Loading dump 1.
Parsing dump 1.
Loading dump 2.
Parsing dump 2.
Comparing the two dumps.
Comparsion result:
CRE HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\sysacpildap
CRE HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\sysacpildap\
CRE HKEY_CLASSES_ROOT\AppID\{78364D99-A640-4ddf-B91A-67EFF8373045}
CRE HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
CRE HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}\
CRE HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}\InprocServer32
CRE HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}\InprocServer32\
CRE HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}\InprocServer32\ThreadingModel
CRE HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}\ProgID
CRE HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}\ProgID\
CRE HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}\Programmable
CRE HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}\TypeLib
CRE HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}\TypeLib\
CRE HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}\VersionIndependentProgID
CRE HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}\VersionIndependentProgID\
CRE HKEY_CLASSES_ROOT\CLSID\{78364D99-A640-4ddf-B91A-67EFF8373045}
CRE HKEY_CLASSES_ROOT\CLSID\{78364D99-A640-4ddf-B91A-67EFF8373045}\InprocServer32
CRE HKEY_CLASSES_ROOT\CLSID\{78364D99-A640-4ddf-B91A-67EFF8373045}\InprocServer32\
CRE HKEY_CLASSES_ROOT\CLSID\{78364D99-A640-4ddf-B91A-67EFF8373045}\InprocServer32\ThreadingModel
CRE HKEY_CLASSES_ROOT\CLSID\{ABFF9C19-5D63-4824-ADF9-47CE6BA5D82D}
CRE HKEY_CLASSES_ROOT\CLSID\{ABFF9C19-5D63-4824-ADF9-47CE6BA5D82D}\InProcServer32
CRE HKEY_CLASSES_ROOT\CLSID\{ABFF9C19-5D63-4824-ADF9-47CE6BA5D82D}\InProcServer32\
CRE HKEY_CLASSES_ROOT\Interface\{5E2121ED-0300-11D4-8D3B-444553540000}
CRE HKEY_CLASSES_ROOT\Interface\{5E2121ED-0300-11D4-8D3B-444553540000}\
CRE HKEY_CLASSES_ROOT\Interface\{5E2121ED-0300-11D4-8D3B-444553540000}\ProxyStubClsid
CRE HKEY_CLASSES_ROOT\Interface\{5E2121ED-0300-11D4-8D3B-444553540000}\ProxyStubClsid32
CRE HKEY_CLASSES_ROOT\Interface\{5E2121ED-0300-11D4-8D3B-444553540000}\ProxyStubClsid32\
CRE HKEY_CLASSES_ROOT\Interface\{5E2121ED-0300-11D4-8D3B-444553540000}\ProxyStubClsid\
CRE HKEY_CLASSES_ROOT\Interface\{5E2121ED-0300-11D4-8D3B-444553540000}\TypeLib
CRE HKEY_CLASSES_ROOT\Interface\{5E2121ED-0300-11D4-8D3B-444553540000}\TypeLib\
CRE HKEY_CLASSES_ROOT\Interface\{5E2121ED-0300-11D4-8D3B-444553540000}\TypeLib\Version
CRE HKEY_CLASSES_ROOT\TypeLib\{5E2121E1-0300-11D4-8D3B-444553540000}
CRE HKEY_CLASSES_ROOT\TypeLib\{5E2121E1-0300-11D4-8D3B-444553540000}\1.0
CRE HKEY_CLASSES_ROOT\TypeLib\{5E2121E1-0300-11D4-8D3B-444553540000}\1.0\
CRE HKEY_CLASSES_ROOT\TypeLib\{5E2121E1-0300-11D4-8D3B-444553540000}\1.0\0
CRE HKEY_CLASSES_ROOT\TypeLib\{5E2121E1-0300-11D4-8D3B-444553540000}\1.0\0\win32
CRE HKEY_CLASSES_ROOT\TypeLib\{5E2121E1-0300-11D4-8D3B-444553540000}\1.0\0\win32\
CRE HKEY_CLASSES_ROOT\TypeLib\{5E2121E1-0300-11D4-8D3B-444553540000}\1.0\FLAGS
CRE HKEY_CLASSES_ROOT\TypeLib\{5E2121E1-0300-11D4-8D3B-444553540000}\1.0\FLAGS\
CRE HKEY_CLASSES_ROOT\TypeLib\{5E2121E1-0300-11D4-8D3B-444553540000}\1.0\HELPDIR
CRE HKEY_CLASSES_ROOT\TypeLib\{5E2121E1-0300-11D4-8D3B-444553540000}\1.0\HELPDIR\
CRE HKEY_CLASSES_ROOT\acpi.acpi.1
CRE HKEY_CLASSES_ROOT\acpi.acpi.1\
CRE HKEY_CLASSES_ROOT\acpi.acpi.1\CLSID
CRE HKEY_CLASSES_ROOT\acpi.acpi.1\CLSID\
CRE HKEY_CLASSES_ROOT\acpi.ext
CRE HKEY_CLASSES_ROOT\acpi.ext\
CRE HKEY_CLASSES_ROOT\acpi.ext\CLSID
CRE HKEY_CLASSES_ROOT\acpi.ext\CLSID\
CRE HKEY_CLASSES_ROOT\acpi.ext\CurVer
CRE HKEY_CLASSES_ROOT\acpi.ext\CurVer\
CRE HKEY_CURRENT_USER\Control Panel\Desktop\Pattern
CRE HKEY_CURRENT_USER\Identities\{33866AE5-4D35-49BC-993A-B7D29B1503DB}\Software\Microsoft\Internet Account Manager
CRE HKEY_CURRENT_USER\Identities\{33866AE5-4D35-49BC-993A-B7D29B1503DB}\Software\Microsoft\Internet Account Manager\Accounts
CRE HKEY_CURRENT_USER\Network
CRE HKEY_CURRENT_USER\Network\ColorTable19
CRE HKEY_CURRENT_USER\Network\ColorTable20
CRE HKEY_CURRENT_USER\Software\Install
CRE HKEY_CURRENT_USER\Software\Install\Version
CRE HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager
CRE HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts
CRE HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\SafeMode\Components
CRE HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\SafeMode\Components\DeskHtmlMinorVersion
CRE HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\SafeMode\Components\DeskHtmlVersion
CRE HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\SafeMode\Components\Settings
CRE HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU
CRE HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU\Cache
CRE HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU\Enable
CRE HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU\Factor
CRE HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits
CRE HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU\Size
CRE HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\b
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\log
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\log\MRUList
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\log\a
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\log\b
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\log\c
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.log\OpenWithList\b
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.log
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.log\0
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.log\1
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.log\2
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.log\MRUListEx
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\11
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\12
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\13
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz\Rgurerny\havafgnyy.rkr
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz\flfgrzfureybpx\qhzc_pbzcner_pbcl.ong
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Rgurerny\Havafgnyy Rgurerny.yax
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050620
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050620\CacheLimit
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050620\CacheOptions
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050620\CachePath
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050620\CachePrefix
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050620\CacheRepair
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005062220050623
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005062220050623\CacheLimit
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005062220050623\CacheOptions
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005062220050623\CachePath
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005062220050623\CachePrefix
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005062220050623\CacheRepair
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoAddingComponents
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoComponents
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoDeletingComponents
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoEditingComponents
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktop
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\Wallpaper
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\PayTime
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SNInstall
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Windows installer
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\aupd
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\BagMRU\3
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\BagMRU\3\MRUListEx
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\BagMRU\3\NodeSlot
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\16
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\16\Shell
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\16\Shell\FolderType
