Monitored program
LH-setup3.17
Monitored on
2009-6-10 23:25:09
Monitored program path
"D:\Desktop\LH-setup3.17.exe"
Pre-install snapshot name
2009-6-10 23:20:34
Post-install snapshot name
2009-6-10 23:24:57
Compare profile name
Default
Detected changes
File system
Folders created : 5
Folders deleted : 0
Files created : 110
Files deleted : 0
Files modified : 1
Size : 20.52 MB
Registry
Keys created : 91
Keys deleted : 0
Values created : 126
Values deleted : 1
Values modified : 30
Size : 9.36 KB
Log file name
C:\Documents and Settings\All Users\Application Data\Martau\Total Uninstall 5\Monitored Programs\LH-setup3.17.tun
File system details [View: Created items] (Selection)
-----------------------------------------------------
(FOLDER) C:\WINDOWS
(+)(FILE) CardLib.dll = 2004-11-23 9:21, 352313 bytes
(+)(FILE) CImage.dll = 2009-3-24 10:21, 126976 bytes
(+)(FILE) cximage.dll = 2006-4-12 19:44, 774144 bytes
(+)(FILE) dbfilter.dll = 2009-5-22 13:47, 57344 bytes
(+)(FILE) dbServ.dll = 2008-6-24 20:03, 53248 bytes
(+)(FILE) Handler.dll = 2008-10-7 12:05, 684032 bytes
(+)(FILE) HASrv.dll = 2008-6-26 11:59, 65536 bytes
(+)(FILE) HncEng.exe = 2008-6-7 20:08, 86016 bytes
(+)(FILE) HncEngPS.dll = 2006-4-7 17:04, 69632 bytes
(+)(FILE) image.dat = 2003-9-22 16:03, 305 bytes
(+)(FILE) image1.dat = 2003-9-7 14:32, 597 bytes
(+)(FILE) InjLib32.dll = 2008-6-19 18:55, 61440 bytes
(+)(FILE) kwimage.dll = 2008-12-17 10:39, 774144 bytes
(+)(FILE) kwselectinfopp.dll = 2008-7-31 11:00, 672 bytes
(+)(FILE) MPSvcC.exe = 2009-3-10 15:40, 69632 bytes
(+)(FILE) MPSvcDll.dll = 2009-2-5 15:33, 32768 bytes
(+)(FILE) MPSvcPS.dll = 2009-2-5 15:33, 49152 bytes
(+)(FILE) SentenceObj.dll = 2006-8-11 15:33, 544768 bytes
(+)(FILE) Surfgd.dll = 2009-4-24 15:59, 126976 bytes
(+)(FILE) vnew.bmp = 2009-5-22 10:46, 4 bytes
(+)(FILE) xstring.s2g = 2009-4-29 17:29, 8730 bytes
(+)(FOLDER) C:\WINDOWS\drivrs
(FOLDER) C:\WINDOWS\Help
(+)(FILE) kw.chm = 2009-3-25 9:25, 2203319 bytes
(FOLDER) C:\WINDOWS\HNCLIB
(+)(FILE) FalunWord.lib = 2009-5-12 16:36, 5564613 bytes
(+)(FOLDER) C:\WINDOWS\images
(FOLDER) C:\WINDOWS\log
(+)(FILE) desktop.ini = 2006-9-6 19:14, 65 bytes
(+)(FOLDER) C:\WINDOWS\scrsnap
(FOLDER) C:\WINDOWS\snap
(+)(FILE) desktop.ini = 2006-9-6 19:14, 65 bytes
(FOLDER) C:\WINDOWS\SysWOW64
(+)(FILE) 1.urf = 2005-12-13 14:15, 46274 bytes
(+)(FILE) 2.urf = 2005-12-13 13:07, 52454 bytes
(+)(FILE) 3.urf = 2005-12-13 13:36, 42663 bytes
(+)(FILE) 4.urf = 2005-12-13 14:03, 34774 bytes
(+)(FILE) 5.urf = 2005-12-13 14:23, 25007 bytes
(+)(FILE) 6.urf = 2005-12-13 12:24, 22803 bytes
(+)(FILE) 7.urf = 2005-12-13 13:59, 31725 bytes
(+)(FILE) adwapp.dat = 2009-4-27 19:26, 223572 bytes
(+)(FILE) adwfil.dat = 2007-12-13 17:00, 71634 bytes
(+)(FILE) appface.dll = 2005-12-9 9:07, 258560 bytes
(+)(FILE) auctfil.dat = 2006-9-8 10:49, 7642 bytes
(+)(FILE) bnrfil.dat = 2006-9-8 10:49, 100 bytes
(+)(FILE) bsnlst.dat = 2006-9-8 10:49, 400 bytes
(+)(FILE) chtfil.dat = 2006-9-8 10:49, 10906 bytes
(+)(FILE) csnews.dat = 2006-9-8 10:49, 1780 bytes
(+)(FILE) cultfil.dat = 2006-9-8 10:49, 1830 bytes
