Installation Report: winupdate65418721[1]
Generated by InCtrl5, version 1.0.0.0
Install program:
C:\Documents and
Settings\WMFINN\Skrivebord\Virusfiler\horseserver\winupdate65418721[1].exe
2-4-2005 6:04 PM
Contents
Registry
Keys ignored: 0
Keys added: 58
- HKEY_CURRENT_USER\Software\Microsoft\MSSTSL
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\5.0\Cache\Extensible Cache\MSHist012005012420050131
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\5.0\Cache\Extensible Cache\MSHist012005020420050205
- HKEY_CURRENT_USER\Software\Visio RAS Script
- HKEY_CURRENT_USER\Software\WebSiteViewer
- HKEY_CURRENT_USER\Software\WebSiteViewer\Settings
- HKEY_CLASSES_ROOT\BHO.Explorer
- HKEY_CLASSES_ROOT\BHO.Explorer\CLSID
- HKEY_CLASSES_ROOT\BHO.Explorer\CurVer
- HKEY_CLASSES_ROOT\BHO.Explorer.1
- HKEY_CLASSES_ROOT\BHO.Explorer.1\CLSID
- HKEY_CLASSES_ROOT\CLSID\{962F12AE-2773-4BEB-99EA-B5C3AB9A6606}
- HKEY_CLASSES_ROOT\CLSID\{962F12AE-2773-4BEB-99EA-B5C3AB9A6606}\InprocServer32
- HKEY_CLASSES_ROOT\CLSID\{962F12AE-2773-4BEB-99EA-B5C3AB9A6606}\ProgID
- HKEY_CLASSES_ROOT\CLSID\{962F12AE-2773-4BEB-99EA-B5C3AB9A6606}\Programmable
- HKEY_CLASSES_ROOT\CLSID\{962F12AE-2773-4BEB-99EA-B5C3AB9A6606}\TypeLib
- HKEY_CLASSES_ROOT\CLSID\{962F12AE-2773-4BEB-99EA-B5C3AB9A6606}\VersionIndependentProgID
- HKEY_CLASSES_ROOT\Interface\{4BFF19A6-300B-4A7A-9C7F-0CE8A14E2889}
- HKEY_CLASSES_ROOT\Interface\{4BFF19A6-300B-4A7A-9C7F-0CE8A14E2889}\ProxyStubClsid
- HKEY_CLASSES_ROOT\Interface\{4BFF19A6-300B-4A7A-9C7F-0CE8A14E2889}\ProxyStubClsid32
- HKEY_CLASSES_ROOT\Interface\{4BFF19A6-300B-4A7A-9C7F-0CE8A14E2889}\TypeLib
- HKEY_CLASSES_ROOT\TypeLib\{90164B42-3C67-4D81-BED6-8845D9DAA79C}
- HKEY_CLASSES_ROOT\TypeLib\{90164B42-3C67-4D81-BED6-8845D9DAA79C}\1.0
- HKEY_CLASSES_ROOT\TypeLib\{90164B42-3C67-4D81-BED6-8845D9DAA79C}\1.0\0
- HKEY_CLASSES_ROOT\TypeLib\{90164B42-3C67-4D81-BED6-8845D9DAA79C}\1.0\0\win32
- HKEY_CLASSES_ROOT\TypeLib\{90164B42-3C67-4D81-BED6-8845D9DAA79C}\1.0\FLAGS
- HKEY_CLASSES_ROOT\TypeLib\{90164B42-3C67-4D81-BED6-8845D9DAA79C}\1.0\HELPDIR
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DownloadManager
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{962F12AE-2773-4BEB-99EA-B5C3AB9A6606}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MDS
Search Booster
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\drct16
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_VDMT16
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_VDMT16\0000
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_VDMT16\0000\Control
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINLOW
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINLOW\0000
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINLOW\0000\Control
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vdmt16
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vdmt16\Enum
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vdmt16\Security
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VFILT
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winlow
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winlow\Enum
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winlow\Security
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VDMT16
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VDMT16\0000
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VDMT16\0000\Control
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINLOW
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINLOW\0000
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINLOW\0000\Control
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdmt16
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdmt16\Enum
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdmt16\Security
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VFILT
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winlow
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winlow\Enum
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winlow\Security
Keys deleted: 3
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\5.0\Cache\Extensible Cache\MSHist012005012420050125
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\5.0\Cache\Extensible Cache\MSHist012005012520050126
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\5.0\Cache\Extensible Cache\MSHist012005012620050127
Values added: 125
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "conc"
- Type: REG_DWORD
- Data: D1, AA, 03, 42
- HKEY_CURRENT_USER\Software\Microsoft\MSSTSL "aid"
- Type: REG_BINARY
- Data: اددد¾
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
"Start_ShowNetConn_ShouldShow"
- Type: REG_DWORD
- Data: 42, 00, 00, 00
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\5.0\Cache\Extensible Cache\MSHist012005012420050131
"CacheLimit"
- Type: REG_DWORD
- Data: 00, 20, 00, 00
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\5.0\Cache\Extensible Cache\MSHist012005012420050131
"CacheOptions"
- Type: REG_DWORD
- Data: 0B, 00, 00, 00
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\5.0\Cache\Extensible Cache\MSHist012005012420050131
"CachePath"
- Type: REG_EXPAND_SZ
- Data: %USERPROFILE%\Lokale