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@%SystemRoot%\system32\shell32.dll,-22563
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@%SystemRoot%\system32\tourstart.exe,-2
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\Program\MSNGAM~1\Windows\bckgres.dll,-1212
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\Program\MSNGAM~1\Windows\chkrres.dll,-1212
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\Program\MSNGAM~1\Windows\hrtzres.dll,-1212
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\Program\MSNGAM~1\Windows\rvseres.dll,-1212
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\Program\MSNGAM~1\Windows\shvlres.dll,-1212
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\System32\comres.dll,-661
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\System32\mstsc.exe,-4000
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\compatUI.dll,-115
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\hnetwiz.dll,-3085
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\mshearts.exe,-413
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\netshell.dll,-1010
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\netshell.dll,-1200
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\notepad.exe,-469
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\restore\rstrui.exe,-2048
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\spider.exe,-56
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\usmt\migwiz.exe,-202
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@explorer.exe,-7004
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@sendmail.dll,-21
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@sendmail.dll,-4
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-12589
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-12590
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-12691
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-21760
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-21762
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-21768
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-21772
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-21788
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22016
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22017
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22018
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22019
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22021
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22022
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22023
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22025
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22026
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22027
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22029
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22030
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22031
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22040
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22041
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22045
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22052
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22054
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22055
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22057
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22058
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22059
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22060
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22061
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22062
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22063
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22065
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22066
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22067
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22069
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\@zipfldr.dll,-10148
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\Roger\LOKALA~1\Temp\A~NSISu_.exe
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program\hjt\HijackThis.exe
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\System32\taskmgr.exe
CRE HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\c:\windows\system32\mdms.exe
CRE HKEY_CURRENT_USER\Software\mzs
CRE HKEY_CURRENT_USER\Software\mzs\mdms
CRE HKEY_CURRENT_USER\Software\mzs\mdms\mzu
CRE HKEY_CURRENT_USER\Software\mzs\mdms\mzu\cid
CRE HKEY_CURRENT_USER\Software\mzs\mdms\mzu\fa
CRE HKEY_CURRENT_USER\Software\mzs\mdms\mzu\fc
CRE HKEY_CURRENT_USER\Software\mzs\mdms\mzu\fu
CRE HKEY_CURRENT_USER\Software\mzs\mdms\mzu\newhost
CRE HKEY_CURRENT_USER\Software\mzs\mdms\mzu\pt
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\sysacpildap
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\sysacpildap\
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{78364D99-A640-4ddf-B91A-67EFF8373045}
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}\
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}\InprocServer32
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}\InprocServer32\
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}\InprocServer32\ThreadingModel
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}\ProgID
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}\ProgID\
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}\Programmable
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}\TypeLib
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}\TypeLib\
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}\VersionIndependentProgID
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}\VersionIndependentProgID\
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78364D99-A640-4ddf-B91A-67EFF8373045}
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78364D99-A640-4ddf-B91A-67EFF8373045}\InprocServer32
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78364D99-A640-4ddf-B91A-67EFF8373045}\InprocServer32\
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78364D99-A640-4ddf-B91A-67EFF8373045}\InprocServer32\ThreadingModel
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABFF9C19-5D63-4824-ADF9-47CE6BA5D82D}
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABFF9C19-5D63-4824-ADF9-47CE6BA5D82D}\InProcServer32
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABFF9C19-5D63-4824-ADF9-47CE6BA5D82D}\InProcServer32\
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5E2121ED-0300-11D4-8D3B-444553540000}
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5E2121ED-0300-11D4-8D3B-444553540000}\
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5E2121ED-0300-11D4-8D3B-444553540000}\ProxyStubClsid
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5E2121ED-0300-11D4-8D3B-444553540000}\ProxyStubClsid32
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5E2121ED-0300-11D4-8D3B-444553540000}\ProxyStubClsid32\
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5E2121ED-0300-11D4-8D3B-444553540000}\ProxyStubClsid\
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5E2121ED-0300-11D4-8D3B-444553540000}\TypeLib
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5E2121ED-0300-11D4-8D3B-444553540000}\TypeLib\
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5E2121ED-0300-11D4-8D3B-444553540000}\TypeLib\Version
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5E2121E1-0300-11D4-8D3B-444553540000}
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5E2121E1-0300-11D4-8D3B-444553540000}\1.0
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5E2121E1-0300-11D4-8D3B-444553540000}\1.0\
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5E2121E1-0300-11D4-8D3B-444553540000}\1.0\0
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5E2121E1-0300-11D4-8D3B-444553540000}\1.0\0\win32
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5E2121E1-0300-11D4-8D3B-444553540000}\1.0\0\win32\
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5E2121E1-0300-11D4-8D3B-444553540000}\1.0\FLAGS