(+)(FILE) entfil.dat = 2006-9-8 10:49, 12422 bytes
(+)(FILE) filtport.dat = 2005-7-11 16:18, 33 bytes
(+)(FILE) FImage.dll = 2008-6-15 21:25, 40960 bytes
(+)(FILE) finfil.dat = 2006-9-8 10:49, 13146 bytes
(+)(FILE) fmfil.dat = 2006-9-8 10:49, 11338 bytes
(+)(FILE) fshrfil.dat = 2006-9-8 10:49, 1486 bytes
(+)(FILE) gblfil.dat = 2006-9-8 10:49, 13070 bytes
(+)(FILE) gdwfil.dat = 2006-9-8 10:49, 1482 bytes
(+)(FILE) gn.exe = 2009-4-14 14:12, 2117632 bytes
(+)(FILE) gnfil.dat = 2006-9-8 10:49, 9770 bytes
(+)(FILE) hatfil.dat = 2006-9-8 10:49, 4370 bytes
(+)(FILE) iawfil.dat = 2006-9-8 10:49, 5166 bytes
(+)(FILE) imgfil.dat = 2006-9-8 10:49, 850 bytes
(+)(FILE) IPGate.dll = 2007-12-15 20:12, 65536 bytes
(+)(FILE) jbfil.dat = 2006-9-8 10:49, 8652 bytes
(+)(FILE) kwdata.exe = 2009-3-24 9:46, 208896 bytes
(+)(FILE) lgwfil.dat = 2006-9-8 10:49, 2756 bytes
(+)(FILE) looklog.exe = 2009-4-14 14:13, 241664 bytes
(+)(FILE) lookpic.exe = 2009-4-14 14:07, 233472 bytes
(+)(FILE) movfil.dat = 2006-9-8 10:49, 7778 bytes
(+)(FILE) mp3fil.dat = 2006-9-8 10:49, 670 bytes
(+)(FILE) nvgamfil.dat = 2006-9-8 10:49, 17388 bytes
(+)(FILE) perfil.dat = 2006-9-8 10:49, 22390 bytes
(+)(FILE) picsfil.dat = 2006-9-8 10:49, 306 bytes
(+)(FILE) pkmon.dat = 2006-9-8 10:49, 9634 bytes
(+)(FILE) popfil.dat = 2006-9-8 10:49, 16746 bytes
(+)(FILE) poppo.dll = 2008-6-25 11:03, 856064 bytes
(+)(FILE) psyfil.dat = 2006-9-8 10:49, 12730 bytes
(+)(FILE) RunAfterSetup.exe = 2009-5-22 14:41, 131072 bytes
(+)(FILE) sporfil.dat = 2006-9-8 10:49, 12266 bytes
(+)(FILE) swfil.dat = 2006-9-8 10:49, 6830 bytes
(+)(FILE) sys.dat = 2007-12-17 11:55, 268 bytes
(+)(FILE) sysEx.dat = 2006-5-31 11:29, 32 bytes
(+)(FILE) tafil.dat = 2006-9-8 10:49, 14712 bytes
(+)(FILE) tapfil.dat = 2006-9-8 10:49, 1462 bytes
(+)(FILE) TrustUrl.dat = 2009-4-27 18:21, 28636 bytes
(+)(FILE) Update.exe = 2009-4-29 17:22, 204800 bytes
(+)(FILE) vgamfil.dat = 2006-9-8 10:49, 5782 bytes
(+)(FILE) viofil.dat = 2006-9-8 10:49, 4084 bytes
(+)(FILE) wfile.dat = 2008-8-6 13:29, 260 bytes
(+)(FILE) wfileu.dat = 2006-1-14 0:54, 4504 bytes
(+)(FILE) win2kspi.reg = 2006-8-30 0:27, 147808 bytes
(+)(FILE) Win98Spi.reg = 2006-8-30 11:35, 19432 bytes
(+)(FILE) winvista.reg = 2007-12-17 9:33, 98300 bytes
(+)(FILE) winxpSpi.reg = 2008-8-1 14:39, 100862 bytes
(+)(FILE) wrestfil.dat = 2006-9-8 10:49, 6050 bytes
(+)(FILE) wzfil.dat = 2006-9-8 10:49, 2246 bytes
(+)(FILE) x100.dat = 2006-3-6 17:50, 302 bytes
(+)(FILE) x100.jpg = 2008-5-24 21:24, 113749 bytes
(+)(FILE) x200.dat = 2006-3-7 9:42, 154 bytes
(+)(FILE) x200.jpg = 2008-6-1 11:20, 146179 bytes
(+)(FILE) x300.dat = 2006-3-7 9:42, 77 bytes
(+)(FILE) x300.jpg = 2007-4-26 14:06, 62885 bytes
(+)(FILE) x400.dat = 2006-3-7 9:42, 124 bytes
(+)(FILE) x400.jpg = 2008-5-24 21:37, 78355 bytes
(+)(FILE) x500.jpg = 2008-5-24 21:11, 105880 bytes
(+)(FILE) x600.jpg = 2008-5-26 10:22, 124604 bytes
(+)(FILE) xabout.dat = 2006-1-19 11:14, 428 bytes
(+)(FILE) xconfigs.dat = 2007-12-17 11:55, 268 bytes
(+)(FILE) xcore.dll = 2006-10-30 10:36, 876602 bytes
(+)(FILE) Xcv.dll = 2006-10-30 10:36, 602166 bytes