indstillinger\Oversigt\History.IE5\MSHist012005012420050131\
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\5.0\Cache\Extensible Cache\MSHist012005012420050131
"CachePrefix"
- Type: REG_SZ
- Data: :2005012420050131:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\5.0\Cache\Extensible Cache\MSHist012005012420050131
"CacheRepair"
- Type: REG_DWORD
- Data: 00, 00, 00, 00
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\5.0\Cache\Extensible Cache\MSHist012005020420050205
"CacheLimit"
- Type: REG_DWORD
- Data: 00, 20, 00, 00
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\5.0\Cache\Extensible Cache\MSHist012005020420050205
"CacheOptions"
- Type: REG_DWORD
- Data: 0B, 00, 00, 00
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\5.0\Cache\Extensible Cache\MSHist012005020420050205
"CachePath"
- Type: REG_EXPAND_SZ
- Data: %USERPROFILE%\Lokale
indstillinger\Oversigt\History.IE5\MSHist012005020420050205\
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\5.0\Cache\Extensible Cache\MSHist012005020420050205
"CachePrefix"
- Type: REG_SZ
- Data: :2005020420050205:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\5.0\Cache\Extensible Cache\MSHist012005020420050205
"CacheRepair"
- Type: REG_DWORD
- Data: 00, 00, 00, 00
- HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
"C:\DOCUME~1\WMFINN\LOKALE~1\Temp\tmp13.tmp"
- Type: REG_SZ
- Data: tmp13
- HKEY_CURRENT_USER\Software\Visio RAS Script "mkc"
- Type: REG_SZ
- Data:
cGF5cz1maQ0KdGVsPTAwODgyMTM4ODE3MjQNCm5hYj1vdHBmMQ0KcHJpeD1JbnRlcm5hdGlvbm5hbCByYXRlDQpkdXJlZT0zNTQwMDAwDQplZGl0PSszMzQ1NjU4OTQwMA==
- HKEY_CURRENT_USER\Software\Visio RAS Script "nbint"
- Type: REG_SZ
- Data: 0
- HKEY_CURRENT_USER\Software\WebSiteViewer\Settings "country"
- Type: REG_SZ
- Data: 45
- HKEY_CURRENT_USER\Software\WebSiteViewer\Settings "lang"
- Type: REG_SZ
- Data:
- HKEY_CURRENT_USER\Software\WebSiteViewer\Settings "lc"
- Type: REG_SZ
- Data: 6
- HKEY_CLASSES_ROOT\BHO.Explorer "(Default)"
- Type: REG_SZ
- Data: Explorer Class
- HKEY_CLASSES_ROOT\BHO.Explorer\CLSID "(Default)"
- Type: REG_SZ
- Data: {962F12AE-2773-4BEB-99EA-B5C3AB9A6606}
- HKEY_CLASSES_ROOT\BHO.Explorer\CurVer "(Default)"
- Type: REG_SZ
- Data: BHO.Explorer.1
- HKEY_CLASSES_ROOT\BHO.Explorer.1 "(Default)"
- Type: REG_SZ
- Data: Explorer Class
- HKEY_CLASSES_ROOT\BHO.Explorer.1\CLSID "(Default)"
- Type: REG_SZ
- Data: {962F12AE-2773-4BEB-99EA-B5C3AB9A6606}
- HKEY_CLASSES_ROOT\CLSID\{962F12AE-2773-4BEB-99EA-B5C3AB9A6606}
"(Default)"
- Type: REG_SZ
- Data: Explorer Class
- HKEY_CLASSES_ROOT\CLSID\{962F12AE-2773-4BEB-99EA-B5C3AB9A6606}\InprocServer32
"(Default)"
- Type: REG_SZ
- Data: C:\WINDOWS\System32\DSMANA~1.DLL
- HKEY_CLASSES_ROOT\CLSID\{962F12AE-2773-4BEB-99EA-B5C3AB9A6606}\InprocServer32
"ThreadingModel"
- Type: REG_SZ
- Data: Apartment
- HKEY_CLASSES_ROOT\CLSID\{962F12AE-2773-4BEB-99EA-B5C3AB9A6606}\ProgID
"(Default)"
- Type: REG_SZ
- Data: BHO.Explorer.1
- HKEY_CLASSES_ROOT\CLSID\{962F12AE-2773-4BEB-99EA-B5C3AB9A6606}\TypeLib
"(Default)"
- Type: REG_SZ
- Data: {90164B42-3C67-4D81-BED6-8845D9DAA79C}
- HKEY_CLASSES_ROOT\CLSID\{962F12AE-2773-4BEB-99EA-B5C3AB9A6606}\VersionIndependentProgID
"(Default)"
- Type: REG_SZ
- Data: BHO.Explorer
- HKEY_CLASSES_ROOT\Interface\{4BFF19A6-300B-4A7A-9C7F-0CE8A14E2889}
"(Default)"
- Type: REG_SZ
- Data: IExplorer
- HKEY_CLASSES_ROOT\Interface\{4BFF19A6-300B-4A7A-9C7F-0CE8A14E2889}\ProxyStubClsid
"(Default)"
- Type: REG_SZ
- Data: {00020424-0000-0000-C000-000000000046}
- HKEY_CLASSES_ROOT\Interface\{4BFF19A6-300B-4A7A-9C7F-0CE8A14E2889}\ProxyStubClsid32
"(Default)"
- Type: REG_SZ
- Data: {00020424-0000-0000-C000-000000000046}
- HKEY_CLASSES_ROOT\Interface\{4BFF19A6-300B-4A7A-9C7F-0CE8A14E2889}\TypeLib
"(Default)"
- Type: REG_SZ
- Data: {90164B42-3C67-4D81-BED6-8845D9DAA79C}
- HKEY_CLASSES_ROOT\Interface\{4BFF19A6-300B-4A7A-9C7F-0CE8A14E2889}\TypeLib
"Version"
- Type: REG_SZ
- Data: 1.0
- HKEY_CLASSES_ROOT\TypeLib\{90164B42-3C67-4D81-BED6-8845D9DAA79C}\1.0
"(Default)"
- Type: REG_SZ
- Data: BHO 1.0 Type Library
- HKEY_CLASSES_ROOT\TypeLib\{90164B42-3C67-4D81-BED6-8845D9DAA79C}\1.0\0\win32
"(Default)"
- Type: REG_SZ
- Data: C:\WINDOWS\System32\dsmanager.dll
- HKEY_CLASSES_ROOT\TypeLib\{90164B42-3C67-4D81-BED6-8845D9DAA79C}\1.0\FLAGS
"(Default)"
- Type: REG_SZ
- Data: 0
- HKEY_CLASSES_ROOT\TypeLib\{90164B42-3C67-4D81-BED6-8845D9DAA79C}\1.0\HELPDIR
"(Default)"
- Type: REG_SZ
- Data: C:\WINDOWS\System32\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MDS
Search Booster "DisplayName"
- Type: REG_SZ
- Data: MDS Search Booster
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MDS
Search Booster "UninstallString"
- Type: REG_SZ
- Data: C:\DOCUME~1\WMFINN\LOKALE~1\Temp\tmp12.tmp
/uninstall
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
"hws"
- Type: REG_DWORD
- Data: DC, 04, 00, 00
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\drct16 "Asynchronous"
- Type: REG_DWORD
- Data: 01, 00, 00, 00
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\drct16 "DllName"
- Type: REG_EXPAND_SZ
- Data: drct16.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\drct16 "Impersonate"
- Type: REG_DWORD
- Data: 01, 00, 00, 00
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\drct16 "MaxWait"
