PB de virus ???

chri12 · le 5 mai 2005

Bonjour à tous,

Voila mon problème : depuis quelques temps, avast me signale un virus de plus en plus fréquemment, je n'arrive pas à m'en débarrasser. il s'agit de :

* Win32:Bolger [Adw]

J'ai aussi depuis 10 jours des fenetres Aurora qui s'ouvrent tout le temps!! Au secours!!

J'ai trouvé un ou deux trucs louches dans le log de hijackthis (comme O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe) mais comme je n'y connais rien du tout j'ai peur de supprimer quelque chose qu'il fallait pas...donc je vous demande de l'aide!! voici le log :

Logfile of HijackThis v1.99.1

Scan saved at 10:51:28, on 05/05/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\Explorer.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe

C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe

C:\PROGRA~1\MICROS~4\GAMECO~1\Common\SWTrayV4.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\windows\system32\tdpmx.exe

C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

c:\windows\system32\zjbwfgj.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft Office10\Office10\WINWORD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

E:\telecharger\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe"

O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe

O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe"

O4 - HKLM\..\Run: [sideWinderTrayV4] C:\PROGRA~1\MICROS~4\GAMECO~1\Common\SWTrayV4.exe

O4 - HKLM\..\Run: [tdpmx] c:\windows\system32\tdpmx.exe /nocomm

O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe

O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM\..\Run: [etetce] c:\windows\system32\etetce.exe

O4 - HKLM\..\Run: [sDNAWIMC] c:\windows\system32\sdnawimc.exe /install

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [ipvolim] c:\windows\system32\zjbwfgj.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office10\Office10\OSA.EXE

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (HKCU)

O17 - HKLM\System\CCS\Services\Tcpip\..\{72A5F519-DA06-41C9-AF2D-3E547FA7014C}: NameServer = 80.118.192.100 80.118.196.36

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

J'espère que vous pourrez m'aider!!! merci beaucoup d'avance!!

Chri12

Clément64 · le 5 mai 2005

Bonjour a toi,

Et bienvenue Sur Zebulon.fr!

Si tu crains une infection, commence par faire un peu de ménage dans le système :

lance l'Explorateur Windows et supprime le contenu de
--- C:\Temp
--- C:\Windows\Temp
suppression des fichiers inutiles par :
-----Démarrer / Exécuter / tape CleanMgr et clique sur OK / OK pour accepter l'examen du disque C: / coche toutes les cases et clique sur OK / OK pour confirmer la suppression des fichiers inutiles
----- EasyCleaner-Inutile(s) de Toni Helenius sur http://personal.inet.fi/business/toniarts/ecleane.htm
nettoyage de la base de registres par EasyCleaner-Registre de Toni Helenius sur http://personal.inet.fi/business/toniarts/ecleane.htm
examen antivirus en ligne par HouseCall de Trend Micro sur http://www.secuser.com/antivirus/ ; [red](à faire avec Internet Explorer) note le nom du virus et le chemin+nom du fichier infecté ; sélectionne toutes les lignes affichées et clique sur Clean puis sur Delete pour toutes celles qui restent
examen antitrojan par A² sur http://www.emsisoft.net/fr/software/free/ ; il est nécessaire de s'enregistrer pour utiliser A² ; mets bien à jour ; supprime tout ce qu'il trouve
examen antispyware par
------ Ad-Aware SE 1.05 sur http://www.lavasoft.de/support/download/#free ; mets bien à jour ; supprime tout ce qu'il trouve
----- Spybot Search and Destroy 1.3 sur http://www.safer-networking.org/?page=download ; mets bien à jour ; supprime tout ce qu'il trouve.

Ton p.c respirera un peu mieux après ça!

Lance Ewido ( http://www.ewido.net/fr ), met le à jour, et poste un rapport

Ensuite poste un nouveau rapport hijackthis.

