Home > IT Support and Tech Corner

Registry clean log

davidche
14 Oct 06, 21:57

Root Registry key Modified String value File/path reference
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\Folders 10/12/2006 7:14:06 PM C:\WINNT\winsxs\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\
HKEY_USERS .DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache 10/14/2006 8:00:28 AM D:\Justin\EMPIRES2.ICD Age of Empires II
HKEY_USERS S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache 10/14/2006 8:00:28 AM D:\Justin\EMPIRES2.ICD Age of Empires II
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{323FB3D1-2C67-4D85-9F44-12B17891F37F}\2.0\HELPDIR 7/2/2005 3:36:35 AM C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Excel8.0
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{323FB3D1-2C67-4D85-9F44-12B17891F37F}\2.0\0\win32 7/2/2005 3:36:35 AM C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Excel8.0\MSForms.exd
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\F5511245330BBD94B933F8082F334D5D\SourceList\Net 2/16/2006 10:16:14 AM 1 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GdiplusUpgrade\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F5511245330BBD94B933F8082F334D5D\InstallProperties 2/16/2006 10:16:14 AM InstallSource C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GdiplusUpgrade\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{5421155F-B033-49DB-9B33-8F80F233D4D5} 2/16/2006 10:16:14 AM InstallSource C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GdiplusUpgrade\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\8BD05ECF016C24C4EBC591F3646C8F21\SourceList\Net 9/11/2006 11:14:49 AM 1 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\9EC9653600AFC964FAC55E4D9DA3FC19\SourceList\Net 1/10/2006 4:12:43 PM 1 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8BD05ECF016C24C4EBC591F3646C8F21\InstallProperties 9/11/2006 11:14:48 AM InstallSource C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EC9653600AFC964FAC55E4D9DA3FC19\InstallProperties 1/10/2006 4:12:43 PM InstallSource C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{63569CE9-FA00-469C-AF5C-E5D4D93ACF91} 1/10/2006 4:12:43 PM InstallSource C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{FCE50DB8-C610-4C42-BE5C-193F46C6F812} 9/11/2006 11:14:48 AM InstallSource C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\5740B9C0F56FBA54D888A27E1C599E70\SourceList\Net 10/23/2004 8:21:57 AM 1 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Langpacks\CHT\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5740B9C0F56FBA54D888A27E1C599E70\InstallProperties 10/23/2004 8:21:57 AM InstallSource C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Langpacks\CHT\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{0C9B0475-F65F-45AB-8D88-2AE7C195E907} 10/23/2004 8:21:57 AM InstallSource C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Langpacks\CHT\
HKEY_LOCAL_MACHINE Software\Hewlett-Packard\Install\{C2B755A8-8D78-4694-BF12-4AC0ADCD4CE2} 10/23/2004 8:30:26 AM Filename C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Langpacks\CHT\langpack.msi
HKEY_CURRENT_USER Software\ODBC\ODBC.INI\access2 3/3/2006 11:33:44 AM DBQ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mvf.mdb
HKEY_USERS S-1-5-21-2000478354-220523388-682003330-500\Software\ODBC\ODBC.INI\access2 3/3/2006 11:33:44 AM DBQ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mvf.mdb
HKEY_LOCAL_MACHINE Software\Hewlett-Packard\Install\{EC50BF57-3064-11D5-A54A-0090278A1BB8} 10/23/2004 8:30:26 AM Filename C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\netfx.msi
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\8E768F6B290FE5C4D727CA0775BDFE54\SourceList\Net 1/15/2006 2:06:10 AM 1 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pft5.tmp\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\821752B295B088A4FAFDEB215E5F9B0A\SourceList\Net 4/25/2006 10:33:23 AM 1 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pft58.tmp\
