WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding. If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Logfile created on: 2006-10-13 15:52:05 WinPFind v1.5.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop\Viral\WinPFind\ Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) Internet Explorer (Version = 6.0.2900.2180) »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»» Checking %SystemDrive% folder... Checking %ProgramFilesDir% folder... Checking %WinDir% folder... UPX! 1999-12-21 8:58:02 21312 C:\WINDOWS\choice.exe () Checking %System% folder... aspack 2005-3-18 17:19:58 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll (Microsoft Corporation) aspack 2005-5-26 15:34:52 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll (Microsoft Corporation) aspack 2005-7-22 19:59:04 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll (Microsoft Corporation) aspack 2005-12-5 18:09:18 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll (Microsoft Corporation) PEC2 2004-8-9 22:00:00 41397 C:\WINDOWS\SYSTEM32\dfrg.msc () PEC2 2006-6-15 14:55:04 620180 C:\WINDOWS\SYSTEM32\DivX.dll (DivX, Inc.) PECompact2 2006-6-15 14:55:04 620180 C:\WINDOWS\SYSTEM32\DivX.dll (DivX, Inc.) PTech 2006-6-19 16:19:42 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation) PECompact2 2006-10-4 13:03:46 9639336 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation) aspack 2006-10-4 13:03:46 9639336 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation) WSUD 2004-8-9 22:00:00 1200128 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation) aspack 2004-8-10 12:00:00 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation) WSUD 2004-8-9 22:00:00 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation) Umonitor 2004-8-9 22:00:00 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation) winsync 2004-8-9 22:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu () PTech 2006-6-19 16:19:26 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe (Microsoft Corporation) WSUD 2006-5-9 22:26:34 7706112 C:\WINDOWS\SYSTEM32\wmploc.dll (Microsoft Corporation) Checking %System%\Drivers folder and sub-folders... Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts Checking the Windows folder and sub-folders for system and hidden files within the last 60 days... 2006-10-13 15:48:36 S 2048 C:\WINDOWS\bootstat.dat () 2006-8-25 20:14:14 H 0 C:\WINDOWS\inf\oem75.inf () 2006-8-21 6:00:10 S 11749 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB922582.cat () 2006-8-16 5:30:44 S 14901 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB922819.cat () 2006-8-25 10:06:28 S 13285 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923191.cat () 2006-9-12 22:23:54 S 9435 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB924191.cat () 2006-9-3 23:38:52 S 11223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB924496.cat () 2006-9-18 7:40:26 S 8847 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB925486.cat () 2006-10-13 15:48:26 H 8192 C:\WINDOWS\system32\config\default.LOG () 2006-9-30 2:36:32 H 0 C:\WINDOWS\system32\config\default_TU_59413.LOG () 2006-10-13 15:48:54 H 1024 C:\WINDOWS\system32\config\SAM.LOG () 2006-9-30 2:36:32 H 0 C:\WINDOWS\system32\config\SAM_TU_14790.LOG () 2006-10-13 15:48:38 H 8192 C:\WINDOWS\system32\config\SECURITY.LOG () 2006-9-30 2:36:30 H 0 C:\WINDOWS\system32\config\SECURITY_TU_89029.LOG () 2006-10-13 15:50:32 H 61440 C:\WINDOWS\system32\config\software.LOG () 2006-9-30 2:36:30 H 0 C:\WINDOWS\system32\config\software_TU_44863.LOG () 2006-10-13 15:47:30 H 1024 C:\WINDOWS\system32\config\system.LOG () 2006-9-30 2:36:32 H 0 C:\WINDOWS\system32\config\system_TU_63693.LOG () 2006-10-10 18:58:52 H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG () 2006-9-11 17:09:46 S 18 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 () 2006-8-31 10:52:10 S 341 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8 () 2006-8-31 10:52:22 S 413 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165 () 2006-8-31 10:51:58 S 574 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\904590238400AD963F77FAAAADC9BAB5 () 2006-9-11 17:09:58 S 21083 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 () 2006-9-18 22:01:12 S 558 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD () 2006-9-11 17:09:46 S 216 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 () 2006-8-31 10:52:10 S 126 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8 () 2006-8-31 10:52:22 S 98 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165 () 2006-8-31 10:51:58 S 136 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\904590238400AD963F77FAAAADC9BAB5 () 2006-9-11 17:10:00 S 216 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 () 2006-9-18 22:01:12 S 146 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD () 2006-10-11 4:07:18 H 1024 C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG () 2006-9-25 19:15:18 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\e78b1596-ce01-4788-b3a2-6914ea5fd379 () 2006-9-25 19:15:18 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred () 2006-9-6 23:50:36 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\8b5dd6ab-db18-484d-986a-bee73d5e838d () 2006-9-6 23:50:36 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred () 2006-10-13 15:47:14 H 6 C:\WINDOWS\Tasks\SA.DAT () Checking for CPL files... 2004-8-9 22:00:00 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation) 2005-6-21 8:12:58 294912 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.) 