Modifié le 5 mai 2005 par Clément64

ipl_001 · le 5 mai 2005

Bonjour chri12, Clément64, bonjour à tous,

Messages : 1

Je te souhaite la bienvenue sur Zeb'-Sécurité ! Merci de venir sur notre forum !

Fais ce que préconise Clément64 car les examens anti-xxx sont complémentaires d'HJT

Il aurait été bien de nous indiquer le chemin et le nom du fichier infecté par Win32:Bolger [Adw]

>O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

Même si ce n'est pas une ligne très utile, ctfmon.exe n'est pas infectieux !

ctfmon.exe is a part of the Microsoft Office suite. It activates the Alternative User Input Text Input Processor (TIP) and the Microsoft Office XP Language Bar. This program is a non-essential system process, but should not be terminated unless suspected to be causing problems.

(source : http://www.liutilities.com/products/wintas...library/ctfmon/ )

Je démarre une analyse de ton rapport HijackThis (pour gagner du temps)... réponse d'ici 15-20 minutes !

ipl_001 · le 5 mai 2005

Rebonjour chri12, Clément64, rebonjour à tous,

Stoppe le processus suivant dans le Gestionnaire des tâches :

- c:\windows\system32\zjbwfgj.exe

Désinstalle cette application (si tu trouves) dans Ajout-Suppression de programmes :

- Ebates ou Ebates_MoeMoneyMaker

Relance un scan HijackThis et coche les lignes en gras ci-dessous :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe"

O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe

O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe"

O4 - HKLM\..\Run: [sideWinderTrayV4] C:\PROGRA~1\MICROS~4\GAMECO~1\Common\SWTrayV4.exe

O4 - HKLM\..\Run: [tdpmx] c:\windows\system32\tdpmx.exe /nocomm

O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe

O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM\..\Run: [etetce] c:\windows\system32\etetce.exe

O4 - HKLM\..\Run: [sDNAWIMC] c:\windows\system32\sdnawimc.exe /install

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [ipvolim] c:\windows\system32\zjbwfgj.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office10\Office10\OSA.EXE

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (HKCU)

O17 - HKLM\System\CCS\Services\Tcpip\..\{72A5F519-DA06-41C9-AF2D-3E547FA7014C}: NameServer = 80.118.192.100 80.118.196.36

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

Ferme toutes les fenêtres sauf HijackThis et "Fix Checked".

Redémarre l'ordinateur en mode sans échec.

- suppression des fichiers inutiles par

Démarrer / Exécuter / tape CleanMgr et clique sur OK / OK pour accepter l'examen du disque C: / coche toutes les cases et clique sur OK / OK pour confirmer la suppression des fichiers inutiles

Lancement de l'Explorateur Windows : supprimer le contenu de C:\Temp et C:\Windows (ou WinNT)\Temp

- Supprime les fichiers/dossiers incriminés (s'ils existent encore) :

- C:\WINDOWS\Nail.exe

- C:\WINDOWS\Bolger.dll

- c:\windows\system32\tdpmx.exe

- C:\WINDOWS\farmmext.exe

- c:\windows\system32\etetce.exe

- c:\windows\system32\sdnawimc.exe

- c:\windows\system32\zjbwfgj.exe

- C:\Program Files\Ebates_MoeMoneyMaker (supprime le dossier)

En cas de difficultés, vérifier l'option d'affichage des fichiers, les attributs "Lecture seule", etc.