- Type: REG_DWORD
- Data: 01, 00, 00, 00
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\drct16 "Startup"
- Type: REG_SZ
- Data: MeMessager
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control "Impersonate"
- Type: REG_SZ
- Data: [35533799932811792691]
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control "StackSize"
- Type: REG_SZ
- Data: 4:2
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Memory
Management "EnforceWriteProtection"
- Type: REG_DWORD
- Data: 00, 00, 00, 00
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_VDMT16
"NextInstance"
- Type: REG_DWORD
- Data: 01, 00, 00, 00
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_VDMT16\0000
"Class"
- Type: REG_SZ
- Data: LegacyDriver
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_VDMT16\0000
"ClassGUID"
- Type: REG_SZ
- Data: {8ECC055D-047F-11D1-A537-0000F8753ED1}
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_VDMT16\0000
"ConfigFlags"
- Type: REG_DWORD
- Data: 00, 00, 00, 00
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_VDMT16\0000
"DeviceDesc"
- Type: REG_SZ
- Data: VIRTwin
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_VDMT16\0000
"Legacy"
- Type: REG_DWORD
- Data: 01, 00, 00, 00
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_VDMT16\0000
"Service"
- Type: REG_SZ
- Data: vdmt16
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_VDMT16\0000\Control
"*NewlyCreated*"
- Type: REG_DWORD
- Data: 00, 00, 00, 00
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_VDMT16\0000\Control
"ActiveService"
- Type: REG_SZ
- Data: vdmt16
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINLOW
"NextInstance"
- Type: REG_DWORD
- Data: 01, 00, 00, 00
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINLOW\0000
"Class"
- Type: REG_SZ
- Data: LegacyDriver
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINLOW\0000
"ClassGUID"
- Type: REG_SZ
- Data: {8ECC055D-047F-11D1-A537-0000F8753ED1}
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINLOW\0000
"ConfigFlags"
- Type: REG_DWORD
- Data: 00, 00, 00, 00
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINLOW\0000
"DeviceDesc"
- Type: REG_SZ
- Data: SCNDmem
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINLOW\0000
"Legacy"
- Type: REG_DWORD
- Data: 01, 00, 00, 00
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINLOW\0000
"Service"
- Type: REG_SZ
- Data: winlow
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINLOW\0000\Control
"*NewlyCreated*"
- Type: REG_DWORD
- Data: 00, 00, 00, 00
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINLOW\0000\Control
"ActiveService"
- Type: REG_SZ
- Data: winlow
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vdmt16
"DisplayName"
- Type: REG_SZ
- Data: VIRTwin
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vdmt16
"ErrorControl"
- Type: REG_DWORD
- Data: 00, 00, 00, 00
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vdmt16 "ImagePath"
- Type: REG_EXPAND_SZ
- Data: \??\C:\WINDOWS\System32\vdmt16.sys
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vdmt16 "Start"
- Type: REG_DWORD
- Data: 01, 00, 00, 00
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vdmt16 "Type"
- Type: REG_DWORD
- Data: 01, 00, 00, 00
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vdmt16\Enum "0"
- Type: REG_SZ
- Data: Root\LEGACY_VDMT16\0000
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vdmt16\Enum
"Count"
- Type: REG_DWORD
- Data: 01, 00, 00, 00
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vdmt16\Enum
"NextInstance"
- Type: REG_DWORD
- Data: 01, 00, 00, 00
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vdmt16\Security
"Security"
- Type: REG_BINARY
- Data: 01, 00, 14, 80, 90, 00, 00, 00, 9C, 00, 00, 00, 14, 00, 00,
00, 30, 00, 00, 00, 02, 00, 1C, 00, 01, 00, 00, 00, 02, 80, 14, 00, FF, 01,
0F, 00, 01, 01, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 02, 00, 60, 00, 04,
00, 00, 00, 00, 00, 14, 00, FD, 01, 02, 00, 01, 01, 00, 00, 00, 00, 00, 05,
12, 00, 00, 00, 00, 00, 18, 00, FF, 01, 0F, 00, 01, 02, 00, 00, 00, 00, 00,
05, 20, 00, 00, 00, 20, 02, 00, 00, 00, 00, 14, 00, 8D, 01, 02, 00, 01, 01,
00, 00, 00, 00, 00, 05, 0B, 00, 00, 00, 00, 00, 18, 00, FD, 01, 02, 00, 01,
02, 00, 00, 00, 00, 00, 05, 20, 00, 00, 00, 23, 02, 00, 00, 01, 01, 00, 00,
00, 00, 00, 05, 12, 00, 00, 00, 01, 01, 00, 00, 00, 00, 00, 05, 12, 00, 00,
00
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winlow
"DisplayName"
- Type: REG_SZ
- Data: SCNDmem
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winlow
"ErrorControl"
- Type: REG_DWORD
- Data: 00, 00, 00, 00
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winlow "ImagePath"
- Type: REG_EXPAND_SZ
- Data: \??\C:\WINDOWS\System32\winlow.sys
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winlow "Start"
- Type: REG_DWORD
- Data: 02, 00, 00, 00
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winlow "Type"
- Type: REG_DWORD
- Data: 01, 00, 00, 00
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winlow\Enum "0"
- Type: REG_SZ
- Data: Root\LEGACY_WINLOW\0000
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winlow\Enum
"Count"
- Type: REG_DWORD
- Data: 01, 00, 00, 00