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5E2121E1-0300-11D4-8D3B-444553540000}\1.0\FLAGS\
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5E2121E1-0300-11D4-8D3B-444553540000}\1.0\HELPDIR
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5E2121E1-0300-11D4-8D3B-444553540000}\1.0\HELPDIR\
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\acpi.acpi.1
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\acpi.acpi.1\
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\acpi.acpi.1\CLSID
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\acpi.acpi.1\CLSID\
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\acpi.ext
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\acpi.ext\
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\acpi.ext\CLSID
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\acpi.ext\CLSID\
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\acpi.ext\CurVer
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\acpi.ext\CurVer\
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DownloadManager
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Desktop
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Desktop\General
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\WallpaperFileTime
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\WallpaperLocalFileTime
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\drct16
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\drct16\Asynchronous
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\drct16\DllName
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\drct16\Impersonate
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\drct16\MaxWait
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\drct16\Startup
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tcpG4T
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tcpG4T\Asynchronous
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tcpG4T\DllName
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tcpG4T\Impersonate
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tcpG4T\MaxWait
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tcpG4T\Startup
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tcpG4T\key4
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\hws
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78364D99-A640-4ddf-B91A-67EFF8373045}
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PayTime
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SysMemory manager
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5E2121EE-0300-11D4-8D3B-444553540000}
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\System
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis\DisplayIcon
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis\DisplayName
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis\DisplayVersion
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis\Publisher
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis\URLInfoAbout
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis\UninstallString
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Windows
CRE HKEY_LOCAL_MACHINE\SOFTWARE\Windows\phid
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Impersonate
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Memory Management\EnforceWriteProtection
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\PendingFileRenameOperations
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\StackSize
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSUDP4
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSUDP4\0000
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSUDP4\0000\Class
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSUDP4\0000\ClassGUID
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSUDP4\0000\ConfigFlags
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSUDP4\0000\Control
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSUDP4\0000\Control\*NewlyCreated*
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSUDP4\0000\Control\ActiveService
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSUDP4\0000\DeviceDesc
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSUDP4\0000\Legacy
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSUDP4\0000\Service
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSUDP4\NextInstance
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RASMAN\0000\Control
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RASMAN\0000\Control\ActiveService
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TAPISRV\0000\Control
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TAPISRV\0000\Control\ActiveService
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_VDMT16
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_VDMT16\0000
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_VDMT16\0000\Class
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_VDMT16\0000\ClassGUID
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_VDMT16\0000\ConfigFlags
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_VDMT16\0000\Control
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_VDMT16\0000\Control\*NewlyCreated*
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_VDMT16\0000\Control\ActiveService
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_VDMT16\0000\DeviceDesc
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_VDMT16\0000\Legacy
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_VDMT16\0000\Service
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_VDMT16\NextInstance
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINLOW
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINLOW\0000
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINLOW\0000\Class
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINLOW\0000\ClassGUID
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINLOW\0000\ConfigFlags
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINLOW\0000\Control
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINLOW\0000\Control\*NewlyCreated*
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINLOW\0000\Control\ActiveService
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINLOW\0000\DeviceDesc
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINLOW\0000\Legacy
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINLOW\0000\Service
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINLOW\NextInstance
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Microsoft H.323 Telephony Service Provider
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Microsoft H.323 Telephony Service Provider\EventMessageFile
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Microsoft H.323 Telephony Service Provider\TypesSupported
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\System32\cssrs.exe
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\tool1.exe
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VFILT
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msudp4
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msudp4\DisplayName
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msudp4\Enum
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msudp4\Enum\0
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msudp4\Enum\Count
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msudp4\Enum\NextInstance
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msudp4\ErrorControl
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msudp4\ImagePath
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msudp4\Security
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msudp4\Security\Security
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msudp4\Start
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msudp4\Type
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vdmt16
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vdmt16\DisplayName
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vdmt16\Enum
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vdmt16\Enum\0
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vdmt16\Enum\Count