- suppression des fichiers inutiles par EasyCleaner-Inutile(s) de Toni Helenius sur http://personal.inet.fi/business/toniarts/ecleane.htm

- vidage des zones de quarantaine éventuelles

- nettoyage de la base de registres par EasyCleaner-Registre de Toni Helenius sur http://personal.inet.fi/business/toniarts/ecleane.htm

Redémarre l'ordinateur en mode normal et poste un nouveau rapport HijackThis à titre de vérification.

chri12 · le 5 mai 2005

Bon je n’ai pas trouver

- c:\windows\system32\zjbwfgj.exe

je n’ai pas nettoyé la base registre car je suis pas sur de ce qu’il faut garder et supprimer

le registre

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\Folders 02/04/2005 19:02:19 E:\SOA\

HKEY_LOCAL_MACHINE Software\Classes\CLSID\{9869EFB4-18E9-11D3-A837-00104B9E30B5}\InprocServer32 03/05/2005 10:32:25 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CmdLineExt03.dll

HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{9869EFA6-18E9-11D3-A837-00104B9E30B5}\1.0\0\win32 26/04/2005 20:10:10 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CmdLineExt03.dll

HKEY_LOCAL_MACHINE Software\GlobeSpanVirata\Adsl 16/01/2005 09:38:22 srcpath C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX3\

HKEY_CURRENT_USER Software\GSCGameWorld\Alexander 15/01/2005 16:12:43 ExeCDPath C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SetupDemo.exe

HKEY_USERS S-1-5-21-972506294-3563514748-4210259494-500\Software\GSCGameWorld\Alexander 15/01/2005 16:12:43 ExeCDPath C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SetupDemo.exe

HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{7545E42A-0009-4447-872F-0C4626E6CCAC}\2.0\HELPDIR 16/01/2005 16:42:28 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\VBE

HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{9B067924-FF38-4A9F-B693-7E49E715D655}\1.0\HELPDIR 16/01/2005 16:42:28 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\VBE

HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{7545E42A-0009-4447-872F-0C4626E6CCAC}\2.0\0\win32 16/01/2005 16:42:28 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\VBE\MSForms.exd

HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{9B067924-FF38-4A9F-B693-7E49E715D655}\1.0\0\win32 16/01/2005 16:42:28 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\VBE\RefEdit.exd

HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{21A09637-0B19-43BC-868D-F20D2CAEDB56}\2.0\HELPDIR 25/04/2005 11:56:16 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Word8.0

HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{21A09637-0B19-43BC-868D-F20D2CAEDB56}\2.0\0\win32 25/04/2005 11:56:16 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Word8.0\MSForms.exd