HKEY_LOCAL_MACHINE Software\Classes\Software\RealNetworks\Preferences\LastTempFile 3/31/2006 3:00:41 AM C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RN13.htm
HKEY_CURRENT_USER Software\Microsoft\MediaPlayer\Setup\FileMoveCache\Source 11/6/2004 1:21:40 PM 0 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\setb0.tmp
HKEY_USERS S-1-5-21-2000478354-220523388-682003330-500\Software\Microsoft\MediaPlayer\Setup\FileMoveCache\Source 11/6/2004 1:21:40 PM 0 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\setb0.tmp
HKEY_CURRENT_USER Software\Microsoft\MediaPlayer\Setup\FileMoveCache\Source 11/6/2004 1:21:40 PM 1 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\setb1.tmp
HKEY_USERS S-1-5-21-2000478354-220523388-682003330-500\Software\Microsoft\MediaPlayer\Setup\FileMoveCache\Source 11/6/2004 1:21:40 PM 1 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\setb1.tmp
HKEY_CURRENT_USER Software\Microsoft\MediaPlayer\Setup\FileMoveCache\Source 11/6/2004 1:21:40 PM 2 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\setb2.tmp
HKEY_USERS S-1-5-21-2000478354-220523388-682003330-500\Software\Microsoft\MediaPlayer\Setup\FileMoveCache\Source 11/6/2004 1:21:40 PM 2 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\setb2.tmp
HKEY_CURRENT_USER Software\Microsoft\MediaPlayer\Setup\FileMoveCache\Source 11/6/2004 1:21:40 PM 3 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\setb3.tmp
HKEY_USERS S-1-5-21-2000478354-220523388-682003330-500\Software\Microsoft\MediaPlayer\Setup\FileMoveCache\Source 11/6/2004 1:21:40 PM 3 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\setb3.tmp
HKEY_CURRENT_USER Software\Microsoft\MediaPlayer\Setup\FileMoveCache\Source 11/6/2004 1:21:40 PM 4 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\setb4.tmp
HKEY_USERS S-1-5-21-2000478354-220523388-682003330-500\Software\Microsoft\MediaPlayer\Setup\FileMoveCache\Source 11/6/2004 1:21:40 PM 4 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\setb4.tmp
HKEY_CURRENT_USER Software\Microsoft\MediaPlayer\Setup\FileMoveCache\Source 11/6/2004 1:21:40 PM 5 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\setb5.tmp
HKEY_USERS S-1-5-21-2000478354-220523388-682003330-500\Software\Microsoft\MediaPlayer\Setup\FileMoveCache\Source 11/6/2004 1:21:40 PM 5 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\setb5.tmp
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{063103BD-4765-4941-A086-63E109CBAB49}\2.0\HELPDIR 2/22/2006 2:52:02 AM C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Word8.0
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{ADD18B0E-9E3C-4E00-A002-827427961318}\2.0\HELPDIR 5/2/2005 6:22:33 AM C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Word8.0
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{F6144F78-FAD3-4518-9352-48DDBB30DF18}\2.0\HELPDIR 8/16/2006 7:52:26 AM C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Word8.0
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{FC0025F3-555F-451A-BF77-70DEB6E3E136}\1.0\HELPDIR 2/26/2006 12:34:38 PM C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Word8.0
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{063103BD-4765-4941-A086-63E109CBAB49}\2.0\0\win32 2/22/2006 2:52:02 AM C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Word8.0\MSForms.exd
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{ADD18B0E-9E3C-4E00-A002-827427961318}\2.0\0\win32 5/2/2005 6:22:33 AM C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Word8.0\MSForms.exd
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{F6144F78-FAD3-4518-9352-48DDBB30DF18}\2.0\0\win32 8/16/2006 7:52:26 AM C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Word8.0\MSForms.exd
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{FC0025F3-555F-451A-BF77-70DEB6E3E136}\1.0\0\win32 2/26/2006 12:34:38 PM C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Word8.0\ShockwaveFlashObjects.exd