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vdmt16\Enum\NextInstance
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vdmt16\ErrorControl
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vdmt16\ImagePath
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vdmt16\Security
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vdmt16\Security\Security
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vdmt16\Start
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vdmt16\Type
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winlow
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winlow\DisplayName
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winlow\Enum
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winlow\Enum\0
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winlow\Enum\Count
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winlow\Enum\NextInstance
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winlow\ErrorControl
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winlow\ImagePath
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winlow\Security
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winlow\Security\Security
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winlow\Start
CRE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winlow\Type
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Impersonate
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\EnforceWriteProtection
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StackSize
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSUDP4
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSUDP4\0000
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSUDP4\0000\Class
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSUDP4\0000\ClassGUID
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSUDP4\0000\ConfigFlags
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSUDP4\0000\Control
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSUDP4\0000\Control\*NewlyCreated*
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSUDP4\0000\Control\ActiveService
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSUDP4\0000\DeviceDesc
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSUDP4\0000\Legacy
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSUDP4\0000\Service
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSUDP4\NextInstance
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RASMAN\0000\Control
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RASMAN\0000\Control\ActiveService
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TAPISRV\0000\Control
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TAPISRV\0000\Control\ActiveService
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VDMT16
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VDMT16\0000
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VDMT16\0000\Class
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VDMT16\0000\ClassGUID
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VDMT16\0000\ConfigFlags
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VDMT16\0000\Control
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VDMT16\0000\Control\*NewlyCreated*
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VDMT16\0000\Control\ActiveService
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VDMT16\0000\DeviceDesc
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VDMT16\0000\Legacy
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VDMT16\0000\Service
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VDMT16\NextInstance
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINLOW
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINLOW\0000
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINLOW\0000\Class
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINLOW\0000\ClassGUID
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINLOW\0000\ConfigFlags
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINLOW\0000\Control
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINLOW\0000\Control\*NewlyCreated*
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINLOW\0000\Control\ActiveService
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINLOW\0000\DeviceDesc
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINLOW\0000\Legacy
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINLOW\0000\Service
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINLOW\NextInstance
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft H.323 Telephony Service Provider
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft H.323 Telephony Service Provider\EventMessageFile
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft H.323 Telephony Service Provider\TypesSupported
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\System32\cssrs.exe
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\tool1.exe
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VFILT
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msudp4
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msudp4\DisplayName
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msudp4\Enum
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msudp4\Enum\0
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msudp4\Enum\Count
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msudp4\Enum\NextInstance
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msudp4\ErrorControl
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msudp4\ImagePath
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msudp4\Security
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msudp4\Security\Security
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msudp4\Start
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msudp4\Type
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdmt16
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdmt16\DisplayName
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdmt16\Enum
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdmt16\Enum\0
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdmt16\Enum\Count
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdmt16\Enum\NextInstance
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdmt16\ErrorControl
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdmt16\ImagePath
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdmt16\Security
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdmt16\Security\Security
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdmt16\Start
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdmt16\Type
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winlow
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winlow\DisplayName
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winlow\Enum
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winlow\Enum\0
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winlow\Enum\Count
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winlow\Enum\NextInstance
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winlow\ErrorControl
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winlow\ImagePath
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winlow\Security
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winlow\Security\Security
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winlow\Start
CRE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winlow\Type
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Control Panel\Desktop\Pattern
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Identities\{33866AE5-4D35-49BC-993A-B7D29B1503DB}\Software\Microsoft\Internet Account Manager
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Identities\{33866AE5-4D35-49BC-993A-B7D29B1503DB}\Software\Microsoft\Internet Account Manager\Accounts
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Network
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Network\ColorTable19
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Network\ColorTable20