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB834707\Filelist\5 17/01/2005 12:00:42 Location c:\windows\$hf_mig$\KB834707\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB834707\Filelist\6 17/01/2005 12:00:42 Location c:\windows\$hf_mig$\KB834707\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB834707\Filelist\7 17/01/2005 12:00:42 Location c:\windows\$hf_mig$\KB834707\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB834707\Filelist\8 17/01/2005 12:00:42 Location c:\windows\$hf_mig$\KB834707\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB834707\Filelist\9 17/01/2005 12:00:42 Location c:\windows\$hf_mig$\KB834707\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB867282\Filelist\10 10/02/2005 19:08:08 Location c:\windows\$hf_mig$\KB867282\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB867282\Filelist\11 10/02/2005 19:08:08 Location c:\windows\$hf_mig$\KB867282\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB867282\Filelist\12 10/02/2005 19:08:09 Location c:\windows\$hf_mig$\KB867282\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB867282\Filelist\13 10/02/2005 19:08:09 Location c:\windows\$hf_mig$\KB867282\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB867282\Filelist\14 10/02/2005 19:08:09 Location c:\windows\$hf_mig$\KB867282\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB867282\Filelist\15 10/02/2005 19:08:09 Location c:\windows\$hf_mig$\KB867282\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB867282\Filelist\16 10/02/2005 19:08:09 Location c:\windows\$hf_mig$\KB867282\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB867282\Filelist\17 10/02/2005 19:08:09 Location c:\windows\$hf_mig$\KB867282\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB867282\Filelist\9 10/02/2005 19:08:08 Location c:\windows\$hf_mig$\KB867282\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB873333\Filelist\6 10/02/2005 19:08:01 Location c:\windows\$hf_mig$\KB873333\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB873333\Filelist\7 10/02/2005 19:08:02 Location c:\windows\$hf_mig$\KB873333\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB873333\Filelist\8 10/02/2005 19:08:02 Location c:\windows\$hf_mig$\KB873333\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB873333\Filelist\9 10/02/2005 19:08:02 Location c:\windows\$hf_mig$\KB873333\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB873339\Filelist\1 17/01/2005 12:00:47 Location c:\windows\$hf_mig$\KB873339\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB885250\Filelist\2 10/02/2005 19:08:24 Location c:\windows\$hf_mig$\KB885250\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB885835\Filelist\4 17/01/2005 12:00:24 Location c:\windows\$hf_mig$\KB885835\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB885835\Filelist\5 17/01/2005 12:00:24 Location c:\windows\$hf_mig$\KB885835\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB885835\Filelist\6 17/01/2005 12:00:24 Location c:\windows\$hf_mig$\KB885835\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB885836\Filelist\1 17/01/2005 12:00:55 Location c:\windows\$hf_mig$\KB885836\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB886185\Filelist\1 17/01/2005 12:00:35 Location c:\windows\$hf_mig$\KB886185\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB887472\Filelist\1 10/02/2005 19:08:17 Location c:\windows\$hf_mig$\KB887472\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB887742\Filelist\2 24/02/2005 15:12:17 Location c:\windows\$hf_mig$\KB887742\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB888113\Filelist\2 10/02/2005 19:08:21 Location c:\windows\$hf_mig$\KB888113\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB888302\Filelist\1 10/02/2005 19:07:50 Location c:\windows\$hf_mig$\KB888302\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB890047\Filelist\1 10/02/2005 19:07:57 Location c:\windows\$hf_mig$\KB890047\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB890175\Filelist\1 17/01/2005 12:00:51 Location c:\windows\$hf_mig$\KB890175\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB890859\Filelist\10 14/04/2005 12:07:51 Location c:\windows\$hf_mig$\KB890859\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB890859\Filelist\11 14/04/2005 12:07:51 Location c:\windows\$hf_mig$\KB890859\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB890859\Filelist\12 14/04/2005 12:07:51 Location c:\windows\$hf_mig$\KB890859\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB890859\Filelist\13 14/04/2005 12:07:51 Location c:\windows\$hf_mig$\KB890859\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB890859\Filelist\14 14/04/2005 12:07:51 Location c:\windows\$hf_mig$\KB890859\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB890859\Filelist\15 14/04/2005 12:07:51 Location c:\windows\$hf_mig$\KB890859\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB890859\Filelist\16 14/04/2005 12:07:52 Location c:\windows\$hf_mig$\KB890859\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB890859\Filelist\17 14/04/2005 12:07:52 Location c:\windows\$hf_mig$\KB890859\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB890923\Filelist\10 14/04/2005 12:08:05 Location c:\windows\$hf_mig$\KB890923\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB890923\Filelist\11 14/04/2005 12:08:05 Location c:\windows\$hf_mig$\KB890923\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB890923\Filelist\12 14/04/2005 12:08:05 Location c:\windows\$hf_mig$\KB890923\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB890923\Filelist\13 14/04/2005 12:08:05 Location c:\windows\$hf_mig$\KB890923\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB890923\Filelist\14 14/04/2005 12:08:05 Location c:\windows\$hf_mig$\KB890923\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB890923\Filelist\15 14/04/2005 12:08:05 Location c:\windows\$hf_mig$\KB890923\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB890923\Filelist\16 14/04/2005 12:08:05 Location c:\windows\$hf_mig$\KB890923\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB890923\Filelist\17 14/04/2005 12:08:05 Location c:\windows\$hf_mig$\KB890923\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB890923\Filelist\18 14/04/2005 12:08:06 Location c:\windows\$hf_mig$\KB890923\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB890923\Filelist\19 14/04/2005 12:08:06 Location c:\windows\$hf_mig$\KB890923\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB891781\Filelist\1 10/02/2005 19:08:13 Location c:\windows\$hf_mig$\KB891781\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB893066\Filelist\1 14/04/2005 12:08:10 Location c:\windows\$hf_mig$\KB893066\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP3\KB893086\Filelist\1 14/04/2005 12:07:58 Location c:\windows\$hf_mig$\KB893086\SP2QFE

HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Windows XP\SP2\KB811113 26/11/2004 16:15:29 UninstallCommand C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows XP Service Pack 26/11/2004 16:11:02 UninstallString C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\KB834707 17/01/2005 12:00:43 UninstallString C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\KB867282 10/02/2005 19:08:09 UninstallString C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\KB873333 10/02/2005 19:08:02 UninstallString C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\KB873339 17/01/2005 12:00:47 UninstallString C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885250 10/02/2005 19:08:24 UninstallString C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885835 17/01/2005 12:00:24 UninstallString C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885836 17/01/2005 12:00:55 UninstallString C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885884 17/01/2005 12:00:31 UninstallString C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\KB886185 17/01/2005 12:00:35 UninstallString C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\KB887472 10/02/2005 19:08:17 UninstallString C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\KB887742 24/02/2005 15:12:17 UninstallString C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\KB888113 10/02/2005 19:08:21 UninstallString C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\KB888302 10/02/2005 19:07:51 UninstallString C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\KB890047 10/02/2005 19:07:57 UninstallString C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\KB890175 17/01/2005 12:00:51 UninstallString C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\KB891781 10/02/2005 19:08:13 UninstallString C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe

HKEY_LOCAL_MACHINE Software\Classes\CLSID\{302A3240-4805-4a34-97D7-1645A0B08410}\InprocServer32 04/05/2005 03:10:36 C:\WINDOWS\Bolger.dll

HKEY_LOCAL_MACHINE Software\Classes\CLSID\{00000049-8F91-4D9C-9573-F016E7626484}\InprocServer32 15/04/2005 10:42:47 C:\WINDOWS\ceres.dll

HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{92DAF5C1-2135-4E0C-B7A0-259ABFCD3904}\1.1\0\win32 08/04/2005 19:05:32 C:\WINDOWS\ceres.dll

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Active Setup Temp Folders 29/04/2005 10:14:22 Folder C:\WINDOWS\msdownld.tmp|?:\msdownld.tmp

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\Help 07/12/2004 19:12:21 mssskd5.hlp c:\windows\mssskd5.hlp

HKEY_LOCAL_MACHINE Software\Microsoft\Windows NT\CurrentVersion\SeCEdit 26/11/2004 16:15:49 TemplateUsed C:\WINDOWS\SEC10F5.tmp

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_eb84b25e 26/11/2004 16:11:01 Codebase C:\WINDOWS\ServicePackFiles\i386/comctl.man

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_eb84b25e\Codebases\U_Service Pack 2 26/11/2004 16:11:01 URL C:\WINDOWS\ServicePackFiles\i386/comctl.man

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9 26/11/2004 16:11:00 Codebase C:\WINDOWS\ServicePackFiles\i386/controls.man

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\Codebases\U_Service Pack 2 26/11/2004 16:11:00 URL C:\WINDOWS\ServicePackFiles\i386/controls.man

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_bcc9a281 26/11/2004 16:11:00 Codebase C:\WINDOWS\ServicePackFiles\i386/default.man

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_bcc9a281\Codebases\U_Service Pack 2 26/11/2004 16:11:00 URL C:\WINDOWS\ServicePackFiles\i386/default.man

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_0e037a8a 26/11/2004 16:11:00 Codebase C:\WINDOWS\ServicePackFiles\i386/default.man

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_0e037a8a\Codebases\U_Service Pack 2 26/11/2004 16:11:00 URL C:\WINDOWS\ServicePackFiles\i386/default.man