(+)(FILE) XDaemon.exe = 2009-5-31 13:24, 221184 bytes
(+)(FILE) XFimage.xml = 2006-10-30 9:02, 858866 bytes
(+)(FILE) XNet2.exe = 2009-5-22 18:01, 667648 bytes
(+)(FILE) xnet2_lang.ini = 2008-9-22 15:36, 6810 bytes
(+)(FILE) Xtool.dll = 2006-10-30 10:36, 385083 bytes
(+)(FILE) xwordh.dat = 2006-1-14 0:54, 1644 bytes
(+)(FILE) xwordl.dat = 2006-1-14 0:54, 1146 bytes
(+)(FILE) xwordm.dat = 2007-12-15 23:40, 1108 bytes
(+)(FOLDER) C:\WINDOWS\SysWOW64\images
(+)(FOLDER) C:\WINDOWS\SysWOW64\sysdir
Registry details [View: Created items] (Selection)
--------------------------------------------------
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{56835A03-3BAA-49F0-BA6E-8EEFD6D62991}
(+)(REG VAL) (Default) = "MsPowerSvc"
(+)(REG VAL) LocalService = "MsPowerSvc"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{FC7E85B1-FB3F-4D78-AA2F-EC5EEFBFAB75}
(+)(REG VAL) (Default) = "280D4C48-4FA2-4274-ACEC-1582EFA5DA7D"
(+)(REG VAL) LocalService = "280D4C48-4FA2-4274-ACEC-1582EFA5DA7D"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56835A03-3BAA-49F0-BA6E-8EEFD6D62991}
(+)(REG VAL) (Default) = "MsPowerSvc"
(+)(REG VAL) AppID = "{56835A03-3BAA-49F0-BA6E-8EEFD6D62991}"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC7E85B1-FB3F-4D78-AA2F-EC5EEFBFAB75}
(+)(REG VAL) (Default) = "HNC Engine Service"
(+)(REG VAL) AppID = "{FC7E85B1-FB3F-4D78-AA2F-EC5EEFBFAB75}"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{19292342-2D7D-4FF9-B65E-14B4796DF217}
(+)(REG VAL) (Default) = "IEngineKeyData"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{19292342-2D7D-4FF9-B65E-14B4796DF217}\NumMethods
(+)(REG VAL) (Default) = "4"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{19292342-2D7D-4FF9-B65E-14B4796DF217}\ProxyStubClsid32
(+)(REG VAL) (Default) = "{19292342-2D7D-4FF9-B65E-14B4796DF217}"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{56835A03-3BAA-49F0-BA6E-8EEFD6D62960}
(+)(REG VAL) (Default) = "IMsPowerSvc"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{56835A03-3BAA-49F0-BA6E-8EEFD6D62960}\NumMethods
(+)(REG VAL) (Default) = "22"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{56835A03-3BAA-49F0-BA6E-8EEFD6D62960}\ProxyStubClsid32
(+)(REG VAL) (Default) = "{56835A03-3BAA-49F0-BA6E-8EEFD6D62960}"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD3FAED2-92E8-4486-8955-BFAFB3742B6B}
(+)(REG VAL) (Default) = "IHncEng"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD3FAED2-92E8-4486-8955-BFAFB3742B6B}\NumMethods
(+)(REG VAL) (Default) = "9"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD3FAED2-92E8-4486-8955-BFAFB3742B6B}\ProxyStubClsid32
(+)(REG VAL) (Default) = "{19292342-2D7D-4FF9-B65E-14B4796DF217}"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD3FAED2-92E8-4486-8955-BFAFB3742B6C}
(+)(REG VAL) (Default) = "IHncEng2"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD3FAED2-92E8-4486-8955-BFAFB3742B6C}\NumMethods
(+)(REG VAL) (Default) = "10"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD3FAED2-92E8-4486-8955-BFAFB3742B6C}\ProxyStubClsid32
(+)(REG VAL) (Default) = "{19292342-2D7D-4FF9-B65E-14B4796DF217}"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD3FAED2-92E8-4486-8955-BFAFB3742B6D}