HKEY_LOCAL_MACHINE Software\Zing\Spooler 4/23/2005 4:02:03 PM RootDir C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ZingTemp
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\565ABF8F685A3C74F9DD8B9DAE8F2A1A\SourceList\Net 8/14/2006 11:18:56 AM 1 C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\LIVEUP~1\DOWNLO~1\Updt909\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\565ABF8F685A3C74F9DD8B9DAE8F2A1A\InstallProperties 8/14/2006 11:18:56 AM InstallSource C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\LIVEUP~1\DOWNLO~1\Updt909\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{F8FBA565-A586-47C3-9FDD-B8D9EAF8A2A1} 8/14/2006 11:18:56 AM InstallSource C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\LIVEUP~1\DOWNLO~1\Updt909\
HKEY_CURRENT_USER Software\Global View\HotLinkPC\PC930 4/15/2005 1:52:15 PM WorkDirectory C:\HotLinkPC\PC930\
HKEY_USERS S-1-5-21-2000478354-220523388-682003330-500\Software\Global View\HotLinkPC\PC930 4/15/2005 1:52:15 PM WorkDirectory C:\HotLinkPC\PC930\
HKEY_CURRENT_USER Software\Recoveronix\FreeUndelete 10/9/2006 9:21:24 AM ProgramDir C:\PROGRA~1\FREEUN~1
HKEY_USERS S-1-5-21-2000478354-220523388-682003330-500\Software\Recoveronix\FreeUndelete 10/9/2006 9:21:24 AM ProgramDir C:\PROGRA~1\FREEUN~1
HKEY_CURRENT_USER Software\Recoveronix\FreeUndelete 10/9/2006 9:21:24 AM Unwise C:\PROGRA~1\FREEUN~1\GLF9D.exe
HKEY_USERS S-1-5-21-2000478354-220523388-682003330-500\Software\Recoveronix\FreeUndelete 10/9/2006 9:21:24 AM Unwise C:\PROGRA~1\FREEUN~1\GLF9D.exe
HKEY_LOCAL_MACHINE Software\Microsoft\Office\10.0\Common\Migration\Outlook 1/28/2006 2:06:17 AM OldOutlookPath C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{E5D12C41-7B4F-11D3-B5C9-0050045C3C96}\1.0\HELPDIR 1/22/2005 1:49:46 PM C:\PROGRA~1\Yahoo!\MESSEN~1\
HKEY_CURRENT_USER Software\Yahoo\Pager\profiles\Alerts 1/22/2005 1:50:02 PM Friend Offline Alert Sound Name C:\PROGRA~1\Yahoo!\MESSEN~1\media\door.wav
HKEY_USERS S-1-5-21-2000478354-220523388-682003330-500\Software\Yahoo\Pager\profiles\Alerts 1/22/2005 1:50:02 PM Friend Offline Alert Sound Name C:\PROGRA~1\Yahoo!\MESSEN~1\media\door.wav
HKEY_CURRENT_USER Software\Yahoo\Pager\profiles\Alerts 1/22/2005 1:50:02 PM Friend Online Alert Sound Name C:\PROGRA~1\Yahoo!\MESSEN~1\media\knock.wav
HKEY_USERS S-1-5-21-2000478354-220523388-682003330-500\Software\Yahoo\Pager\profiles\Alerts 1/22/2005 1:50:02 PM Friend Online Alert Sound Name C:\PROGRA~1\Yahoo!\MESSEN~1\media\knock.wav
HKEY_CURRENT_USER Software\Yahoo\Pager\Skins 1/22/2005 1:49:59 PM Default_SkinDir C:\PROGRA~1\Yahoo!\MESSEN~1\skins\Default
HKEY_USERS S-1-5-21-2000478354-220523388-682003330-500\Software\Yahoo\Pager\Skins 1/22/2005 1:49:59 PM Default_SkinDir C:\PROGRA~1\Yahoo!\MESSEN~1\skins\Default
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{E5D12C41-7B4F-11D3-B5C9-0050045C3C96}\1.0\0\win32 1/22/2005 1:49:46 PM C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
HKEY_CURRENT_USER Software\Gabest\VSFilter\DefTextPathes 1/1/2006 7:41:01 AM Path1 c:\subtitles
HKEY_USERS S-1-5-21-2000478354-220523388-682003330-500\Software\Gabest\VSFilter\DefTextPathes 1/1/2006 7:41:01 AM Path1 c:\subtitles
HKEY_CURRENT_USER Software\ACD Systems\ACDSee32 1/15/2006 2:08:17 AM OpenFolder C:\util\acdsee
HKEY_USERS S-1-5-21-2000478354-220523388-682003330-500\Software\ACD Systems\ACDSee32 1/15/2006 2:08:17 AM OpenFolder C:\util\acdsee
HKEY_CURRENT_USER EUDC\950 1/10/2006 1:45:32 PM SystemDefaultEUDCFont C:\WINNT\FONTS\EUDC.TTE
HKEY_USERS S-1-5-21-2000478354-220523388-682003330-500\EUDC\950 1/10/2006 1:45:32 PM SystemDefaultEUDCFont C:\WINNT\FONTS\EUDC.TTE
HKEY_LOCAL_MACHINE Software\Microsoft\Java VM 11/18/2005 12:26:17 PM LibsDirectory C:\WINNT\java\lib
HKEY_CURRENT_USER Software\SuperLogix\Super Utilities\Language 10/14/2006 1:53:00 AM LangPath C:\WINNT\languages\