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winlow\Enum
"NextInstance"
- Type: REG_DWORD
- Data: 01, 00, 00, 00
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winlow\Security
"Security"
- Type: REG_BINARY
- Data: 01, 00, 14, 80, 90, 00, 00, 00, 9C, 00, 00, 00, 14, 00, 00,
00, 30, 00, 00, 00, 02, 00, 1C, 00, 01, 00, 00, 00, 02, 80, 14, 00, FF, 01,
0F, 00, 01, 01, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 02, 00, 60, 00, 04,
00, 00, 00, 00, 00, 14, 00, FD, 01, 02, 00, 01, 01, 00, 00, 00, 00, 00, 05,
12, 00, 00, 00, 00, 00, 18, 00, FF, 01, 0F, 00, 01, 02, 00, 00, 00, 00, 00,
05, 20, 00, 00, 00, 20, 02, 00, 00, 00, 00, 14, 00, 8D, 01, 02, 00, 01, 01,
00, 00, 00, 00, 00, 05, 0B, 00, 00, 00, 00, 00, 18, 00, FD, 01, 02, 00, 01,
02, 00, 00, 00, 00, 00, 05, 20, 00, 00, 00, 23, 02, 00, 00, 01, 01, 00, 00,
00, 00, 00, 05, 12, 00, 00, 00, 01, 01, 00, 00, 00, 00, 00, 05, 12, 00, 00,
00
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control "Impersonate"
- Type: REG_SZ
- Data: [35533799932811792691]
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control "StackSize"
- Type: REG_SZ
- Data: 4:2
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory
Management "EnforceWriteProtection"
- Type: REG_DWORD
- Data: 00, 00, 00, 00
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VDMT16
"NextInstance"
- Type: REG_DWORD
- Data: 01, 00, 00, 00
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VDMT16\0000
"Class"
- Type: REG_SZ
- Data: LegacyDriver
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VDMT16\0000
"ClassGUID"
- Type: REG_SZ
- Data: {8ECC055D-047F-11D1-A537-0000F8753ED1}
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VDMT16\0000
"ConfigFlags"
- Type: REG_DWORD
- Data: 00, 00, 00, 00
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VDMT16\0000
"DeviceDesc"
- Type: REG_SZ
- Data: VIRTwin
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VDMT16\0000
"Legacy"
- Type: REG_DWORD
- Data: 01, 00, 00, 00
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VDMT16\0000
"Service"
- Type: REG_SZ
- Data: vdmt16
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VDMT16\0000\Control
"*NewlyCreated*"
- Type: REG_DWORD
- Data: 00, 00, 00, 00
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VDMT16\0000\Control
"ActiveService"
- Type: REG_SZ
- Data: vdmt16
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINLOW
"NextInstance"
- Type: REG_DWORD
- Data: 01, 00, 00, 00
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINLOW\0000
"Class"
- Type: REG_SZ
- Data: LegacyDriver
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINLOW\0000
"ClassGUID"
- Type: REG_SZ
- Data: {8ECC055D-047F-11D1-A537-0000F8753ED1}
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINLOW\0000
"ConfigFlags"
- Type: REG_DWORD
- Data: 00, 00, 00, 00
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINLOW\0000
"DeviceDesc"
- Type: REG_SZ
- Data: SCNDmem
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINLOW\0000
"Legacy"
- Type: REG_DWORD
- Data: 01, 00, 00, 00
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINLOW\0000
"Service"
- Type: REG_SZ
- Data: winlow
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINLOW\0000\Control
"*NewlyCreated*"
- Type: REG_DWORD
- Data: 00, 00, 00, 00
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINLOW\0000\Control
"ActiveService"
- Type: REG_SZ
- Data: winlow
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdmt16
"DisplayName"
- Type: REG_SZ
- Data: VIRTwin
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdmt16
"ErrorControl"
- Type: REG_DWORD
- Data: 00, 00, 00, 00
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdmt16
"ImagePath"
- Type: REG_EXPAND_SZ
- Data: \??\C:\WINDOWS\System32\vdmt16.sys
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdmt16 "Start"
- Type: REG_DWORD
- Data: 01, 00, 00, 00
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdmt16 "Type"
- Type: REG_DWORD
- Data: 01, 00, 00, 00
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdmt16\Enum
"0"
- Type: REG_SZ
- Data: Root\LEGACY_VDMT16\0000
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdmt16\Enum
"Count"
- Type: REG_DWORD
- Data: 01, 00, 00, 00
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdmt16\Enum
"NextInstance"
- Type: REG_DWORD
- Data: 01, 00, 00, 00
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdmt16\Security
"Security"
- Type: REG_BINARY
- Data: 01, 00, 14, 80, 90, 00, 00, 00, 9C, 00, 00, 00, 14, 00, 00,
00, 30, 00, 00, 00, 02, 00, 1C, 00, 01, 00, 00, 00, 02, 80, 14, 00, FF, 01,
0F, 00, 01, 01, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 02, 00, 60, 00, 04,
00, 00, 00, 00, 00, 14, 00, FD, 01, 02, 00, 01, 01, 00, 00, 00, 00, 00, 05,
12, 00, 00, 00, 00, 00, 18, 00, FF, 01, 0F, 00, 01, 02, 00, 00, 00, 00, 00,
05, 20, 00, 00, 00, 20, 02, 00, 00, 00, 00, 14, 00, 8D, 01, 02, 00, 01, 01,
00, 00, 00, 00, 00, 05, 0B, 00, 00, 00, 00, 00, 18, 00, FD, 01, 02, 00, 01,
02, 00, 00, 00, 00, 00, 05, 20, 00, 00, 00, 23, 02, 00, 00, 01, 01, 00, 00,
00, 00, 00, 05, 12, 00, 00, 00, 01, 01, 00, 00, 00, 00, 00, 05, 12, 00, 00,
00
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winlow
"DisplayName"
- Type: REG_SZ
- Data: SCNDmem