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7 26/11/2004 16:11:00 Codebase C:\WINDOWS\ServicePackFiles\i386/dxmrtp.man

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\Codebases\U_Service Pack 2 26/11/2004 16:11:00 URL C:\WINDOWS\ServicePackFiles\i386/dxmrtp.man

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_cf59288d 26/11/2004 16:11:00 Codebase C:\WINDOWS\ServicePackFiles\i386/dxmrtp.man

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_cf59288d\Codebases\U_Service Pack 2 26/11/2004 16:11:00 URL C:\WINDOWS\ServicePackFiles\i386/dxmrtp.man

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82 26/11/2004 16:10:59 Codebase C:\WINDOWS\ServicePackFiles\i386/gdiplus.man

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\Codebases\U_Service Pack 2 26/11/2004 16:10:59 URL C:\WINDOWS\ServicePackFiles\i386/gdiplus.man

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_5ff735e2 26/11/2004 16:10:59 Codebase C:\WINDOWS\ServicePackFiles\i386/gdiplus.man

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_5ff735e2\Codebases\U_Service Pack 2 26/11/2004 16:10:59 URL C:\WINDOWS\ServicePackFiles\i386/gdiplus.man

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9 26/11/2004 16:11:01 Codebase C:\WINDOWS\ServicePackFiles\i386/mswincrt.man

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\Codebases\U_Service Pack 2 26/11/2004 16:11:01 URL C:\WINDOWS\ServicePackFiles\i386/mswincrt.man

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_cf5111a1 26/11/2004 16:11:01 Codebase C:\WINDOWS\ServicePackFiles\i386/mswincrt.man

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_cf5111a1\Codebases\U_Service Pack 2 26/11/2004 16:11:01 URL C:\WINDOWS\ServicePackFiles\i386/mswincrt.man

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95 26/11/2004 16:11:00 Codebase C:\WINDOWS\ServicePackFiles\i386/rtcdll.man

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\Codebases\U_Service Pack 2 26/11/2004 16:11:00 URL C:\WINDOWS\ServicePackFiles\i386/rtcdll.man

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_5.2.2.3_x-ww_5f924d7b 26/11/2004 16:11:00 Codebase C:\WINDOWS\ServicePackFiles\i386/rtcdll.man

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_5.2.2.3_x-ww_5f924d7b\Codebases\U_Service Pack 2 26/11/2004 16:11:00 URL C:\WINDOWS\ServicePackFiles\i386/rtcdll.man

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_fr_457ebf3d 26/11/2004 16:11:00 Codebase C:\WINDOWS\ServicePackFiles\i386/rtcres.man

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_fr_457ebf3d\Codebases\U_Service Pack 2 26/11/2004 16:11:00 URL C:\WINDOWS\ServicePackFiles\i386/rtcres.man

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Setup 14/04/2005 12:08:10 ServicePackCachePath c:\windows\ServicePackFiles\ServicePackCache

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache\WU 05/05/2005 18:29:07 CurrentCacheFile C:\WINDOWS\SoftwareDistribution\EventCache\{158EFCED-3714-40B9-9D13-3C2AE23DB186}.bin

HKEY_LOCAL_MACHINE Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{D0BA83B0-DB49-11D2-B886-00C04F866F52} 31/05/2002 11:56:25 Dll C:\WINDOWS\System32\asfsipc.dll

HKEY_LOCAL_MACHINE Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{D0BA83B0-DB49-11D2-B886-00C04F866F52} 31/05/2002 11:56:25 Dll C:\WINDOWS\System32\asfsipc.dll

HKEY_LOCAL_MACHINE Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType\{D0BA83B0-DB49-11D2-B886-00C04F866F52} 31/05/2002 11:56:25 Dll C:\WINDOWS\System32\asfsipc.dll