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Install
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Install\Version
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Internet Account Manager
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Internet Account Manager\Accounts
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Internet Explorer\Desktop\SafeMode\Components
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Internet Explorer\Desktop\SafeMode\Components\DeskHtmlMinorVersion
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Internet Explorer\Desktop\SafeMode\Components\DeskHtmlVersion
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Internet Explorer\Desktop\SafeMode\Components\Settings
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Internet Explorer\International\CpMRU
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Internet Explorer\International\CpMRU\Cache
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Internet Explorer\International\CpMRU\Enable
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Internet Explorer\International\CpMRU\Factor
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Internet Explorer\International\CpMRU\Size
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\b
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\log
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\log\MRUList
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\log\a
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\log\b
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\log\c
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.log\OpenWithList\b
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.log
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.log\0
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.log\1
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.log\2
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.log\MRUListEx
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\11
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\12
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\13
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz\Rgurerny\havafgnyy.rkr
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz\flfgrzfureybpx\qhzc_pbzcner_pbcl.ong
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Rgurerny\Havafgnyy Rgurerny.yax
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050620
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050620\CacheLimit
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050620\CacheOptions
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050620\CachePath
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050620\CachePrefix
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050620\CacheRepair
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005062220050623
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005062220050623\CacheLimit
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005062220050623\CacheOptions
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005062220050623\CachePath
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005062220050623\CachePrefix
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005062220050623\CacheRepair
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoAddingComponents
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoComponents
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoDeletingComponents
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoEditingComponents
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktop
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Policies\System
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Policies\System\Wallpaper
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\PayTime
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\SNInstall
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\Windows installer
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\aupd
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\3
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\3\MRUListEx
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\3\NodeSlot
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\16
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\16\Shell
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\16\Shell\FolderType
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@%SystemRoot%\system32\shell32.dll,-22563
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@%SystemRoot%\system32\tourstart.exe,-2
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\Program\MSNGAM~1\Windows\bckgres.dll,-1212
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\Program\MSNGAM~1\Windows\chkrres.dll,-1212
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\Program\MSNGAM~1\Windows\hrtzres.dll,-1212
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\Program\MSNGAM~1\Windows\rvseres.dll,-1212
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\Program\MSNGAM~1\Windows\shvlres.dll,-1212
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\System32\comres.dll,-661
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\System32\mstsc.exe,-4000
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\compatUI.dll,-115
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\hnetwiz.dll,-3085
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\mshearts.exe,-413
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\netshell.dll,-1010
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\netshell.dll,-1200
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\notepad.exe,-469
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\restore\rstrui.exe,-2048
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\spider.exe,-56
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\usmt\migwiz.exe,-202
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@explorer.exe,-7004
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@sendmail.dll,-21
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@sendmail.dll,-4
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-12589
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-12590
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-12691
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-21760
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-21762
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-21768
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-21772
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-21788
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22016
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22017
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22018
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22019
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22021
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22022
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22023
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22025
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22026
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22027
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22029
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22030
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22031
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22040
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22041
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22045
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22052
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22054
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22055
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22057
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22058
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22059
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22060
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22061
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22062
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22063