2004-8-9 22:00:00 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation) 2004-8-9 22:00:00 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation) 2004-8-9 22:00:00 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation) 2004-8-9 22:00:00 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation) 2004-8-9 22:00:00 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation) 2004-8-9 22:00:00 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation) 2004-8-9 22:00:00 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation) 2004-8-9 22:00:00 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation) 2004-7-27 16:50:48 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl (InstallShield Software Corporation) 2004-8-9 22:00:00 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation) 2006-7-26 3:03:14 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.) 2004-8-9 22:00:00 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation) 2004-8-9 22:00:00 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation) 2004-8-9 22:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation) 2004-8-9 22:00:00 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation) 2004-8-9 22:00:00 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation) 2004-8-9 22:00:00 36864 C:\WINDOWS\SYSTEM32\nwc.cpl (Microsoft Corporation) 2004-8-9 22:00:00 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation) 2006-3-20 12:43:16 372736 C:\WINDOWS\SYSTEM32\PhysX.cpl () 2004-8-9 22:00:00 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation) 2005-5-26 7:14:48 262144 C:\WINDOWS\SYSTEM32\RTSndMgr.CPL (Realtek Semiconductor Corp.) 2004-8-9 22:00:00 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation) 2004-8-9 22:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation) 2004-8-9 22:00:00 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation) 1999-12-4 5:11:30 151552 C:\WINDOWS\SYSTEM32\UILib.cpl (Sony Corporation) 2004-8-9 22:00:00 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation) 2005-5-26 5:16:30 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation) 2004-8-9 22:00:00 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl (Microsoft Corporation) 2004-8-9 22:00:00 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl (Microsoft Corporation) 2004-8-9 22:00:00 110592 C:\WINDOWS\SYSTEM32\dllcache\bthprops.cpl (Microsoft Corporation) 2004-8-9 22:00:00 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl (Microsoft Corporation) 2004-8-9 22:00:00 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl (Microsoft Corporation) 2004-8-9 22:00:00 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl (Microsoft Corporation) 2004-8-9 22:00:00 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation) 2004-8-9 22:00:00 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl (Microsoft Corporation) 2004-8-9 22:00:00 380416 C:\WINDOWS\SYSTEM32\dllcache\irprops.cpl (Microsoft Corporation) 2004-8-9 22:00:00 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl (Microsoft Corporation) 2004-8-9 22:00:00 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation) 2004-8-9 22:00:00 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl (Microsoft Corporation) 2004-8-9 22:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation) 2004-8-9 22:00:00 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl (Microsoft Corporation) 2004-8-9 22:00:00 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl (Microsoft Corporation) 2004-8-9 22:00:00 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl (Microsoft Corporation) 2004-8-9 22:00:00 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl (Microsoft Corporation) 2004-8-9 22:00:00 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl (Microsoft Corporation) 2004-8-9 22:00:00 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl (Microsoft Corporation) 2004-8-9 22:00:00 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl (Microsoft Corporation) 2004-8-9 22:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation) 2004-8-9 22:00:00 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl (Microsoft Corporation) 2004-8-9 22:00:00 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl (Microsoft Corporation) 2005-5-26 5:16:30 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation) Checking for Downloaded Program Files... {01010E00-5E80-11D8-9E86-0007E96C65AE} - SupportSoft SmartIssue - CodeBase = http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab {01012101-5E80-11D8-9E86-0007E96C65AE} - SupportSoft Script Runner Class - CodeBase = http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab {17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204 {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - LSSupCtl Class - CodeBase = https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab {2917297F-F02B-4B9D-81DF-494B6333150B} - Minesweeper Flags Class - CodeBase = http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156487740671 {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - WScanCtl Class - CodeBase = http://www3.ca.com/securityadvisor/virusinfo/webscan.