HKEY_LOCAL_MACHINE Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{D0BA83B0-DB49-11D2-B886-00C04F866F52} 31/05/2002 11:56:25 Dll C:\WINDOWS\System32\asfsipc.dll

HKEY_LOCAL_MACHINE Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{D0BA83B0-DB49-11D2-B886-00C04F866F52} 31/05/2002 11:56:25 Dll C:\WINDOWS\System32\asfsipc.dll

HKEY_LOCAL_MACHINE Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{D0BA83B0-DB49-11D2-B886-00C04F866F52} 31/05/2002 11:56:25 Dll C:\WINDOWS\System32\asfsipc.dll

HKEY_CURRENT_USER Software\Microsoft\Internet Explorer\Main 05/05/2005 16:55:36 Local Page C:\WINDOWS\system32\blank.htm

HKEY_USERS S-1-5-21-972506294-3563514748-4210259494-500\Software\Microsoft\Internet Explorer\Main 05/05/2005 16:55:36 Local Page C:\WINDOWS\system32\blank.htm

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe 26/11/2004 16:11:49 C:\WINDOWS\System32\cmmgr32.exe

HKEY_LOCAL_MACHINE Software\Microsoft\Multimedia\WMPlayer\Groups\Video\DVD 26/11/2004 16:20:48 RequiredFile C:\WINDOWS\system32\enable.dvd

HKEY_LOCAL_MACHINE Software\Classes\CLSID\{D1C347DF-20AE-11D2-B834-00A0C9054115}\InProcHandler32 21/02/2005 21:33:08 C:\WINDOWS\system32\GCHAND.DLL

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\SDNAWIMC 09/04/2005 22:34:48 DisplayIcon C:\WINDOWS\system32\SDNAWIMC.exe

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\App Paths\C:\Dex_0934\Dexters.exe 12/02/2005 19:14:04 D:\dexter\C:\Dex_0934\Dexters.exe

HKEY_LOCAL_MACHINE Software\Microsoft\Windows NT\CurrentVersion 05/05/2005 18:28:27 SourcePath E:\I386

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0C3399C57A5B9D442A9E5D6616CD0AA8 08/12/2004 12:47:47 C43462B38AFFC9A49A9C8EEEC9E4984D E:\nemo\resources\local\SubChaseTorpedo\

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC0E450210552A942826DB5C700B9503 08/12/2004 12:47:47 C43462B38AFFC9A49A9C8EEEC9E4984D E:\nemo\resources\local\TitleScreen\

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A91590A60FE3EB24CAA2DB22F3B455E4 08/12/2004 12:47:46 C43462B38AFFC9A49A9C8EEEC9E4984D E:\nemo\resources\universal\ChestCU\

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27EA792799E59F648BAC354701CF0B40 08/12/2004 12:47:46 C43462B38AFFC9A49A9C8EEEC9E4984D E:\nemo\resources\universal\Jellyfish\

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5606BCC345CCCAC44A368FEEC939B5F5 08/12/2004 12:47:46 C43462B38AFFC9A49A9C8EEEC9E4984D E:\nemo\resources\universal\Objectives\

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4C7D271244CE0B9489EB13CBA3638CF5 08/12/2004 12:47:46 C43462B38AFFC9A49A9C8EEEC9E4984D E:\nemo\resources\universal\ReplayScreen\

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\166FA1F146D685E48A79A033FE74F1E5 08/12/2004 12:47:46 C43462B38AFFC9A49A9C8EEEC9E4984D E:\nemo\resources\universal\SignIn\

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B73880579C5809A42B2CB3BCB8A7F0B1 08/12/2004 12:47:46 C43462B38AFFC9A49A9C8EEEC9E4984D E:\nemo\resources\universal\SubChase1\

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D2A0BEFA0EE87674980375D9A756E625 08/12/2004 12:47:46 C43462B38AFFC9A49A9C8EEEC9E4984D E:\nemo\resources\universal\SubChase2\

