4AF1-8056-7C321ABBB091}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFTIP{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}CategoryCategory{B95F181B-EA4C-4AF1-8056-7C321ABBB091}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFTIP{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}CategoryCategory{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_CURRENT_USERSoftwareMicrosoftCTFTIP{1188450c-fdab-47ae-80d8-c9633f71be64}
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes
HKEY_LOCAL_MACHINESOFTWAREClassesTypeLib{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}
HKEY_LOCAL_MACHINESOFTWAREClassesTypeLib{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}1.1
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesnapagentQecs

File Changes by all processes
New Files DeviceTcp
DeviceIp
DeviceIp
C:WINDOWSinfocard.exb
C:WINDOWSinfocard.exe
C:WINDOWSinfocard.exb
DeviceTcp
DeviceIp
DeviceIp
DeviceRasAcd
C:WINDOWSmdsys.s
C:WINDOWSmdusys.s
Opened Files C:WINDOWSAppPatchsysmain.sdb
C:WINDOWSAppPatchsystest.sdb
DeviceNamedPipeShimViewer
C:WINDOWSsystem32
c:IM35616.JPGwww.myspace.com.exe
C:WINDOWSAppPatchsysmain.sdb
C:WINDOWSAppPatchsystest.sdb
DeviceNamedPipeShimViewer
C:WINDOWSsystem32
.Ip
C:WINDOWSAppPatchsysmain.sdb
C:WINDOWSAppPatchsystest.sdb
DeviceNamedPipeShimViewer
C:WINDOWSsystem32
C:WINDOWS
C:WINDOWSRegistrationR000000000007.clb
.PIPElsarpc
1.exe
C:WINDOWSAppPatchsysmain.sdb
C:WINDOWSAppPatchsystest.sdb
DeviceNamedPipeShimViewer
C:WINDOWSsystem32
C:WINDOWSinfocard.exe
.WMIDataDevice
C:WINDOWSsystem32ieframe.dll
.PIPElsarpc
C:WINDOWSAppPatchsysmain.sdb
C:WINDOWSAppPatchsystest.sdb
DeviceNamedPipeShimViewer
C:WINDOWSsystem32
C:ProgrammeInternet ExplorerIEXPLORE.EXE
.PIPElsarpc
C:WINDOWSsystem32de-DEIEFRAME.dll.mui
C:WINDOWSsystem32msimtf.dll
C:WINDOWSRegistrationR000000000007.clb
C:WINDOWSSystem32cscui.dll
.shadow
C:WINDOWSsystem32de-DEieframe.dll.mui
C:WINDOWSsystem32ieframe.dll
C:WINDOWSsystem32stdole2.tlb
C:ProgrammeGemeinsame DateienAdobeAcrobatActiveXAcroIEHelper.dll
C:WINDOWSsystem32xpsp3res.dll
.Ip
C:WINDOWSAppPatchsysmain.sdb
C:WINDOWSAppPatchsystest.sdb
DeviceNamedPipeShimViewer
C:WINDOWSsystem32
.PIPElsarpc
c:autoexec.bat
.PIPEROUTER
C:WINDOWSinfocard.exe
C:WINDOWSRegistrationR000000000007.clb
.PIPElsarpc
1.exe
.PIPElsarpc
.pipePIPE_EVENTROOT/CIMV2PROVIDERSUBSYSTEM
C:WINDOWSRegistrationR000000000007.clb
C:WINDOWSREPAIRSETUP.LOG
.PIPEwkssvc
.PIPEsrvsvc
Deleted Files C:WINDOWSinfocard.exe
C:WINDOWSinfocard.exb
Chronological Order Open File: C:WINDOWSAppPatchsysmain.sdb (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsystest.sdb (OPEN_EXISTING)
Open File: DeviceNamedPipeShimViewer (OPEN_EXISTING)
Open File: C:WINDOWSsystem32 ()
Find File: C:WINDOWSsystem32net.exe
Open File: c:IM35616.JPGwww.myspace.com.exe (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsysmain.sdb (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsystest.sdb (OPEN_EXISTING)