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22065
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22066
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22067
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-22069
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@zipfldr.dll,-10148
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\Roger\LOKALA~1\Temp\A~NSISu_.exe
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program\hjt\HijackThis.exe
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\System32\taskmgr.exe
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\c:\windows\system32\mdms.exe
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\mzs
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\mzs\mdms
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\mzs\mdms\mzu
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\mzs\mdms\mzu\cid
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\mzs\mdms\mzu\fa
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\mzs\mdms\mzu\fc
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\mzs\mdms\mzu\fu
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\mzs\mdms\mzu\newhost
CRE HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\mzs\mdms\mzu\pt
CRE c:\Documents and Settings\Roger\Application Data\Install.dat
CRE c:\Documents and Settings\Roger\Cookies\roger@maiden4u[1].txt
CRE c:\Documents and Settings\Roger\Cookies\roger@spylog[1].txt
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temp\01808300
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temp\01808300\1436.tmp
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temp\01808300\1688.tmp
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temp\01808300\1704.tmp
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temp\01808300\556.tmp
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temp\018907300
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temp\3.exe
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temp\A~NSISu_.exe
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temp\dima.exe
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\492F49EJ\ab[1].htm
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\492F49EJ\ab[1].php
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\492F49EJ\adv453[1].htm
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\492F49EJ\dl[1].htm
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\492F49EJ\hayley04[1].jpg
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\492F49EJ\kl[1].txt
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\492F49EJ\latest[1].exe
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\492F49EJ\ms3[1].txt
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\492F49EJ\redir-error.gandi[1].htm
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\492F49EJ\sploit[1].anr
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\492F49EJ\tibs[1].htm
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\492F49EJ\tnPICT0024[1].jpg
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\492F49EJ\tnPICT0099[1].jpg
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\8XMJGLIZ\ab[1].htm
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\8XMJGLIZ\bc[1].php
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\8XMJGLIZ\hosts[1].txt
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\8XMJGLIZ\ms001025[1].exe
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\8XMJGLIZ\p5290022[1].jpg
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\8XMJGLIZ\paydial[1].txt
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\8XMJGLIZ\takeme2[1].htm
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\8XMJGLIZ\tnPICT0076[1].jpg
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\8XMJGLIZ\tnPICT0092[1].jpg
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\8XMJGLIZ\tool1[1].txt
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\8XMJGLIZ\traffic.xlsites[1].htm
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\8XMJGLIZ\x[1].chm
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\C12FS9AV\bc[1].php
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\C12FS9AV\bc[2].php
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\C12FS9AV\cheat[1].htm
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\C12FS9AV\duo3-149[1].jpg
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\C12FS9AV\fb1big[1].jpg
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\C12FS9AV\latest[1].exe
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\C12FS9AV\maiden4u[1]
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\C12FS9AV\ms2[1].txt
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\C12FS9AV\ms4[1].txt
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\C12FS9AV\newdial[1].txt
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\C12FS9AV\paytime[1].txt
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\C12FS9AV\rita18[1].jpg
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\C12FS9AV\tnPICT0025[1].jpg
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\C12FS9AV\v0406007[1].exe
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\KHYB4HUB\X[1].exe
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\KHYB4HUB\ab[1].php
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\KHYB4HUB\abc[1].exe
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\KHYB4HUB\dluniq[1].htm
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\KHYB4HUB\ms1[1].txt
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\KHYB4HUB\takeme2[1]
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\KHYB4HUB\tnPICT0013[1].jpg
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\KHYB4HUB\tnPICT0020[1].jpg
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\KHYB4HUB\tnPICT0029[1].jpg
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\KHYB4HUB\tnPICT0151[1].jpg
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\KHYB4HUB\tool2[1].txt
CRE c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\KHYB4HUB\tool3[1].txt
CRE c:\Documents and Settings\Roger\Lokala inställningar\Tidigare\History.IE5\MSHist012005061320050620
CRE c:\Documents and Settings\Roger\Lokala inställningar\Tidigare\History.IE5\MSHist012005061320050620\index.dat
CRE c:\Documents and Settings\Roger\Lokala inställningar\Tidigare\History.IE5\MSHist012005062220050623
CRE c:\Documents and Settings\Roger\Lokala inställningar\Tidigare\History.IE5\MSHist012005062220050623\index.dat
CRE c:\Documents and Settings\Roger\Mina dokument\hijackthis1.log
CRE c:\Documents and Settings\Roger\Mina dokument\hijackthis2.log
CRE c:\Documents and Settings\Roger\Mina dokument\hijackthis3.log
CRE c:\Documents and Settings\Roger\Recent\hijackthis1.log.lnk
CRE c:\Documents and Settings\Roger\Recent\hijackthis2.log.lnk
CRE c:\Documents and Settings\Roger\Recent\hijackthis3.log.lnk
CRE c:\Program Files
CRE c:\Program Files\SpySheriff
CRE c:\Program Files\SpySheriff\IESecurity.dll
CRE c:\Program Files\SpySheriff\ProcMon.dll
CRE c:\Program Files\SpySheriff\SpySheriff.dvm
CRE c:\Program Files\SpySheriff\SpySheriff.exe
CRE c:\Program Files\SpySheriff\SpySheriff_1.dat
CRE c:\Program Files\SpySheriff\SpySheriff_2.dat
CRE c:\Program Files\SpySheriff\Uninstall.exe
CRE c:\Program Files\SpySheriff\found.wav
CRE c:\Program Files\SpySheriff\notfound.wav
CRE c:\Program Files\SpySheriff\removed.wav
CRE c:\Program\Ethereal\network-log-plain.txt
CRE c:\Program\Ethereal\network-log.txt
CRE c:\Program\systemsherlock\before.dat
CRE c:\Program\systemsherlock\network-log-urls.txt
CRE c:\WINDOWS\Prefetch\3.EXE-21ABB0A3.pf
CRE c:\WINDOWS\Prefetch\ABC.EXE-07B9AC72.pf
CRE c:\WINDOWS\Prefetch\A~NSISU_.EXE-1E338B64.pf
CRE c:\WINDOWS\Prefetch\CSSRS.EXE-2D17CF52.pf
CRE c:\WINDOWS\Prefetch\DIMA.EXE-25219D9B.pf
CRE c:\WINDOWS\Prefetch\GREP.EXE-0EA4342B.pf
CRE c:\WINDOWS\Prefetch\HAMMER.EXE-061B8F50.pf
CRE c:\WINDOWS\Prefetch\INIT32M.EXE-01180D52.pf
CRE c:\WINDOWS\Prefetch\KL.EXE-152C5F16.pf
CRE c:\WINDOWS\Prefetch\LATEST.EXE-0B20F8D2.pf
CRE c:\WINDOWS\Prefetch\LOADER.EXE-2F2E7DE7.pf
CRE c:\WINDOWS\Prefetch\LOADNEW.EXE-353BE620.pf
CRE c:\WINDOWS\Prefetch\MDMS.EXE-19631554.pf