(+)(REG VAL) (Default) = "IHncEng3"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD3FAED2-92E8-4486-8955-BFAFB3742B6D}\NumMethods
(+)(REG VAL) (Default) = "11"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD3FAED2-92E8-4486-8955-BFAFB3742B6D}\ProxyStubClsid32
(+)(REG VAL) (Default) = "{19292342-2D7D-4FF9-B65E-14B4796DF217}"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD3FAED2-92E8-4486-8955-BFAFB3742B6E}
(+)(REG VAL) (Default) = "IHncEng4"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD3FAED2-92E8-4486-8955-BFAFB3742B6E}\NumMethods
(+)(REG VAL) (Default) = "12"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD3FAED2-92E8-4486-8955-BFAFB3742B6E}\ProxyStubClsid32
(+)(REG VAL) (Default) = "{19292342-2D7D-4FF9-B65E-14B4796DF217}"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EF5AF0D3-40D1-4741-A399-873EB6FF0BA7}
(+)(REG VAL) (Default) = "IEnumEngineKeyData"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EF5AF0D3-40D1-4741-A399-873EB6FF0BA7}\NumMethods
(+)(REG VAL) (Default) = "7"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EF5AF0D3-40D1-4741-A399-873EB6FF0BA7}\ProxyStubClsid32
(+)(REG VAL) (Default) = "{19292342-2D7D-4FF9-B65E-14B4796DF217}"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{56835A03-3BAA-49F0-BA6E-8EEFD6D62991}
(+)(REG VAL) (Default) = "MsPowerSvc"
(+)(REG VAL) LocalService = "MsPowerSvc"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{FC7E85B1-FB3F-4D78-AA2F-EC5EEFBFAB75}
(+)(REG VAL) (Default) = "280D4C48-4FA2-4274-ACEC-1582EFA5DA7D"
(+)(REG VAL) LocalService = "280D4C48-4FA2-4274-ACEC-1582EFA5DA7D"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19292342-2D7D-4FF9-B65E-14B4796DF217}
(+)(REG VAL) (Default) = "PSFactoryBuffer"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19292342-2D7D-4FF9-B65E-14B4796DF217}\InProcServer32
(+)(REG VAL) (Default) = "C:\WINDOWS\hncengps.dll"
(+)(REG VAL) ThreadingModel = "Both"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{56835A03-3BAA-49F0-BA6E-8EEFD6D62960}
(+)(REG VAL) (Default) = "PSFactoryBuffer"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{56835A03-3BAA-49F0-BA6E-8EEFD6D62960}\InProcServer32
(+)(REG VAL) (Default) = "C:\WINDOWS\MPSvcPS.dll"
(+)(REG VAL) ThreadingModel = "Both"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{56835A03-3BAA-49F0-BA6E-8EEFD6D62991}
(+)(REG VAL) (Default) = "MsPowerSvc"
(+)(REG VAL) AppID = "{56835A03-3BAA-49F0-BA6E-8EEFD6D62991}"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FC7E85B1-FB3F-4D78-AA2F-EC5EEFBFAB75}
(+)(REG VAL) (Default) = "HNC Engine Service"
(+)(REG VAL) AppID = "{FC7E85B1-FB3F-4D78-AA2F-EC5EEFBFAB75}"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{19292342-2D7D-4FF9-B65E-14B4796DF217}
(+)(REG VAL) (Default) = "IEngineKeyData"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{19292342-2D7D-4FF9-B65E-14B4796DF217}\NumMethods
(+)(REG VAL) (Default) = "4"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{19292342-2D7D-4FF9-B65E-14B4796DF217}\ProxyStubClsid32