HKEY_USERS S-1-5-21-2000478354-220523388-682003330-500\Software\SuperLogix\Super Utilities\Language 10/14/2006 1:53:00 AM LangPath C:\WINNT\languages\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Active Setup Temp Folders 4/4/2005 2:27:41 PM Folder C:\WINNT\msdownld.tmp|?:\msdownld.tmp
HKEY_LOCAL_MACHINE Software\NVIDIA Corporation\Global 10/13/2006 9:42:20 PM NvCplXMLFileLocation C:\WINNT\NV12643088.TMP\nvapps.xml
HKEY_LOCAL_MACHINE Software\Microsoft\Windows NT\CurrentVersion\SeCEdit 1/12/2006 12:09:44 AM TemplateUsed C:\WINNT\SEC10E8.tmp
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1740_x-ww_bfee3da9 1/10/2006 7:01:47 PM Codebase C:\WINNT\ServicePackFiles\i386/comctl.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1740_x-ww_bfee3da9\Codebases\U_KB900725 1/10/2006 7:01:47 PM URL C:\WINNT\ServicePackFiles\i386/comctl.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_eb84b25e 1/12/2006 12:04:16 AM Codebase C:\WINNT\ServicePackFiles\i386/comctl.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_eb84b25e\Codebases\U_Service Pack 2 1/12/2006 12:04:16 AM URL C:\WINNT\ServicePackFiles\i386/comctl.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ef752e68 10/12/2006 7:10:10 PM Codebase C:\WINNT\ServicePackFiles\i386/comctl.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ef752e68\Codebases\U_KB923191 10/12/2006 7:10:10 PM URL C:\WINNT\ServicePackFiles\i386/comctl.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1740_x-ww_7cb8ab44 1/10/2006 7:01:47 PM Codebase C:\WINNT\ServicePackFiles\i386/controls.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1740_x-ww_7cb8ab44\Codebases\U_KB900725 1/10/2006 7:01:47 PM URL C:\WINNT\ServicePackFiles\i386/controls.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9 1/12/2006 12:04:16 AM Codebase C:\WINNT\ServicePackFiles\i386/controls.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\Codebases\U_Service Pack 2 1/12/2006 12:04:16 AM URL C:\WINNT\ServicePackFiles\i386/controls.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03 10/12/2006 7:10:09 PM Codebase C:\WINNT\ServicePackFiles\i386/controls.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\Codebases\U_KB923191 10/12/2006 7:10:09 PM URL C:\WINNT\ServicePackFiles\i386/controls.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_bcc9a281 1/12/2006 12:04:15 AM Codebase C:\WINNT\ServicePackFiles\i386/default.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_bcc9a281\Codebases\U_Service Pack 2 1/12/2006 12:04:15 AM URL C:\WINNT\ServicePackFiles\i386/default.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_0e037a8a 1/12/2006 12:04:15 AM Codebase C:\WINNT\ServicePackFiles\i386/default.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_0e037a8a\Codebases\U_Service Pack 2 1/12/2006 12:04:15 AM URL C:\WINNT\ServicePackFiles\i386/default.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7 1/12/2006 12:04:15 AM Codebase C:\WINNT\ServicePackFiles\i386/dxmrtp.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\Codebases\U_Service Pack 2 1/12/2006 12:04:15 AM URL C:\WINNT\ServicePackFiles\i386/dxmrtp.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_cf59288d 1/12/2006 12:04:16 AM Codebase C:\WINNT\ServicePackFiles\i386/dxmrtp.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_cf59288d\Codebases\U_Service Pack 2 1/12/2006 12:04:16 AM URL C:\WINNT\ServicePackFiles\i386/dxmrtp.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82 1/12/2006 12:04:14 AM Codebase C:\WINNT\ServicePackFiles\i386/gdiplus.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\Codebases\U_Service Pack 2 1/12/2006 12:04:14 AM URL C:\WINNT\ServicePackFiles\i386/gdiplus.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_5ff735e2 1/12/2006 12:04:14 AM Codebase C:\WINNT\ServicePackFiles\i386/gdiplus.