CRE c:\WINDOWS\Prefetch\MS1.EXE-13CC3572.pf
CRE c:\WINDOWS\Prefetch\MS2.EXE-3B32A840.pf
CRE c:\WINDOWS\Prefetch\MS3.EXE-3A33B007.pf
CRE c:\WINDOWS\Prefetch\MS4.EXE-14CB2DAB.pf
CRE c:\WINDOWS\Prefetch\MSNETHLP32.EXE-026A2D06.pf
CRE c:\WINDOWS\Prefetch\MSZX23.EXE-2D920F13.pf
CRE c:\WINDOWS\Prefetch\PAYTIME.EXE-326BBEE6.pf
CRE c:\WINDOWS\Prefetch\SPANNER.EXE-3B84FA46.pf
CRE c:\WINDOWS\Prefetch\SYMCSVC.EXE-2255CDDC.pf
CRE c:\WINDOWS\Prefetch\SYS5430.EXE-29ADF4EA.pf
CRE c:\WINDOWS\Prefetch\SYS5432.EXE-03467A55.pf
CRE c:\WINDOWS\Prefetch\SYS5434.EXE-34B5D824.pf
CRE c:\WINDOWS\Prefetch\SYS5544.EXE-3225F8B1.pf
CRE c:\WINDOWS\Prefetch\SYS5546.EXE-1CF2A93F.pf
CRE c:\WINDOWS\Prefetch\SYS5547.EXE-320C3473.pf
CRE c:\WINDOWS\Prefetch\TIBS.EXE-23FB993B.pf
CRE c:\WINDOWS\Prefetch\TOOL1.EXE-0CD23B85.pf
CRE c:\WINDOWS\Prefetch\TOOL2.EXE-2CF952BB.pf
CRE c:\WINDOWS\Prefetch\TOOL3.EXE-22058AF7.pf
CRE c:\WINDOWS\Prefetch\UNINSTALL.EXE-2E9623DD.pf
CRE c:\WINDOWS\Prefetch\~UPDATE.EXE-03BEB2D6.pf
CRE c:\WINDOWS\System32mscore.bin
CRE c:\WINDOWS\desktop.html
CRE c:\WINDOWS\hammer.exe
CRE c:\WINDOWS\hosts
CRE c:\WINDOWS\kl.exe
CRE c:\WINDOWS\loadnew.exe
CRE c:\WINDOWS\ms1.exe
CRE c:\WINDOWS\ms2.exe
CRE c:\WINDOWS\ms3.exe
CRE c:\WINDOWS\ms4.exe
CRE c:\WINDOWS\sys5430.exe
CRE c:\WINDOWS\sys5432.exe
CRE c:\WINDOWS\sys5434.exe
CRE c:\WINDOWS\sys5544.exe
CRE c:\WINDOWS\sys5546.exe
CRE c:\WINDOWS\sys5547.exe
CRE c:\WINDOWS\system32\$$$_.log
CRE c:\WINDOWS\system32\abc.exe
CRE c:\WINDOWS\system32\appwiz.dll
CRE c:\WINDOWS\system32\config\SSL
CRE c:\WINDOWS\system32\cssrs.exe
CRE c:\WINDOWS\system32\init32m.exe
CRE c:\WINDOWS\system32\latest.exe
CRE c:\WINDOWS\system32\mdms.exe
CRE c:\WINDOWS\system32\msnethlp32.dll
CRE c:\WINDOWS\system32\msnethlp32.exe
CRE c:\WINDOWS\system32\newdial.exe
CRE c:\WINDOWS\system32\paydial.exe
CRE c:\WINDOWS\system32\paytime.exe
CRE c:\WINDOWS\system32\ps.a3d
CRE c:\WINDOWS\system32\spanner.exe
CRE c:\WINDOWS\system32\symcsvc.exe
CRE c:\WINDOWS\system32\tibs.exe
CRE c:\WINDOWS\system32\winacpi.dll
CRE c:\WINDOWS\system32\zlbw.dll
CRE c:\WINDOWS\system32\~update.exe
CRE c:\WINDOWS\tool2.exe
CRE c:\WINDOWS\tool3.exe
CRE c:\WINDOWS\uniq
CRE c:\WINDOWS\vr_sys.dll
CRE c:\winld32.dll
DEL HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050614
DEL HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050614\CacheLimit
DEL HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050614\CacheOptions
DEL HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050614\CachePath
DEL HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050614\CachePrefix
DEL HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050614\CacheRepair
DEL HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061820050619
DEL HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061820050619\CacheLimit
DEL HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061820050619\CacheOptions
DEL HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061820050619\CachePath
DEL HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061820050619\CachePrefix
DEL HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061820050619\CacheRepair
DEL HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Start
DEL HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Start
DEL HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050614
DEL HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050614\CacheLimit
DEL HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050614\CacheOptions
DEL HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050614\CachePath
DEL HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050614\CachePrefix
DEL HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061320050614\CacheRepair
DEL HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061820050619
DEL HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061820050619\CacheLimit
DEL HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061820050619\CacheOptions
DEL HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061820050619\CachePath
DEL HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061820050619\CachePrefix
DEL HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005061820050619\CacheRepair
DEL c:\Documents and Settings\Roger\Lokala inställningar\Tidigare\History.IE5\MSHist012005061320050614
DEL c:\Documents and Settings\Roger\Lokala inställningar\Tidigare\History.IE5\MSHist012005061320050614\index.dat
DEL c:\Documents and Settings\Roger\Lokala inställningar\Tidigare\History.IE5\MSHist012005061820050619
DEL c:\Documents and Settings\Roger\Lokala inställningar\Tidigare\History.IE5\MSHist012005061820050619\index.dat
MOD HKEY_CLASSES_ROOT\exefile\shell\open\command\
MOD HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\GeneralFlags
MOD HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General\ComponentsPositioned
MOD HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General\WallpaperFileTime
MOD HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General\WallpaperLocalFileTime
MOD HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
MOD HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\MRUList
MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\MRUList
MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\d
MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\e
MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\f
MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}\Enum\Implementing
MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}\Enum\Implementing
MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FaultCount
MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FaultTime
MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.log\OpenWithList\MRUList
MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{ba2c906e-d9f1-11d9-a20c-806d6172696f}\Generation
MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{ba2c906f-d9f1-11d9-a20c-806d6172696f}\Generation
MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{ba2c9071-d9f1-11d9-a20c-806d6172696f}\Generation
MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\MRUListEx
MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\StartMenu_Balloon_Time
MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count\HRZR_PGYFRFFVBA
MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU
MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz\Rgurerny\_ehargu.ong
MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz\Vagrearg Rkcybere\vrkcyber.rkr
MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz\uwg\UvwnpxGuvf.rkr
MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\Flfgrz32\ABGRCNQ.RKR
MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY
MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Rgurerny
MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:::{2559N1S4-21Q7-11Q4-OQNS-00P04S60O9S0}
MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Webcheck\Store.1\{D26A1FFC-6DF3-01C5-0000-000065D83D88}\ActualSizeKB
MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Webcheck\Store.1\{D26A1FFC-6DF3-01C5-0000-000065D83D88}\DesktopComponent
MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Webcheck\Store.1\{D26A1FFC-6DF3-01C5-0000-000065D83D88}\Name
MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Webcheck\Store.1\{D26A1FFC-6DF3-01C5-0000-000065D83D88}\RecurseFlags
MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Webcheck\Store.1\{D26A1FFC-6DF3-01C5-0000-000065D83D88}\URL
MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\BagMRU\MRUListEx
MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\BagMRU\NodeSlots
MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\3\Shell\WinPos800x600(1).bottom
MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\3\Shell\WinPos800x600(1).left
MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\3\Shell\WinPos800x600(1).right
MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\3\Shell\WinPos800x600(1).top
MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\8\Shell\ShowCmd
MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\8\Shell\WFlags