(+)(REG VAL) (Default) = "{19292342-2D7D-4FF9-B65E-14B4796DF217}"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{56835A03-3BAA-49F0-BA6E-8EEFD6D62960}
(+)(REG VAL) (Default) = "IMsPowerSvc"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{56835A03-3BAA-49F0-BA6E-8EEFD6D62960}\NumMethods
(+)(REG VAL) (Default) = "22"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{56835A03-3BAA-49F0-BA6E-8EEFD6D62960}\ProxyStubClsid32
(+)(REG VAL) (Default) = "{56835A03-3BAA-49F0-BA6E-8EEFD6D62960}"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DD3FAED2-92E8-4486-8955-BFAFB3742B6B}
(+)(REG VAL) (Default) = "IHncEng"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DD3FAED2-92E8-4486-8955-BFAFB3742B6B}\NumMethods
(+)(REG VAL) (Default) = "9"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DD3FAED2-92E8-4486-8955-BFAFB3742B6B}\ProxyStubClsid32
(+)(REG VAL) (Default) = "{19292342-2D7D-4FF9-B65E-14B4796DF217}"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DD3FAED2-92E8-4486-8955-BFAFB3742B6C}
(+)(REG VAL) (Default) = "IHncEng2"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DD3FAED2-92E8-4486-8955-BFAFB3742B6C}\NumMethods
(+)(REG VAL) (Default) = "10"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DD3FAED2-92E8-4486-8955-BFAFB3742B6C}\ProxyStubClsid32
(+)(REG VAL) (Default) = "{19292342-2D7D-4FF9-B65E-14B4796DF217}"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DD3FAED2-92E8-4486-8955-BFAFB3742B6D}
(+)(REG VAL) (Default) = "IHncEng3"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DD3FAED2-92E8-4486-8955-BFAFB3742B6D}\NumMethods
(+)(REG VAL) (Default) = "11"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DD3FAED2-92E8-4486-8955-BFAFB3742B6D}\ProxyStubClsid32
(+)(REG VAL) (Default) = "{19292342-2D7D-4FF9-B65E-14B4796DF217}"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DD3FAED2-92E8-4486-8955-BFAFB3742B6E}
(+)(REG VAL) (Default) = "IHncEng4"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DD3FAED2-92E8-4486-8955-BFAFB3742B6E}\NumMethods
(+)(REG VAL) (Default) = "12"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DD3FAED2-92E8-4486-8955-BFAFB3742B6E}\ProxyStubClsid32
(+)(REG VAL) (Default) = "{19292342-2D7D-4FF9-B65E-14B4796DF217}"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{EF5AF0D3-40D1-4741-A399-873EB6FF0BA7}
(+)(REG VAL) (Default) = "IEnumEngineKeyData"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{EF5AF0D3-40D1-4741-A399-873EB6FF0BA7}\NumMethods
(+)(REG VAL) (Default) = "7"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{EF5AF0D3-40D1-4741-A399-873EB6FF0BA7}\ProxyStubClsid32
(+)(REG VAL) (Default) = "{19292342-2D7D-4FF9-B65E-14B4796DF217}"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{56835A03-3BAA-49F0-BA6E-8EEFD6D62991}
(+)(REG VAL) (Default) = "MsPowerSvc"
(+)(REG VAL) LocalService = "MsPowerSvc"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{FC7E85B1-FB3F-4D78-AA2F-EC5EEFBFAB75}
(+)(REG VAL) (Default) = "280D4C48-4FA2-4274-ACEC-1582EFA5DA7D"
(+)(REG VAL) LocalService = "280D4C48-4FA2-4274-ACEC-1582EFA5DA7D"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{19292342-2D7D-4FF9-B65E-14B4796DF217}