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_5ff735e2\Codebases\U_Service Pack 2 1/12/2006 12:04:14 AM URL C:\WINNT\ServicePackFiles\i386/gdiplus.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9 1/12/2006 12:04:17 AM Codebase C:\WINNT\ServicePackFiles\i386/mswincrt.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\Codebases\U_Service Pack 2 1/12/2006 12:04:17 AM URL C:\WINNT\ServicePackFiles\i386/mswincrt.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_cf5111a1 1/12/2006 12:04:17 AM Codebase C:\WINNT\ServicePackFiles\i386/mswincrt.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_cf5111a1\Codebases\U_Service Pack 2 1/12/2006 12:04:17 AM URL C:\WINNT\ServicePackFiles\i386/mswincrt.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95 1/12/2006 12:04:16 AM Codebase C:\WINNT\ServicePackFiles\i386/rtcdll.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\Codebases\U_Service Pack 2 1/12/2006 12:04:16 AM URL C:\WINNT\ServicePackFiles\i386/rtcdll.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_5.2.2.3_x-ww_5f924d7b 1/12/2006 12:04:16 AM Codebase C:\WINNT\ServicePackFiles\i386/rtcdll.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_5.2.2.3_x-ww_5f924d7b\Codebases\U_Service Pack 2 1/12/2006 12:04:16 AM URL C:\WINNT\ServicePackFiles\i386/rtcdll.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_zh-CHT_d9742af9 1/12/2006 12:04:16 AM Codebase C:\WINNT\ServicePackFiles\i386/rtcres.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_zh-CHT_d9742af9\Codebases\U_Service Pack 2 1/12/2006 12:04:16 AM URL C:\WINNT\ServicePackFiles\i386/rtcres.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Setup 10/12/2006 7:15:08 PM ServicePackCachePath c:\winnt\ServicePackFiles\ServicePackCache
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache\WU 12/25/2005 9:48:44 PM CurrentCacheFile C:\WINNT\SoftwareDistribution\EventCache\{981D50B6-ED80-4FE0-A054-3775B9799ADB}.bin
HKEY_LOCAL_MACHINE Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{D0BA83B0-DB49-11D2-B886-00C04F866F52} 3/3/2004 3:10:53 AM Dll C:\WINNT\System32\asfsipc.dll
HKEY_LOCAL_MACHINE Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{D0BA83B0-DB49-11D2-B886-00C04F866F52} 3/3/2004 3:10:53 AM Dll C:\WINNT\System32\asfsipc.dll
HKEY_LOCAL_MACHINE Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType\{D0BA83B0-DB49-11D2-B886-00C04F866F52} 3/3/2004 3:10:53 AM Dll C:\WINNT\System32\asfsipc.dll
HKEY_LOCAL_MACHINE Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{D0BA83B0-DB49-11D2-B886-00C04F866F52} 3/3/2004 3:10:53 AM Dll C:\WINNT\System32\asfsipc.dll
HKEY_LOCAL_MACHINE Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{D0BA83B0-DB49-11D2-B886-00C04F866F52} 3/3/2004 3:10:53 AM Dll C:\WINNT\System32\asfsipc.dll
HKEY_LOCAL_MACHINE Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{D0BA83B0-DB49-11D2-B886-00C04F866F52} 3/3/2004 3:10:53 AM Dll C:\WINNT\System32\asfsipc.dll
HKEY_USERS .DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders 10/12/2006 7:30:53 PM Administrative Tools C:\WINNT\system32\config\systemprofile\Â�uÂŠJÂŽnÂ�vÂŒÃ·Â”\Â•\\Â’Ã¶ÂŽÂ®Â�W\ÂŒnÂ“Â�ÂŠÃ‡Â—Â�Â�HÂ‹Ã¯
HKEY_USERS S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders 10/12/2006 7:30:53 PM Administrative Tools C:\WINNT\system32\config\systemprofile\Â�uÂŠJÂŽnÂ�vÂŒÃ·Â”\Â•\\Â’Ã¶ÂŽÂ®Â�W\ÂŒnÂ“Â�ÂŠÃ‡Â—Â�Â�HÂ‹Ã¯
HKEY_LOCAL_MACHINE Software\Microsoft\Multimedia\MPlayer2\Groups\Video\DVR-MS 1/12/2006 12:22:09 AM RequiredFile C:\WINNT\system32\enable.dvd
HKEY_LOCAL_MACHINE Software\Microsoft\Multimedia\WMPlayer\Groups\Video\DVD 6/19/2006 11:59:05 AM RequiredFile C:\WINNT\system32\enable.dvd
HKEY_LOCAL_MACHINE Software\Microsoft\Multimedia\WMPlayer\Groups\Video\DVR-MS 6/19/2006 11:59:05 AM RequiredFile C:\WINNT\system32\enable.dvd
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{822AF7D2-EC43-4A9D-9DF4-FC71C96477AC}\1.0\0\win32 1/29/2005 10:35:53 PM C:\WINNT\System32\IMULiver.dll