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_08 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab {9D190AE6-C81E-4039-8061-978EBAD10073} - F-Secure Online Scanner 3.0 - CodeBase = http://support.f-secure.com/ols3/fscax.cab {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - MsnMessengerSetupDownloadControl Class - CodeBase = http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - Java Plug-in 1.5.0_08 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_08 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»» Checking files in %ALLUSERSPROFILE%\Startup folder... 2006-9-3 0:08:42 1768 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk () 2005-1-28 3:41:38 HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini () 2005-10-18 8:45:22 1819 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk () 2006-5-7 22:21:14 1741 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk () Checking files in %ALLUSERSPROFILE%\Application Data folder... 2005-1-27 19:30:22 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini () 2005-10-18 8:51:00 972 C:\Documents and Settings\All Users\Application Data\hpzinstall.log () 2006-4-6 8:22:34 1385 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache () Checking files in %USERPROFILE%\Startup folder... 2005-1-28 3:41:38 HS 84 C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\desktop.ini () Checking files in %USERPROFILE%\Application Data folder... 2005-1-27 19:30:22 HS 62 C:\Documents and Settings\HP_Administrator\Application Data\desktop.ini () 2006-6-10 3:07:38 6266 C:\Documents and Settings\HP_Administrator\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log () 2006-6-9 16:55:04 200 C:\Documents and Settings\HP_Administrator\Application Data\G-Force Prefs (WindowsMediaPlayer).txt () 2006-6-10 3:41:36 0 C:\Documents and Settings\HP_Administrator\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log () 2006-3-11 22:33:54 2232 C:\Documents and Settings\HP_Administrator\Application Data\HPSU_48BitScanUpdate.log () 2006-6-10 3:41:56 34566 C:\Documents and Settings\HP_Administrator\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log () 2006-6-10 3:41:24 2577 C:\Documents and Settings\HP_Administrator\Application Data\PatchUpdate_HP_ISRegionListUpdatelog_HPSU.log () 2006-6-10 3:27:30 3009 C:\Documents and Settings\HP_Administrator\Application Data\PatchUpdate_InstantShareJPG.log () 2006-6-10 3:27:18 3846 C:\Documents and Settings\HP_Administrator\Application Data\PatchUpdate_IZClosingDiscError.log () 2006-6-10 3:06:28 131347 C:\Documents and Settings\HP_Administrator\Application Data\Update_HP_RedboxHprblog_HPSU.log () »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»» >>> Internet Explorer Settings <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main] \\Start Page - http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser \\Search Bar - http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser \\Search Page - http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser \\Default_Page_URL - http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser \\Default_Search_URL - http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser \\Local Page - %SystemRoot%\system32\blank.htm [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main] \\Start Page - http://securityresponse.symantec.com/avcenter/fix_homepage \\Search Bar - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch \\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch \\Default_Page_URL - http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser \\Default_Search_URL - http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser \\Local Page - C:\WINDOWS\system32\blank.htm [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search] \\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm \\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search] \\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] \\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation) >>> BHO's <<< [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] \{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) \{089FD14D-132B-48FC-8861-0048AE113215} - = C:\Program Files\SiteAdvisor\4144\SiteAdv.dll (McAfee, Inc.) \{9030D464-4C02-4ABF-8ECC-5164760863C6} - Windows Live Sign-in Helper = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) \{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - CNavExtBho Class = C:\Program Files\Norton AntiVirus\NavShExt.dll (Symantec Corporation) >>> Internet Explorer Bars, Toolbars and Extensions <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars] \{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] \\{0BF43445-2F28-4351-9252-17FE6E806AA0} - McAfee SiteAdvisor = C:\Program Files\SiteAdvisor\4144\SiteAdv.dll (McAfee, Inc.) \\{C4069E3A-68F1-403E-B40E-20066696354B} - Norton AntiVirus = C:\Program Files\Norton AntiVirus\NavShExt.dll (Symantec Corporation) [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar] \ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation) \ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = () \ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} - Norton AntiVirus = C:\Program Files\Norton AntiVirus\NavShExt.dll (Symantec Corporation) \WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation) \WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation) \WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} - Norton AntiVirus = C:\Program Files\Norton AntiVirus\NavShExt.dll (Symantec Corporation) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping] \\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8192 = \\NEXTID - 8197 \\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 