(+)(REG VAL) (Default) = "PSFactoryBuffer"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{19292342-2D7D-4FF9-B65E-14B4796DF217}\InProcServer32
(+)(REG VAL) (Default) = "C:\WINDOWS\hncengps.dll"
(+)(REG VAL) ThreadingModel = "Both"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{56835A03-3BAA-49F0-BA6E-8EEFD6D62960}
(+)(REG VAL) (Default) = "PSFactoryBuffer"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{56835A03-3BAA-49F0-BA6E-8EEFD6D62960}\InProcServer32
(+)(REG VAL) (Default) = "C:\WINDOWS\MPSvcPS.dll"
(+)(REG VAL) ThreadingModel = "Both"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{56835A03-3BAA-49F0-BA6E-8EEFD6D62991}
(+)(REG VAL) (Default) = "MsPowerSvc"
(+)(REG VAL) AppID = "{56835A03-3BAA-49F0-BA6E-8EEFD6D62991}"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{FC7E85B1-FB3F-4D78-AA2F-EC5EEFBFAB75}
(+)(REG VAL) (Default) = "HNC Engine Service"
(+)(REG VAL) AppID = "{FC7E85B1-FB3F-4D78-AA2F-EC5EEFBFAB75}"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{19292342-2D7D-4FF9-B65E-14B4796DF217}
(+)(REG VAL) (Default) = "IEngineKeyData"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{19292342-2D7D-4FF9-B65E-14B4796DF217}\NumMethods
(+)(REG VAL) (Default) = "4"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{19292342-2D7D-4FF9-B65E-14B4796DF217}\ProxyStubClsid32
(+)(REG VAL) (Default) = "{19292342-2D7D-4FF9-B65E-14B4796DF217}"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{56835A03-3BAA-49F0-BA6E-8EEFD6D62960}
(+)(REG VAL) (Default) = "IMsPowerSvc"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{56835A03-3BAA-49F0-BA6E-8EEFD6D62960}\NumMethods
(+)(REG VAL) (Default) = "22"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{56835A03-3BAA-49F0-BA6E-8EEFD6D62960}\ProxyStubClsid32
(+)(REG VAL) (Default) = "{56835A03-3BAA-49F0-BA6E-8EEFD6D62960}"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{DD3FAED2-92E8-4486-8955-BFAFB3742B6B}
(+)(REG VAL) (Default) = "IHncEng"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{DD3FAED2-92E8-4486-8955-BFAFB3742B6B}\NumMethods
(+)(REG VAL) (Default) = "9"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{DD3FAED2-92E8-4486-8955-BFAFB3742B6B}\ProxyStubClsid32
(+)(REG VAL) (Default) = "{19292342-2D7D-4FF9-B65E-14B4796DF217}"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{DD3FAED2-92E8-4486-8955-BFAFB3742B6C}
(+)(REG VAL) (Default) = "IHncEng2"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{DD3FAED2-92E8-4486-8955-BFAFB3742B6C}\NumMethods
(+)(REG VAL) (Default) = "10"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{DD3FAED2-92E8-4486-8955-BFAFB3742B6C}\ProxyStubClsid32
(+)(REG VAL) (Default) = "{19292342-2D7D-4FF9-B65E-14B4796DF217}"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{DD3FAED2-92E8-4486-8955-BFAFB3742B6D}
(+)(REG VAL) (Default) = "IHncEng3"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{DD3FAED2-92E8-4486-8955-BFAFB3742B6D}\NumMethods
(+)(REG VAL) (Default) = "11"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{DD3FAED2-92E8-4486-8955-BFAFB3742B6D}\ProxyStubClsid32