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{06DD38D0-D187-11CF-A80D-00C04FD74AD8}\1.0\0\win32 3/3/2004 3:10:38 AM C:\WINNT\System32\plugin.ocx
HKEY_LOCAL_MACHINE Software\Classes\Software\RealNetworks\RealPlayer\6.0\Preferences\SystemCookiesPath 10/23/2004 10:31:21 AM C:\WINNT\System32\syscookies.txt
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Run 10/11/2006 11:49:26 AM virus C:\WINNT\system32\virus1.exe
HKEY_LOCAL_MACHINE Software\Microsoft\Windows Media Device Manager 11/6/2004 1:20:40 PM Log.Filename C:\WINNT\System32\Wmdm.log
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{01CF74F5-A313-4CEA-AAC7-D4A983B5B125}\0.0\HELPDIR 10/25/2004 9:46:53 AM C:\WINNT\Twain_32\QuickCam\
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{01CF74F5-A313-4CEA-AAC7-D4A983B5B125}\0.0\0\win32 10/25/2004 9:46:53 AM C:\WINNT\Twain_32\QuickCam\lvWIAext.dll
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{D72EC833-A24A-4A71-8BE1-31C224629287}\1.0\HELPDIR 5/8/2005 4:50:27 AM C:\WINNT\wt\webdriver\4.1.1
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{D72EC833-A24A-4A71-8BE1-31C224629287}\1.0\0\win32 5/8/2005 4:50:27 AM C:\WINNT\wt\webdriver\4.1.1\WTHost.exe
HKEY_CURRENT_USER Software\Monkey's Audio\Settings 5/14/2006 7:59:31 AM Add Files MRU List D:\++++++DAVID++++++\eMule\Incoming\
HKEY_USERS S-1-5-21-2000478354-220523388-682003330-500\Software\Monkey's Audio\Settings 5/14/2006 7:59:31 AM Add Files MRU List D:\++++++DAVID++++++\eMule\Incoming\
HKEY_CURRENT_USER Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU 10/13/2006 1:06:43 AM a D:\++++++DAVID++++++\hijackthis\hijackthis1
HKEY_USERS S-1-5-21-2000478354-220523388-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU 10/13/2006 1:06:43 AM a D:\++++++DAVID++++++\hijackthis\hijackthis1
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F1B496B301445D115AA4000972A8B18B 3/2/2006 7:28:12 AM A2B88922A473B7A47B591AFA2F40B69E D:\gdiplus.dll
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F1B496B301445D115AA4000972A8B18B 3/2/2006 7:28:12 AM 535C30B9AEA32fe43B62A0102A020743 D:\gdiplus.dll
HKEY_LOCAL_MACHINE Software\NAMCO\Street Racing Syndicate 12/22/2005 1:42:25 PM InstallDir D:\nfs\ssrs\bin
HKEY_CURRENT_USER Software\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command 1/28/2006 2:54:59 AM D:\Office10\FRONTPG.EXE
HKEY_USERS S-1-5-21-2000478354-220523388-682003330-500\Software\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command 1/28/2006 2:54:59 AM D:\Office10\FRONTPG.EXE
HKEY_LOCAL_MACHINE Software\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command 10/12/2006 7:16:22 PM D:\Office10\FRONTPG.EXE
HKEY_LOCAL_MACHINE Software\Microsoft\Shared\HTML\Default Editor\shell\Edit\command 1/28/2006 2:47:30 AM D:\Office10\FRONTPG.EXE
HKEY_LOCAL_MACHINE Software\Microsoft\Shared\HTML\Old Default Editor\shell\Edit\command 1/28/2006 2:47:30 AM D:\Office10\FRONTPG.EXE
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version\10 1/28/2006 2:47:30 AM D:\Office10\msohtmed.exe
HKEY_LOCAL_MACHINE Software\Microsoft\Office\10.0\Word\Text Converters\Import\MSPAB 2/16/2006 2:40:40 PM Path D:\Office10\WWPAB.CNV
HKEY_LOCAL_MACHINE Software\Microsoft\Office\10.0\Word\Text Converters\Import\OUTLOOK 2/16/2006 2:40:40 PM Path D:\Office10\WWPAB.CNV
HKEY_LOCAL_MACHINE Software\Microsoft\Office\10.0\Word\Text Converters\Import\SPLUS 2/16/2006 2:40:40 PM Path D:\Office10\WWPAB.CNV
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{CC2C83A6-9BE4-11D0-98E7-00C04FC2CAF5}\InprocServer32 10/12/2006 7:11:44 PM SystemDB D:\OFFICE11\1033\system.mdw
HKEY_LOCAL_MACHINE Software\Microsoft\Office\11.0\Common\Assistant 3/9/2006 6:48:46 AM AsstPath D:\OFFICE11\Actors
HKEY_LOCAL_MACHINE Software\Microsoft\Office\11.0\Common\Assistant 3/9/2006 6:48:46 AM AsstSourcePath D:\OFFICE11\Actors
HKEY_CURRENT_USER Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe 10/14/2006 1:25:31 PM e E:\++++++DAVID++++++\WarRock\WR_OBT3-6_PATCH.exe