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winlow
"ErrorControl"
- Type: REG_DWORD
- Data: 00, 00, 00, 00
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winlow
"ImagePath"
- Type: REG_EXPAND_SZ
- Data: \??\C:\WINDOWS\System32\winlow.sys
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winlow "Start"
- Type: REG_DWORD
- Data: 02, 00, 00, 00
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winlow "Type"
- Type: REG_DWORD
- Data: 01, 00, 00, 00
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winlow\Enum
"0"
- Type: REG_SZ
- Data: Root\LEGACY_WINLOW\0000
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winlow\Enum
"Count"
- Type: REG_DWORD
- Data: 01, 00, 00, 00
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winlow\Enum
"NextInstance"
- Type: REG_DWORD
- Data: 01, 00, 00, 00
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winlow\Security
"Security"
- Type: REG_BINARY
- Data: 01, 00, 14, 80, 90, 00, 00, 00, 9C, 00, 00, 00, 14, 00, 00,
00, 30, 00, 00, 00, 02, 00, 1C, 00, 01, 00, 00, 00, 02, 80, 14, 00, FF, 01,
0F, 00, 01, 01, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 02, 00, 60, 00, 04,
00, 00, 00, 00, 00, 14, 00, FD, 01, 02, 00, 01, 01, 00, 00, 00, 00, 00, 05,
12, 00, 00, 00, 00, 00, 18, 00, FF, 01, 0F, 00, 01, 02, 00, 00, 00, 00, 00,
05, 20, 00, 00, 00, 20, 02, 00, 00, 00, 00, 14, 00, 8D, 01, 02, 00, 01, 01,
00, 00, 00, 00, 00, 05, 0B, 00, 00, 00, 00, 00, 18, 00, FD, 01, 02, 00, 01,
02, 00, 00, 00, 00, 00, 05, 20, 00, 00, 00, 23, 02, 00, 00, 01, 01, 00, 00,
00, 00, 00, 05, 12, 00, 00, 00, 01, 01, 00, 00, 00, 00, 00, 05, 12, 00, 00,
00
Values deleted: 17
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\5.0\Cache\Extensible Cache\MSHist012005012420050125
"CacheLimit"
- Type: REG_DWORD
- Data: 00, 20, 00, 00
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\5.0\Cache\Extensible Cache\MSHist012005012420050125
"CacheOptions"
- Type: REG_DWORD
- Data: 0B, 00, 00, 00
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\5.0\Cache\Extensible Cache\MSHist012005012420050125
"CachePath"
- Type: REG_EXPAND_SZ
- Data: %USERPROFILE%\Lokale
indstillinger\Oversigt\History.IE5\MSHist012005012420050125\
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\5.0\Cache\Extensible Cache\MSHist012005012420050125
"CachePrefix"
- Type: REG_SZ
- Data: :2005012420050125:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\5.0\Cache\Extensible Cache\MSHist012005012420050125
"CacheRepair"
- Type: REG_DWORD
- Data: 00, 00, 00, 00
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\5.0\Cache\Extensible Cache\MSHist012005012520050126
"CacheLimit"
- Type: REG_DWORD
- Data: 00, 20, 00, 00
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\5.0\Cache\Extensible Cache\MSHist012005012520050126
"CacheOptions"
- Type: REG_DWORD
- Data: 0B, 00, 00, 00
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\5.0\Cache\Extensible Cache\MSHist012005012520050126
"CachePath"
- Type: REG_EXPAND_SZ
- Data: %USERPROFILE%\Lokale
indstillinger\Oversigt\History.IE5\MSHist012005012520050126\
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\5.0\Cache\Extensible Cache\MSHist012005012520050126
"CachePrefix"
- Type: REG_SZ
- Data: :2005012520050126:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\5.0\Cache\Extensible Cache\MSHist012005012520050126
"CacheRepair"
- Type: REG_DWORD
- Data: 00, 00, 00, 00
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\5.0\Cache\Extensible Cache\MSHist012005012620050127
"CacheLimit"
- Type: REG_DWORD
- Data: 00, 20, 00, 00
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\5.0\Cache\Extensible Cache\MSHist012005012620050127
"CacheOptions"
- Type: REG_DWORD
- Data: 0B, 00, 00, 00
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\5.0\Cache\Extensible Cache\MSHist012005012620050127
"CachePath"
- Type: REG_EXPAND_SZ
- Data: %USERPROFILE%\Lokale
indstillinger\Oversigt\History.IE5\MSHist012005012620050127\
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\5.0\Cache\Extensible Cache\MSHist012005012620050127
"CachePrefix"
- Type: REG_SZ
- Data: :2005012620050127:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\5.0\Cache\Extensible Cache\MSHist012005012620050127
"CacheRepair"
- Type: REG_DWORD
- Data: 00, 00, 00, 00
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess
"Start"
- Type: REG_DWORD
- Data: 02, 00, 00, 00
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess
"Start"
- Type: REG_DWORD
- Data: 02, 00, 00, 00
Values changed: 23
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Connections "SavedLegacySettings"
- Old type: REG_BINARY
- New type: REG_BINARY
- Old data: 3C, 00, 00, 00, 10, 00, 00, 00, 01, 00, 00, 00, 00, 00,
00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00, 00, 00, B0,
08, D3, 36, 01, 02, C5, 01, 01, 00, 00, 00, C0, A8, 49, 80, 00, 00, 00, 00,
00, 00, 00, 00
- New data: 3C, 00, 00, 00, 14, 00, 00, 00, 01, 00, 00, 00, 00, 00,
00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00, 00, 00, B0,
08, D3, 36, 01, 02, C5, 01, 01, 00, 00, 00, C0, A8, 49, 80, 00, 00, 00, 00,
00, 00, 00, 00
- HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\BagMRU
"MRUListEx"
- Old type: REG_BINARY
- New type: REG_BINARY