MOD HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Bags\1\Desktop\ColInfo
MOD HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\
MOD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed
MOD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\ID
MOD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MOD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL
MOD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Local Page
MOD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
MOD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
MOD HKEY_LOCAL_MACHINE\SOFTWARE\Soeperman Enterprises Ltd.\HijackThis\WinHeight
MOD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceCurrent\
MOD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Parameters\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}
MOD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Sources
MOD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\LeaseObtainedTime
MOD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\LeaseTerminatesTime
MOD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\T1
MOD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\T2
MOD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\Parameters\Tcpip\LeaseObtainedTime
MOD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\Parameters\Tcpip\LeaseTerminatesTime
MOD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\Parameters\Tcpip\T1
MOD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\Parameters\Tcpip\T2
MOD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceCurrent\
MOD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}
MOD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Sources
MOD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\LeaseObtainedTime
MOD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\LeaseTerminatesTime
MOD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\T1
MOD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\T2
MOD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\Parameters\Tcpip\LeaseObtainedTime
MOD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\Parameters\Tcpip\LeaseTerminatesTime
MOD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\Parameters\Tcpip\T1
MOD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{BC24B697-4C1E-4D3C-89B7-B171BA2A583F}\Parameters\Tcpip\T2
MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Internet Explorer\Desktop\Components\GeneralFlags
MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Internet Explorer\Desktop\General\ComponentsPositioned
MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Internet Explorer\Desktop\General\WallpaperFileTime
MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Internet Explorer\Desktop\General\WallpaperLocalFileTime
MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Internet Explorer\Main\Local Page
MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Internet Explorer\Main\Start Page
MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\MRUList
MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\MRUList
MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\d
MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\e
MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\f
MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}\Enum\Implementing
MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}\Enum\Implementing
MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FaultCount
MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FaultTime
MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.log\OpenWithList\MRUList
MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{ba2c906e-d9f1-11d9-a20c-806d6172696f}\Generation
MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{ba2c906f-d9f1-11d9-a20c-806d6172696f}\Generation
MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{ba2c9071-d9f1-11d9-a20c-806d6172696f}\Generation
MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\MRUListEx
MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\StartMenu_Balloon_Time
MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count\HRZR_PGYFRFFVBA
MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU
MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz\Rgurerny\_ehargu.ong
MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz\Vagrearg Rkcybere\vrkcyber.rkr
MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz\uwg\UvwnpxGuvf.rkr
MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\Flfgrz32\ABGRCNQ.RKR
MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY
MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Rgurerny
MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:::{2559N1S4-21Q7-11Q4-OQNS-00P04S60O9S0}
MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Webcheck\Store.1\{D26A1FFC-6DF3-01C5-0000-000065D83D88}\ActualSizeKB
MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Webcheck\Store.1\{D26A1FFC-6DF3-01C5-0000-000065D83D88}\DesktopComponent
MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Webcheck\Store.1\{D26A1FFC-6DF3-01C5-0000-000065D83D88}\Name
MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Webcheck\Store.1\{D26A1FFC-6DF3-01C5-0000-000065D83D88}\RecurseFlags
MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Webcheck\Store.1\{D26A1FFC-6DF3-01C5-0000-000065D83D88}\URL
MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\MRUListEx
MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\NodeSlots
MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\3\Shell\WinPos800x600(1).bottom
MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\3\Shell\WinPos800x600(1).left
MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\3\Shell\WinPos800x600(1).right
MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\3\Shell\WinPos800x600(1).top
MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\8\Shell\ShowCmd
MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\8\Shell\WFlags
MOD HKEY_USERS\S-1-5-21-1229272821-413027322-839522115-1003\Software\Microsoft\Windows\Shell\Bags\1\Desktop\ColInfo
MOD c:\
MOD c:\Documents and Settings\Roger\Application Data
MOD c:\Documents and Settings\Roger\Application Data\Ethereal\recent
MOD c:\Documents and Settings\Roger\Application Data\Microsoft\Internet Explorer\Desktop.htt
MOD c:\Documents and Settings\Roger\Cookies
MOD c:\Documents and Settings\Roger\Cookies\index.dat
MOD c:\Documents and Settings\Roger\Lokala inställningar\Temp
MOD c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\492F49EJ
MOD c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\8XMJGLIZ
MOD c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\C12FS9AV
MOD c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\KHYB4HUB
MOD c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat
MOD c:\Documents and Settings\Roger\Lokala inställningar\Tidigare\History.IE5
MOD c:\Documents and Settings\Roger\Lokala inställningar\Tidigare\History.IE5\index.dat
MOD c:\Documents and Settings\Roger\Mina dokument
MOD c:\Documents and Settings\Roger\NTUSER.DAT.LOG
MOD c:\Documents and Settings\Roger\Recent
MOD c:\Program\Ethereal
MOD c:\Program\Ethereal\snmp\mibs\.index
MOD c:\Program\hjt
MOD c:\Program\systemsherlock
MOD c:\Program\systemsherlock\dump_compare_copy.bat
MOD c:\WINDOWS
MOD c:\WINDOWS\Prefetch
MOD c:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf
MOD c:\WINDOWS\Prefetch\ETHEREAL.EXE-0D6AF674.pf
MOD c:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf
MOD c:\WINDOWS\Prefetch\HIJACKTHIS.EXE-06DDFE72.pf
MOD c:\WINDOWS\Prefetch\IEXPLORE.EXE-350E1020.pf
MOD c:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf
MOD c:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf
MOD c:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf
MOD c:\WINDOWS\Prefetch\SED.EXE-07C7F123.pf
MOD c:\WINDOWS\Prefetch\SYSTEMSHERLOCK.EXE-3ABE9B82.pf
MOD c:\WINDOWS\system32
MOD c:\WINDOWS\system32\config
MOD c:\WINDOWS\system32\config\software.LOG
MOD c:\WINDOWS\system32\config\system
MOD c:\WINDOWS\system32\config\system.LOG
MOD c:\WINDOWS\system32\drivers\etc
MOD c:\WINDOWS\system32\drivers\etc\hosts
MOD c:\WINDOWS\system32\wbem\Logs\wbemess.log
Compare finished.