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AFAA52851DA6B684FA40B1A010048B81 08/12/2004 12:47:47 C43462B38AFFC9A49A9C8EEEC9E4984D E:\nemo\resources\universal\SubChase3\

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DF059CAB59D60ED45A73DEC33909D711 08/12/2004 12:47:47 C43462B38AFFC9A49A9C8EEEC9E4984D E:\nemo\resources\universal\SubChaseHall\

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E41D8D8717251A47BAEC53F08C64467 08/12/2004 12:47:47 C43462B38AFFC9A49A9C8EEEC9E4984D E:\nemo\resources\universal\SubChaseTorpedo\

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5A1C4C72E766A2D49996FEC4E71E0562 08/12/2004 12:47:47 C43462B38AFFC9A49A9C8EEEC9E4984D E:\nemo\resources\universal\SubTorpedo\

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\77276EAB034883B4F9161A5AD3CE3AF5 08/12/2004 12:47:46 C43462B38AFFC9A49A9C8EEEC9E4984D E:\nemo\resources\universal\TestNode\

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F840A25F24B43BA49A1E279E4C30E703 08/12/2004 12:47:46 C43462B38AFFC9A49A9C8EEEC9E4984D E:\nemo\resources\universal\Tutorial\

HKEY_CURRENT_USER Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\zip 05/05/2005 18:31:33 b E:\telecharger\ALIDADMO.zip

HKEY_USERS S-1-5-21-972506294-3563514748-4210259494-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\zip 05/05/2005 18:31:33 b E:\telecharger\ALIDADMO.zip

HKEY_CURRENT_USER Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\* 05/05/2005 18:31:33 b E:\telecharger\bpssr.exe

HKEY_CURRENT_USER Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe 26/04/2005 20:07:09 a E:\telecharger\bpssr.exe

HKEY_USERS S-1-5-21-972506294-3563514748-4210259494-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\* 05/05/2005 18:31:33 b E:\telecharger\bpssr.exe

HKEY_USERS S-1-5-21-972506294-3563514748-4210259494-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe 26/04/2005 20:07:09 a E:\telecharger\bpssr.exe

HKEY_CURRENT_USER Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\* 05/05/2005 18:31:33 f E:\telecharger\hijackthis.zip

HKEY_CURRENT_USER Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\zip 05/05/2005 18:31:33 h E:\telecharger\hijackthis.zip

HKEY_USERS S-1-5-21-972506294-3563514748-4210259494-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\* 05/05/2005 18:31:33 f E:\telecharger\hijackthis.zip

HKEY_USERS S-1-5-21-972506294-3563514748-4210259494-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\zip 05/05/2005 18:31:33 h E:\telecharger\hijackthis.zip

HKEY_CURRENT_USER Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe 26/04/2005 20:07:09 d E:\telecharger\mohpa_mpdemo_2.exe

HKEY_USERS S-1-5-21-972506294-3563514748-4210259494-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe 26/04/2005 20:07:09 d E:\telecharger\mohpa_mpdemo_2.exe

HKEY_CURRENT_USER Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\* 05/05/2005 18:31:33 c E:\telecharger\setupfre.exe

HKEY_CURRENT_USER Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe 26/04/2005 20:07:09 j E:\telecharger\setupfre.exe

HKEY_USERS S-1-5-21-972506294-3563514748-4210259494-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\* 05/05/2005 18:31:33 c E:\telecharger\setupfre.exe

HKEY_USERS S-1-5-21-972506294-3563514748-4210259494-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe 26/04/2005 20:07:09 j E:\telecharger\setupfre.exe

HKEY_CURRENT_USER Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe 26/04/2005 20:07:09 e E:\telecharger\wwiiol0001182.exe

HKEY_USERS S-1-5-21-972506294-3563514748-4210259494-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe 26/04/2005 20:07:09 e E:\telecharger\wwiiol0001182.exe