- Old data: 07, 00, 00, 00, 02, 00, 00, 00, 00, 00, 00, 00, 01, 00,
00, 00, 06, 00, 00, 00, 04, 00, 00, 00, 05, 00, 00, 00, 03, 00, 00, 00, FF,
FF, FF, FF
- New data: 00, 00, 00, 00, 07, 00, 00, 00, 02, 00, 00, 00, 01, 00,
00, 00, 06, 00, 00, 00, 04, 00, 00, 00, 05, 00, 00, 00, 03, 00, 00, 00, FF,
FF, FF, FF
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG "Seed"
- Old type: REG_BINARY
- New type: REG_BINARY
- Old data: 51, AA, DF, B1, 35, A9, 58, 3B, 4E, EF, CF, 7F, 69, 0A,
BE, 7A, CB, 67, 33, 91, 11, A5, FE, F4, 32, 94, 43, 03, 3A, 33, 73, 69, FB,
DC, F3, 49, E9, E7, 41, DD, B7, 32, A9, 8F, BA, 37, 79, 2A, 75, 55, 1C, 20,
5E, 8E, 88, E4, 7A, 6D, 60, A4, 11, 5E, 9D, CB, 93, 94, FE, CF, 24, 4D, EE,
03, 1C, BB, 6D, 1A, 5B, 4B, B4, 00
- New data: 8C, 78, FF, 8D, BB, B2, 5F, 04, BB, 53, BA, 84, 24, 80,
E6, 91, B3, 81, 3F, 3E, A4, 1D, 63, 82, CF, 19, 2D, AD, B3, 79, CC, 0D, 44,
23, B5, A3, 43, E9, 56, CE, 40, 29, 0C, DC, B9, 25, 9A, 58, EA, CD, 4C, 31,
53, 96, EC, 2E, 6B, AF, 2D, 06, 3C, 9E, 4E, B4, 47, EA, 6A, 6F, 74, 3A, C0,
D4, 01, 01, 64, D2, C7, 33, C8, AE
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
"ID"
- Old type: REG_DWORD
- New type: REG_DWORD
- Old data: 4C, 83, 7D, 3B
- New data: 46, 53, 47, 21
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
"Name"
- Old type: REG_SZ
- New type: REG_SZ
- Old data: IEXPLORE.EXE
- New data: mszx23.exe
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{ABB311AF-7406-4C48-80FD-0001C02D122B}\Parameters\Tcpip
"LeaseObtainedTime"
- Old type: REG_DWORD
- New type: REG_DWORD
- Old data: 03, BC, F7, 41
- New data: DC, AA, 03, 42
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{ABB311AF-7406-4C48-80FD-0001C02D122B}\Parameters\Tcpip
"LeaseTerminatesTime"
- Old type: REG_DWORD
- New type: REG_DWORD
- Old data: 0B, C3, F7, 41
- New data: E4, B1, 03, 42
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{ABB311AF-7406-4C48-80FD-0001C02D122B}\Parameters\Tcpip
"T1"
- Old type: REG_DWORD
- New type: REG_DWORD
- Old data: 87, BF, F7, 41
- New data: 60, AE, 03, 42
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{ABB311AF-7406-4C48-80FD-0001C02D122B}\Parameters\Tcpip
"T2"
- Old type: REG_DWORD
- New type: REG_DWORD
- Old data: 2A, C2, F7, 41
- New data: 03, B1, 03, 42
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Parameters
"{ABB311AF-7406-4C48-80FD-0001C02D122B}"
- Old type: REG_BINARY
- New type: REG_BINARY
- Old data: 2C, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00,
00, 00, 0B, C3, F7, 41, C0, A8, 49, 02, 06, 00, 00, 00, 00, 00, 00, 00, 04,
00, 00, 00, 00, 00, 00, 00, 0B, C3, F7, 41, C0, A8, 49, 02, 03, 00, 00, 00,
00, 00, 00, 00, 04, 00, 00, 00, 00, 00, 00, 00, 0B, C3, F7, 41, C0, A8, 49,
02, 0F, 00, 00, 00, 00, 00, 00, 00, 0B, 00, 00, 00, 00, 00, 00, 00, 0B, C3,
F7, 41, 6C, 6F, 63, 61, 6C, 64, 6F, 6D, 61, 69, 6E, 00, 01, 00, 00, 00, 00,
00, 00, 00, 04, 00, 00, 00, 00, 00, 00, 00, 0B, C3, F7, 41, FF, FF, FF, 00,
33, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00, 00, 00, 0B, C3, F7,
41, 00, 00, 07, 08, 36, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00,
00, 00, 0B, C3, F7, 41, C0, A8, 49, FE, 35, 00, 00, 00, 00, 00, 00, 00, 01,
00, 00, 00, 00, 00, 00, 00, 0B, C3, F7, 41, 05, 00, 00, 00
- New data: 2C, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00,
00, 00, E4, B1, 03, 42, C0, A8, 49, 02, 06, 00, 00, 00, 00, 00, 00, 00, 04,
00, 00, 00, 00, 00, 00, 00, E4, B1, 03, 42, C0, A8, 49, 02, 03, 00, 00, 00,
00, 00, 00, 00, 04, 00, 00, 00, 00, 00, 00, 00, E4, B1, 03, 42, C0, A8, 49,
02, 0F, 00, 00, 00, 00, 00, 00, 00, 0B, 00, 00, 00, 00, 00, 00, 00, E4, B1,
03, 42, 6C, 6F, 63, 61, 6C, 64, 6F, 6D, 61, 69, 6E, 00, 01, 00, 00, 00, 00,
00, 00, 00, 04, 00, 00, 00, 00, 00, 00, 00, E4, B1, 03, 42, FF, FF, FF, 00,
33, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00, 00, 00, E4, B1, 03,
42, 00, 00, 07, 08, 36, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00,
00, 00, E4, B1, 03, 42, C0, A8, 49, FE, 35, 00, 00, 00, 00, 00, 00, 00, 01,
00, 00, 00, 00, 00, 00, 00, E4, B1, 03, 42, 05, 00, 00, 00
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ABB311AF-7406-4C48-80FD-0001C02D122B}
"LeaseObtainedTime"
- Old type: REG_DWORD
- New type: REG_DWORD
- Old data: 03, BC, F7, 41
- New data: DC, AA, 03, 42
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ABB311AF-7406-4C48-80FD-0001C02D122B}
"LeaseTerminatesTime"
- Old type: REG_DWORD
- New type: REG_DWORD
- Old data: 0B, C3, F7, 41
- New data: E4, B1, 03, 42
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ABB311AF-7406-4C48-80FD-0001C02D122B}
"T1"
- Old type: REG_DWORD
- New type: REG_DWORD
- Old data: 87, BF, F7, 41
- New data: 60, AE, 03, 42
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ABB311AF-7406-4C48-80FD-0001C02D122B}
"T2"
- Old type: REG_DWORD
- New type: REG_DWORD
- Old data: 2A, C2, F7, 41
- New data: 03, B1, 03, 42
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{ABB311AF-7406-4C48-80FD-0001C02D122B}\Parameters\Tcpip
"LeaseObtainedTime"
- Old type: REG_DWORD
- New type: REG_DWORD
- Old data: 03, BC, F7, 41
- New data: DC, AA, 03, 42
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{ABB311AF-7406-4C48-80FD-0001C02D122B}\Parameters\Tcpip
"LeaseTerminatesTime"