HKEY_USERS S-1-5-21-2000478354-220523388-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe 10/14/2006 1:25:31 PM e E:\++++++DAVID++++++\WarRock\WR_OBT3-6_PATCH.exe
HKEY_CURRENT_USER Software\WinRAR\DialogEditHistory\ExtrPath 10/14/2006 1:29:42 PM 1 E:\++++++DAVID++++++\WarRock_OpenBeta
HKEY_USERS S-1-5-21-2000478354-220523388-682003330-500\Software\WinRAR\DialogEditHistory\ExtrPath 10/14/2006 1:29:42 PM 1 E:\++++++DAVID++++++\WarRock_OpenBeta
HKEY_CURRENT_USER Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\zip 10/14/2006 1:29:19 PM a E:\++++++DAVID++++++\WarRock_OpenBeta.zip
HKEY_CURRENT_USER Software\WinRAR\ArcHistory 10/14/2006 1:29:37 PM 3 E:\++++++DAVID++++++\WarRock_OpenBeta.zip
HKEY_USERS S-1-5-21-2000478354-220523388-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\zip 10/14/2006 1:29:19 PM a E:\++++++DAVID++++++\WarRock_OpenBeta.zip
HKEY_USERS S-1-5-21-2000478354-220523388-682003330-500\Software\WinRAR\ArcHistory 10/14/2006 1:29:37 PM 3 E:\++++++DAVID++++++\WarRock_OpenBeta.zip
HKEY_USERS .DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache 10/14/2006 8:00:28 AM D:\++++++DAVID++++++\eMule\emule.exe eMule
HKEY_USERS .DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache 10/14/2006 8:00:28 AM E:\EMULE\emule\eMule.exe eMule
HKEY_USERS .DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache 10/14/2006 8:00:28 AM E:\++++++DAVID++++++\eMule\emule.exe eMule
HKEY_USERS S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache 10/14/2006 8:00:28 AM D:\++++++DAVID++++++\eMule\emule.exe eMule
HKEY_USERS S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache 10/14/2006 8:00:28 AM E:\EMULE\emule\eMule.exe eMule
HKEY_USERS S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache 10/14/2006 8:00:28 AM E:\++++++DAVID++++++\eMule\emule.exe eMule
HKEY_USERS .DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache 10/14/2006 8:00:28 AM D:\++++++DAVID++++++\dOCS\elearning\CSS\Counter-Strike_Source_FINAL_READ_NFO-EMPORiO\emp-css\hl2.exe hl2
HKEY_USERS S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache 10/14/2006 8:00:28 AM D:\++++++DAVID++++++\dOCS\elearning\CSS\Counter-Strike_Source_FINAL_READ_NFO-EMPORiO\emp-css\hl2.exe hl2
HKEY_CURRENT_USER Software\Microsoft\Windows\ShellNoRoam\MUICache 10/14/2006 1:29:52 PM E:\++++++DAVID++++++\WarRock_OpenBeta\wrinstaller.exe InstallerUS
HKEY_USERS S-1-5-21-2000478354-220523388-682003330-500\Software\Microsoft\Windows\ShellNoRoam\MUICache 10/14/2006 1:29:52 PM E:\++++++DAVID++++++\WarRock_OpenBeta\wrinstaller.exe InstallerUS
HKEY_USERS .DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache 10/14/2006 8:00:28 AM C:\WINNT\TEMP\RarSFX0\lsetup.exe LiveUpdate Installer
HKEY_USERS S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache 10/14/2006 8:00:28 AM C:\WINNT\TEMP\RarSFX0\lsetup.exe LiveUpdate Installer
HKEY_CURRENT_USER Software\Microsoft\Windows\ShellNoRoam\MUICache 10/14/2006 1:29:52 PM C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~nsu.tmp\Au_.exe NJStar Communicator 2.60 Shareware Setup
HKEY_USERS S-1-5-21-2000478354-220523388-682003330-500\Software\Microsoft\Windows\ShellNoRoam\MUICache 10/14/2006 1:29:52 PM C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~nsu.tmp\Au_.exe NJStar Communicator 2.60 Shareware Setup
HKEY_CURRENT_USER Software\Microsoft\Windows\ShellNoRoam\MUICache 10/14/2006 1:29:52 PM E:\++++++DAVID++++++\WarRock\WR_OBT3-6_PATCH.exe Setup.exe
HKEY_USERS S-1-5-21-2000478354-220523388-682003330-500\Software\Microsoft\Windows\ShellNoRoam\MUICache 10/14/2006 1:29:52 PM E:\++++++DAVID++++++\WarRock\WR_OBT3-6_PATCH.exe Setup.exe
HKEY_CURRENT_USER Software\Microsoft\Windows\ShellNoRoam\MUICache 10/14/2006 1:29:52 PM C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-ILI9A.tmp\is-HRE7H.tmp Setup/Uninstall
HKEY_CURRENT_USER Software\Microsoft\Windows\ShellNoRoam\MUICache 10/14/2006 1:29:52 PM C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-GCUBU.tmp\is-D4I05.tmp Setup/Uninstall