Open File: DeviceNamedPipeShimViewer (OPEN_EXISTING)
Open File: C:WINDOWSsystem32 ()
Find File: C:WINDOWSsystem32net1.exe
Create/Open File: DeviceTcp (OPEN_ALWAYS)
Create/Open File: DeviceIp (OPEN_ALWAYS)
Create/Open File: DeviceIp (OPEN_ALWAYS)
Open File: .Ip (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsysmain.sdb (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsystest.sdb (OPEN_EXISTING)
Open File: DeviceNamedPipeShimViewer (OPEN_EXISTING)
Open File: C:WINDOWSsystem32 ()
Find File: C:WINDOWSsystem32netsh.exe
Get File Attributes: C:WINDOWSinfocard.exe Flags: (SECURITY_ANONYMOUS)
Copy File: c:IM35616.JPGwww.myspace.com.exe to C:WINDOWSinfocard.exb
Set File Attributes: C:WINDOWSinfocard.exe Flags: (FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS)
Set File Attributes: C:WINDOWSinfocard.exb Flags: (FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS)
Delete File: C:WINDOWSinfocard.exe
Create File: C:WINDOWSinfocard.exe
Create/Open File: C:WINDOWSinfocard.exb (OPEN_ALWAYS)
Delete File: C:WINDOWSinfocard.exb
Set File Attributes: c:IM35616.JPGwww.myspace.com.exe Flags: (FILE_ATTRIBUTE_HIDDEN FILE_ATTRIBUTE_READONLY FILE_ATTRIBUTE_SYSTEM SECURITY_ANONYMOUS)
Set File Attributes: C:WINDOWSinfocard.exe Flags: (FILE_ATTRIBUTE_HIDDEN FILE_ATTRIBUTE_READONLY FILE_ATTRIBUTE_SYSTEM SECURITY_ANONYMOUS)
Open File: C:WINDOWS ()
Find File: C:WINDOWSinfocard.exe
Find File: C:WINDOWSexplorer.exe
Get File Attributes: C:WINDOWSRegistration Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSRegistrationR000000000007.clb (OPEN_EXISTING)
Get File Attributes: C:WINDOWSsystem32WBEMLogs Flags: (SECURITY_ANONYMOUS)
Open File: .PIPElsarpc (OPEN_EXISTING)
Open File: 1.exe (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsysmain.sdb (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsystest.sdb (OPEN_EXISTING)
Open File: DeviceNamedPipeShimViewer (OPEN_EXISTING)
Open File: C:WINDOWSsystem32 ()
Find File: C:WINDOWSsystem32net.exe
Open File: C:WINDOWSinfocard.exe (OPEN_EXISTING)
Open File: .WMIDataDevice (OPEN_EXISTING)
Open File: C:WINDOWSsystem32ieframe.dll (OPEN_EXISTING)
Get File Attributes: C:WINDOWS Flags: (SECURITY_ANONYMOUS)
Open File: .PIPElsarpc (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsysmain.sdb (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsystest.sdb (OPEN_EXISTING)
Open File: DeviceNamedPipeShimViewer (OPEN_EXISTING)
Open File: C:WINDOWSsystem32 ()
Find File: C:WINDOWSsystem32net1.exe
Open File: C:ProgrammeInternet ExplorerIEXPLORE.EXE (OPEN_EXISTING)
Open File: .PIPElsarpc (OPEN_EXISTING)
Open File: C:WINDOWSsystem32de-DEIEFRAME.dll.mui (OPEN_EXISTING)
Open File: C:WINDOWSsystem32msimtf.dll (OPEN_EXISTING)
Get File Attributes: C:WINDOWSRegistration Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSRegistrationR000000000007.clb (OPEN_EXISTING)
Open File: C:WINDOWSSystem32cscui.dll (OPEN_EXISTING)
Open File: .shadow (OPEN_EXISTING)