(+)(REG VAL) (Default) = "{19292342-2D7D-4FF9-B65E-14B4796DF217}"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{DD3FAED2-92E8-4486-8955-BFAFB3742B6E}
(+)(REG VAL) (Default) = "IHncEng4"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{DD3FAED2-92E8-4486-8955-BFAFB3742B6E}\NumMethods
(+)(REG VAL) (Default) = "12"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{DD3FAED2-92E8-4486-8955-BFAFB3742B6E}\ProxyStubClsid32
(+)(REG VAL) (Default) = "{19292342-2D7D-4FF9-B65E-14B4796DF217}"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{EF5AF0D3-40D1-4741-A399-873EB6FF0BA7}
(+)(REG VAL) (Default) = "IEnumEngineKeyData"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{EF5AF0D3-40D1-4741-A399-873EB6FF0BA7}\NumMethods
(+)(REG VAL) (Default) = "7"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{EF5AF0D3-40D1-4741-A399-873EB6FF0BA7}\ProxyStubClsid32
(+)(REG VAL) (Default) = "{19292342-2D7D-4FF9-B65E-14B4796DF217}"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KingWay
(+)(REG VAL) K1U = ""
(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
(+)(REG VAL) Xnet2 = "xnet2.exe"
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\xnet2
(+)(REG VAL) PASSWORD = ""
(+)(REG VAL) usecard = 0
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version
(+)(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\280D4C48-4FA2-4274-ACEC-1582EFA5DA7D
(+)(REG VAL) DisplayName = "HNC Engine Service"
(+)(REG VAL) ErrorControl = 1
(+)(REG VAL) ImagePath = "C:\WINDOWS\hnceng.exe"
(+)(REG VAL) ObjectName = "LocalSystem"
(+)(REG VAL) Start = 3
(+)(REG VAL) Type = 272
(+)(REG VAL) WOW64 = 1
(+)(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\280D4C48-4FA2-4274-ACEC-1582EFA5DA7D\Security
(+)(REG VAL) Security = ................0........................................................................... ... ............................................................................... ...#...........................
(+)(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsPowerSvc
(+)(REG VAL) DisplayName = "MsPowerSvc"
(+)(REG VAL) ErrorControl = 1
(+)(REG VAL) ImagePath = "C:\WINDOWS\MPSvcC.exe"
(+)(REG VAL) ObjectName = "LocalSystem"
(+)(REG VAL) Start = 3
(+)(REG VAL) Type = 272
(+)(REG VAL) WOW64 = 1
(+)(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsPowerSvc\Security
(+)(REG VAL) Security = ................0........................................................................... ... ............................................................................... ...#...........................
(+)(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\DBFILTER
(+)(REG VAL) 1001 = "%SystemRoot%\system32\mswsock.dll"
(+)(REG VAL) 1002 = "%SystemRoot%\system32\mswsock.dll"
(+)(REG VAL) 1003 = "%SystemRoot%\system32\mswsock.dll"
(+)(REG VAL) 1004 = "%SystemRoot%\system32\mswsock.dll"
(+)(REG VAL) 1005 = "%SystemRoot%\system32\mswsock.dll"
(+)(REG VAL) DBFilterHook = "C:\WINDOWS\SurfGd.dll"
(+)(REG VAL) DBFilterPathName = "C:\WINDOWS\DBFilter.dll"
人生的目的只有两件事:第一,得到你想要的;第二,得到之后就去享受它。
但是只有最聪明的人才能做到第二点。
我的话很重要,你们一定要反复理解,直到弄不明白为止!
| -ICP -IDC -ISP |