HKEY_USERS S-1-5-21-2000478354-220523388-682003330-500\Software\Microsoft\Windows\ShellNoRoam\MUICache 10/14/2006 1:29:52 PM C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-ILI9A.tmp\is-HRE7H.tmp Setup/Uninstall
HKEY_USERS S-1-5-21-2000478354-220523388-682003330-500\Software\Microsoft\Windows\ShellNoRoam\MUICache 10/14/2006 1:29:52 PM C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-GCUBU.tmp\is-D4I05.tmp Setup/Uninstall
HKEY_USERS .DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache 10/14/2006 8:00:28 AM C:\WINNT\system32\ZoneLabs\vsmon.exe TrueVector Service
HKEY_USERS S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache 10/14/2006 8:00:28 AM C:\WINNT\system32\ZoneLabs\vsmon.exe TrueVector Service
HKEY_CURRENT_USER Software\Microsoft\Windows\ShellNoRoam\MUICache 10/14/2006 1:29:52 PM E:\++++++DAVID++++++\WarRock\Uninstall.exe Uninstall
HKEY_USERS S-1-5-21-2000478354-220523388-682003330-500\Software\Microsoft\Windows\ShellNoRoam\MUICache 10/14/2006 1:29:52 PM E:\++++++DAVID++++++\WarRock\Uninstall.exe Uninstall
HKEY_CURRENT_USER Software\Microsoft\Windows\ShellNoRoam\MUICache 10/14/2006 1:29:52 PM E:\++++++DAVID++++++\WarRock\System\Warrock.exe Warrock
HKEY_USERS S-1-5-21-2000478354-220523388-682003330-500\Software\Microsoft\Windows\ShellNoRoam\MUICache 10/14/2006 1:29:52 PM E:\++++++DAVID++++++\WarRock\System\Warrock.exe Warrock
HKEY_CURRENT_USER Software\Microsoft\Windows\ShellNoRoam\MUICache 10/14/2006 1:29:52 PM E:\++++++DAVID++++++\WarRock\WRLauncher.exe WRLauncher
HKEY_USERS S-1-5-21-2000478354-220523388-682003330-500\Software\Microsoft\Windows\ShellNoRoam\MUICache 10/14/2006 1:29:52 PM E:\++++++DAVID++++++\WarRock\WRLauncher.exe WRLauncher
HKEY_CURRENT_USER Software\Microsoft\Windows\ShellNoRoam\MUICache 10/14/2006 1:29:52 PM E:\++++++DAVID++++++\WarRock\WRUpdater.exe WRUpdater
HKEY_USERS S-1-5-21-2000478354-220523388-682003330-500\Software\Microsoft\Windows\ShellNoRoam\MUICache 10/14/2006 1:29:52 PM E:\++++++DAVID++++++\WarRock\WRUpdater.exe WRUpdater
HKEY_CURRENT_USER Software\Netscape\Netscape Navigator\User Trusted External Applications 7/29/2006 12:44:59 AM C:\PROGRA~1\QUICKT~1\QuickTimePlayer.exe Yes
HKEY_CURRENT_USER Software\Netscape\Netscape Navigator\User Trusted External Applications 7/29/2006 12:44:59 AM C:\PROGRA~1\QUICKT~1\PictureViewer.exe Yes
HKEY_USERS S-1-5-21-2000478354-220523388-682003330-500\Software\Netscape\Netscape Navigator\User Trusted External Applications 7/29/2006 12:44:59 AM C:\PROGRA~1\QUICKT~1\QuickTimePlayer.exe Yes
HKEY_USERS S-1-5-21-2000478354-220523388-682003330-500\Software\Netscape\Netscape Navigator\User Trusted External Applications 7/29/2006 12:44:59 AM C:\PROGRA~1\QUICKT~1\PictureViewer.exe Yes
HKEY_CURRENT_USER Software\Microsoft\Windows\ShellNoRoam\MUICache 10/14/2006 1:29:52 PM C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ICD1.tmp\_install.bat _install
HKEY_USERS S-1-5-21-2000478354-220523388-682003330-500\Software\Microsoft\Windows\ShellNoRoam\MUICache 10/14/2006 1:29:52 PM C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ICD1.tmp\_install.bat _install
davidche
14 Oct 06, 21:58

Can someone teach me how to make a back up on those registrys so that Mayi doesnt need to strain her eyes to read the log.
ndmmxiaomayi
14 Oct 06, 22:46

I have not gone through the log yet and probably won't till somewhat later.

But to backup, open registry editor (Start > Run, regedit)

Click on File > Export

Type in any name you like for file name.

In the Save As Type, make sure it is Registry Files (*.reg)

Click Save. Your registry is now backup.
ndmmxiaomayi
14 Oct 06, 23:45

Whatever produces this log, please have that program to delete this line:

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Run 10/11/2006 11:49:26 AM virus C:\WINNT\system32\virus1.exe

The virus you caught recently...