Get File Attributes: C:WINDOWS Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSsystem32de-DEieframe.dll.mui (OPEN_EXISTING)
Get File Attributes: C:ProgrammeSkypePhoneSkype.exe Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSsystem32ieframe.dll (OPEN_EXISTING)
Open File: C:WINDOWSsystem32stdole2.tlb (OPEN_EXISTING)
Get File Attributes: C:Dokumente und EinstellungenAdministratorFavoritendesktop.ini Flags: (SECURITY_ANONYMOUS)
Open File: C:ProgrammeGemeinsame DateienAdobeAcrobatActiveXAcroIEHelper.dll (OPEN_EXISTING)
Get File Attributes: C:ProgrammeSkypeToolbarsInternet Explorerfavicon.ico Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSsystem32xpsp3res.dll (OPEN_EXISTING)
Get File Attributes: C:ProgrammeMessengermsmsgs.exe Flags: (SECURITY_ANONYMOUS)
Create/Open File: DeviceTcp (OPEN_ALWAYS)
Create/Open File: DeviceIp (OPEN_ALWAYS)
Create/Open File: DeviceIp (OPEN_ALWAYS)
Open File: .Ip (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsysmain.sdb (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsystest.sdb (OPEN_EXISTING)
Open File: DeviceNamedPipeShimViewer (OPEN_EXISTING)
Open File: C:WINDOWSsystem32 ()
Find File: C:WINDOWSsystem32netsh.exe
Set File Attributes: C:WINDOWSinfocard.exe Flags: (FILE_ATTRIBUTE_HIDDEN FILE_ATTRIBUTE_READONLY FILE_ATTRIBUTE_SYSTEM SECURITY_ANONYMOUS)
Create/Open File: DeviceRasAcd (OPEN_ALWAYS)
Open File: .PIPElsarpc (OPEN_EXISTING)
Get File Attributes: c:autoexec.bat Flags: (SECURITY_ANONYMOUS)
Open File: c:autoexec.bat (OPEN_EXISTING)
Find File: C:Dokumente und EinstellungenAll UsersAnwendungsdatenMicrosoftNetworkConnectionsPbk*.pbk
Find File: C:WINDOWSsystem32Ras*.pbk
Open File: .PIPEROUTER (OPEN_EXISTING)
Find File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenMicrosoftNetworkConnectionsPbk*.pbk
Open File: C:WINDOWSinfocard.exe (OPEN_EXISTING)
Set File Attributes: C:WINDOWSmdsys.s Flags: (FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS)
Create/Open File: C:WINDOWSmdsys.s (OPEN_ALWAYS)
Set File Attributes: C:WINDOWSmdusys.s Flags: (FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS)
Create/Open File: C:WINDOWSmdusys.s (OPEN_ALWAYS)
Get File Attributes: C:WINDOWSRegistration Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSRegistrationR000000000007.clb (OPEN_EXISTING)
Get File Attributes: C:WINDOWSsystem32WBEMLogs Flags: (SECURITY_ANONYMOUS)
Open File: .PIPElsarpc (OPEN_EXISTING)
Open File: 1.exe (OPEN_EXISTING)
Open File: .PIPElsarpc (OPEN_EXISTING)
Open File: .pipePIPE_EVENTROOT/CIMV2PROVIDERSUBSYSTEM (OPEN_EXISTING)
Get File Attributes: C:WINDOWSRegistration Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSRegistrationR000000000007.clb (OPEN_EXISTING)
Get File Attributes: C:WINDOWSsystem32WBEMLogs Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:WINDOWS Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSREPAIRSETUP.LOG ()
Open File: .PIPEwkssvc (OPEN_EXISTING)
Open File: .PIPEsrvsvc (OPEN_EXISTING)

Categories: Uncategorized