- Old type: REG_DWORD
- New type: REG_DWORD
- Old data: 0B, C3, F7, 41
- New data: E4, B1, 03, 42
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{ABB311AF-7406-4C48-80FD-0001C02D122B}\Parameters\Tcpip
"T1"
- Old type: REG_DWORD
- New type: REG_DWORD
- Old data: 87, BF, F7, 41
- New data: 60, AE, 03, 42
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{ABB311AF-7406-4C48-80FD-0001C02D122B}\Parameters\Tcpip
"T2"
- Old type: REG_DWORD
- New type: REG_DWORD
- Old data: 2A, C2, F7, 41
- New data: 03, B1, 03, 42
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters
"{ABB311AF-7406-4C48-80FD-0001C02D122B}"
- Old type: REG_BINARY
- New type: REG_BINARY
- Old data: 2C, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00,
00, 00, 0B, C3, F7, 41, C0, A8, 49, 02, 06, 00, 00, 00, 00, 00, 00, 00, 04,
00, 00, 00, 00, 00, 00, 00, 0B, C3, F7, 41, C0, A8, 49, 02, 03, 00, 00, 00,
00, 00, 00, 00, 04, 00, 00, 00, 00, 00, 00, 00, 0B, C3, F7, 41, C0, A8, 49,
02, 0F, 00, 00, 00, 00, 00, 00, 00, 0B, 00, 00, 00, 00, 00, 00, 00, 0B, C3,
F7, 41, 6C, 6F, 63, 61, 6C, 64, 6F, 6D, 61, 69, 6E, 00, 01, 00, 00, 00, 00,
00, 00, 00, 04, 00, 00, 00, 00, 00, 00, 00, 0B, C3, F7, 41, FF, FF, FF, 00,
33, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00, 00, 00, 0B, C3, F7,
41, 00, 00, 07, 08, 36, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00,
00, 00, 0B, C3, F7, 41, C0, A8, 49, FE, 35, 00, 00, 00, 00, 00, 00, 00, 01,
00, 00, 00, 00, 00, 00, 00, 0B, C3, F7, 41, 05, 00, 00, 00
- New data: 2C, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00,
00, 00, E4, B1, 03, 42, C0, A8, 49, 02, 06, 00, 00, 00, 00, 00, 00, 00, 04,
00, 00, 00, 00, 00, 00, 00, E4, B1, 03, 42, C0, A8, 49, 02, 03, 00, 00, 00,
00, 00, 00, 00, 04, 00, 00, 00, 00, 00, 00, 00, E4, B1, 03, 42, C0, A8, 49,
02, 0F, 00, 00, 00, 00, 00, 00, 00, 0B, 00, 00, 00, 00, 00, 00, 00, E4, B1,
03, 42, 6C, 6F, 63, 61, 6C, 64, 6F, 6D, 61, 69, 6E, 00, 01, 00, 00, 00, 00,
00, 00, 00, 04, 00, 00, 00, 00, 00, 00, 00, E4, B1, 03, 42, FF, FF, FF, 00,
33, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00, 00, 00, E4, B1, 03,
42, 00, 00, 07, 08, 36, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00,
00, 00, E4, B1, 03, 42, C0, A8, 49, FE, 35, 00, 00, 00, 00, 00, 00, 00, 01,
00, 00, 00, 00, 00, 00, 00, E4, B1, 03, 42, 05, 00, 00, 00
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ABB311AF-7406-4C48-80FD-0001C02D122B}
"LeaseObtainedTime"
- Old type: REG_DWORD
- New type: REG_DWORD
- Old data: 03, BC, F7, 41
- New data: DC, AA, 03, 42
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ABB311AF-7406-4C48-80FD-0001C02D122B}
"LeaseTerminatesTime"
- Old type: REG_DWORD
- New type: REG_DWORD
- Old data: 0B, C3, F7, 41
- New data: E4, B1, 03, 42
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ABB311AF-7406-4C48-80FD-0001C02D122B}
"T1"
- Old type: REG_DWORD
- New type: REG_DWORD
- Old data: 87, BF, F7, 41
- New data: 60, AE, 03, 42
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ABB311AF-7406-4C48-80FD-0001C02D122B}
"T2"
- Old type: REG_DWORD
- New type: REG_DWORD
- Old data: 2A, C2, F7, 41
- New data: 03, B1, 03, 42
To Contents
Disk contents
Drives tracked: 1
Folders added: 4
- c:\Documents and Settings\WMFINN\Lokale
indstillinger\Oversigt\History.IE5\MSHist012005012420050131
- c:\Documents and Settings\WMFINN\Lokale
indstillinger\Oversigt\History.IE5\MSHist012005020420050205
- c:\Programmer\t
- c:\Programmer\WebSiteViewer
Folders deleted: 3
- c:\Documents and Settings\WMFINN\Lokale
indstillinger\Oversigt\History.IE5\MSHist012005012420050125
- c:\Documents and Settings\WMFINN\Lokale
indstillinger\Oversigt\History.IE5\MSHist012005012520050126
- c:\Documents and Settings\WMFINN\Lokale
indstillinger\Oversigt\History.IE5\MSHist012005012620050127
Files added: 38
- c:\Documents and Settings\All Users\Application
Data\Microsoft\Network\Connections\Pbk\rasphone.pbk
- Date: 2-4-2005 6:03 PM
- Size: 0 bytes
- c:\Documents and Settings\WMFINN\Lokale
indstillinger\Oversigt\History.IE5\MSHist012005012420050131\index.dat
- Date: 2-4-2005 6:03 PM
- Size: 32.768 bytes
- c:\Documents and Settings\WMFINN\Lokale
indstillinger\Oversigt\History.IE5\MSHist012005020420050205\index.dat
- Date: 2-4-2005 6:03 PM
- Size: 32.768 bytes
- c:\Documents and Settings\WMFINN\Lokale
indstillinger\Temp\temp25.exe
- Date: 2-4-2005 6:03 PM
- Size: 49.430 bytes
- c:\Documents and Settings\WMFINN\Lokale
indstillinger\Temp\tmp12.tmp
- Date: 2-4-2005 6:02 PM
- Size: 4.096 bytes
- c:\Documents and Settings\WMFINN\Lokale
indstillinger\Temp\tmp13.tmp
- Date: 2-4-2005 6:03 PM
- Size: 27.320 bytes
- c:\Documents and Settings\WMFINN\Lokale
indstillinger\Temp\tmp15.tmp
- Date: 2-4-2005 6:03 PM
- Size: 0 bytes
- c:\Documents and Settings\WMFINN\Lokale indstillinger\Temporary Internet
Files\Content.IE5\7OQESYBT\err4[1]
- Date: 2-4-2005 6:03 PM
- Size: 2.046 bytes
- c:\Documents and Settings\WMFINN\Lokale indstillinger\Temporary Internet
Files\Content.IE5\U9W1K70R\conf[1].htm
- Date: 2-4-2005 6:02 PM
- Size: 2 bytes
- c:\Documents and Settings\WMFINN\Lokale indstillinger\Temporary Internet
Files\Content.IE5\U9W1K70R\sbar[1].exe
- Date: 2-4-2005 6:02 PM
- Size: 73.592 bytes
- c:\Documents and Settings\WMFINN\Lokale indstillinger\Temporary Internet
Files\Content.IE5\YZABKL4J\BHO[1].dll
- Date: 2-4-2005 6:02 PM
- Size: 26.112 bytes
- c:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf
- Date: 2-4-2005 6:04 PM
- Size: 4.822 bytes
- c:\WINDOWS\Prefetch\MSZX23.EXE-2D920F13.pf
- Date: 2-4-2005 6:04 PM
- Size: 16.106 bytes
- c:\WINDOWS\Prefetch\T.EXE-06CF2C22.pf
- Date: 2-4-2005 6:02 PM
- Size: 12.628 bytes
- c:\WINDOWS\Prefetch\TEMP25.EXE-02B59564.pf
- Date: 2-4-2005 6:04 PM
- Size: 14.554 bytes
- c:\WINDOWS\Prefetch\TMP10.TMP-17EA8969.pf
- Date: 2-4-2005 6:02 PM
- Size: 7.548 bytes
- c:\WINDOWS\Prefetch\TMP11.TMP-21E104D7.pf
- Date: 2-4-2005 6:02 PM
- Size: 19.818 bytes
- c:\WINDOWS\Prefetch\TMP12.TMP-2D1DD8DB.pf
- Date: 2-4-2005 6:02 PM
- Size: 18.338 bytes
- c:\WINDOWS\Prefetch\TMP13.TMP-0CADB565.pf
- Date: 2-4-2005 6:03 PM
- Size: 22.068 bytes
- c:\WINDOWS\Prefetch\TMP14.TMP-06B65E46.pf
- Date: 2-4-2005 6:03 PM
- Size: 8.960 bytes
- c:\WINDOWS\Prefetch\WINUPDATE65418721[1].EXE-132B3247.pf
- Date: 2-4-2005 6:02 PM
- Size: 7.574 bytes
- c:\WINDOWS\system32\cz.dll
- Date: 10-9-2001 1:00 PM
- Size: 84.400 bytes
- c:\WINDOWS\system32\drct16.dll
- Date: 10-9-2001 1:00 PM
- Size: 84.400 bytes
- c:\WINDOWS\system32\dsmanager.dll
- Date: 2-4-2005 6:02 PM
- Size: 26.112 bytes
- c:\WINDOWS\system32\fltr.a3d
- Date: 10-9-2001 1:00 PM
- Size: 634 bytes
- c:\WINDOWS\system32\hz.dll
- Date: 10-9-2001 1:00 PM
- Size: 21.456 bytes
- c:\WINDOWS\system32\i.a3d
- Date: 10-9-2001 1:00 PM
- Size: 10.000 bytes
- c:\WINDOWS\system32\klogini.dll
- Date: 2-4-2005 6:04 PM
- Size: 0 bytes
- c:\WINDOWS\system32\mszx23.exe
- Date: 2-4-2005 6:03 PM
- Size: 49.430 bytes
- c:\WINDOWS\system32\p2.ini
- Date: 2-4-2005 6:04 PM
- Size: 320 bytes
- c:\WINDOWS\system32\ps.a3d
- Date: 2-4-2005 6:04 PM
- Size: 99 bytes
- c:\WINDOWS\system32\redir.a3d
- Date: 10-9-2001 1:00 PM
- Size: 4 bytes
- c:\WINDOWS\system32\t.exe
- Date: 2-4-2005 6:02 PM
- Size: 73.592 bytes
- c:\WINDOWS\system32\vdmt16.sys
- Date: 10-9-2001 1:00 PM
- Size: 21.456 bytes
- c:\WINDOWS\system32\vdnt32.sys
- Date: 2-4-2005 6:04 PM
- Size: 0 bytes
- c:\WINDOWS\system32\winlow.sys
- Date: 10-9-2001 1:00 PM
- Size: 4.096 bytes
- c:\WINDOWS\system32\wz.dll
- Date: 10-9-2001 1:00 PM
- Size: 4.096 bytes
- c:\WINDOWS\system32\config\SSL
- Date: 2-4-2005 6:04 PM
- Size: 262.144 bytes
Files deleted: 3
- c:\Documents and Settings\WMFINN\Lokale
indstillinger\Oversigt\History.IE5\MSHist012005012420050125\index.dat
- Date: 1-24-2005 11:25 PM
- Size: 32.768 bytes
- c:\Documents and Settings\WMFINN\Lokale
indstillinger\Oversigt\History.IE5\MSHist012005012520050126\index.dat
- Date: 1-25-2005 9:05 PM
- Size: 32.768 bytes
- c:\Documents and Settings\WMFINN\Lokale
indstillinger\Oversigt\History.IE5\MSHist012005012620050127\index.dat
- Date: 1-26-2005 4:45 PM
- Size: 32.768 bytes
Files changed: 12
- c:\Documents and Settings\WMFINN\NTUSER.DAT.LOG
- Old date: 2-4-2005 6:02 PM
- New date: 2-4-2005 6:04 PM
- Old size: 1.024 bytes
- New size: 1.024 bytes
- c:\Documents and Settings\WMFINN\Cookies\index.dat
- Old date: 1-29-2005 5:33 PM
- New date: 2-4-2005 6:04 PM
- Old size: 32.768 bytes
- New size: 32.768 bytes
- c:\Documents and Settings\WMFINN\Lokale
indstillinger\Oversigt\History.IE5\index.dat
- Old date: 1-29-2005 5:33 PM
- New date: 2-4-2005 6:04 PM
- Old size: 49.152 bytes
- New size: 49.152 bytes
- c:\Documents and Settings\WMFINN\Lokale indstillinger\Temporary Internet
Files\Content.IE5\index.dat
- Old date: 1-29-2005 5:33 PM
- New date: 2-4-2005 6:04 PM
- Old size: 245.760 bytes
- New size: 245.760 bytes
- c:\WINDOWS\Prefetch\IEXPLORE.EXE-3460629D.pf
- Old date: 1-26-2005 4:45 PM
- New date: 2-4-2005 6:03 PM
- Old size: 73.348 bytes
- New size: 73.248 bytes
- c:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf
- Old date: 1-24-2005 12:49 PM
- New date: 2-4-2005 6:02 PM
- Old size: 45.740 bytes
- New size: 45.592 bytes
- c:\WINDOWS\system32\config\SECURITY
- Old date: 1-24-2005 11:40 PM
- New date: 2-4-2005 6:03 PM
- Old size: 262.144 bytes
- New size: 262.144 bytes
- c:\WINDOWS\system32\config\SECURITY.LOG
- Old date: 1-26-2005 4:44 PM
- New date: 2-4-2005 6:03 PM
- Old size: 1.024 bytes
- New size: 1.024 bytes
- c:\WINDOWS\system32\config\software
- Old date: 1-26-2005 4:51 PM
- New date: 2-4-2005 6:02 PM
- Old size: 8.650.752 bytes
- New size: 8.650.752 bytes
- c:\WINDOWS\system32\config\software.LOG
- Old date: 2-4-2005 6:01 PM
- New date: 2-4-2005 6:04 PM
- Old size: 1.024 bytes
- New size: 1.024 bytes
- c:\WINDOWS\system32\config\system
- Old date: 1-25-2005 8:58 PM
- New date: 2-4-2005 6:03 PM
- Old size: 2.621.440 bytes
- New size: 2.621.440 bytes
- c:\WINDOWS\system32\config\system.LOG
- Old date: 2-4-2005 6:01 PM
- New date: 2-4-2005 6:04 PM
- Old size: 1.024 bytes
- New size: 1.024 bytes
To Contents
INI file
Ini files tracked: 4
- C:\boot.ini
- c:\windows\control.ini
- c:\windows\system.ini
- c:\windows\win.ini
To Contents
Text file
Text files tracked: 2
- c:\windows\system32\autoexec.nt
- c:\windows\system32\config.nt
To Contents
InCtrl5, Copyright © 2000 by Ziff Davis Media,
Inc.
Written by Neil J. Rubenking
First published in
PC Magazine, December 5, 2000.