8193 = \\{E2D4D26B-0180-43a4-B05F-462D6D54C789} - 8194 = \\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8195 = \\{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - 8196 = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions] >>> Approved Shell Extensions (Non-Microsoft Only) <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] \\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll () \\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = () \\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = () \\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc.) \\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = () \\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = () \\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = () \\{DBFB267C-334F-4F19-A304-63B7130C20C7} - MediaCenter Property Page = arpower.dll (Microsoft) \\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.) \\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.) \\{7F67036B-66F1-411A-AD85-759FB9C5B0DB} - SampleView = C:\WINDOWS\system32\ShellvRTF.dll (XSS) \\{8FF88D21-7BD0-11D1-BFB7-00AA00262A11} - WinAce Archiver 2.6 Context Menu Shell Extension = C:\Program Files\WinAce\arcext.dll (e-merge GmbH) \\{8FF88D25-7BD0-11D1-BFB7-00AA00262A11} - WinAce Archiver 2.6 DragDrop Shell Extension = C:\Program Files\WinAce\arcext.dll (e-merge GmbH) \\{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} - WinAce Archiver 2.6 Context Menu Shell Extension = C:\Program Files\WinAce\arcext.dll (e-merge GmbH) \\{8FF88D23-7BD0-11D1-BFB7-00AA00262A11} - WinAce Archiver 2.6 Property Sheet Shell Extension = C:\Program Files\WinAce\arcext.dll (e-merge GmbH) \\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll () \\ - = () \\{32020A01-506E-484D-A2A8-BE3CF17601C3} - AlcoholShellEx = () \\{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} - TuneUp Shredder Shell Context Menu Extension = "C:\Program Files\TuneUp Utilities 2006\sdshelex.dll" (TuneUp Software GmbH) \\{5E2121EE-0300-11D4-8D3B-444553540000} - Catalyst Context Menu extension = C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll () \\{7C9D5882-CB4A-4090-96C8-430BFE8B795B} - Webroot Spy Sweeper Context Menu Integration = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll (Webroot Software, Inc.) [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] >>> Context Menu Handlers (Non-Microsoft Only) <<< [HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers] \Symantec.Norton.Antivirus.IEContextMenu - {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton AntiVirus\NavShExt.dll (Symantec Corporation) \TuneUp Shredder - {00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = "C:\Program Files\TuneUp Utilities 2006\sdshelex.dll" (TuneUp Software GmbH) \WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll () \ZFAdd - {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Program Files\WinAce\arcext.dll (e-merge GmbH) [HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers] \SpySweeper - {7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll (Webroot Software, Inc.) [HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers] \TuneUp Shredder - {00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = "C:\Program Files\TuneUp Utilities 2006\sdshelex.dll" (TuneUp Software GmbH) \WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll () \ZFAdd - {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Program Files\WinAce\arcext.dll (e-merge GmbH) [HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers] \ACE - {5E2121EE-0300-11D4-8D3B-444553540000} = C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll () [HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers] \SpySweeper - {7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll (Webroot Software, Inc.) \Symantec.Norton.Antivirus.IEContextMenu - {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton AntiVirus\NavShExt.dll (Symantec Corporation) \WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll () >>> Column Handlers (Non-Microsoft Only) <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers] \{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.) >>> Registry Run Keys <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] ehTray - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) AlwaysReady Power Message APP - C:\WINDOWS\ARPWRMSG.EXE (Microsoft) RTHDCPL - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) HPHUPD08 - c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard) HPBootOp - C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company) LSBWatcher - c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe (Hewlett-Packard Company) HP Software Update - C:\Program Files\HP\HP Software Update\HPwuSchd2.exe (Hewlett-Packard Co.) EPSON Stylus CX4600 Series - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE (SEIKO EPSON CORPORATION) SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe (Sun Microsystems, Inc.) DAEMON Tools - C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.) AGEIA PhysX SysTray - C:\Program Files\AGEIA Technologies\TrayIcon.exe () MSPY2002 - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe () PHIME2002A - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) PHIME2002ASync - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) QuickTime Task - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.) iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.) ATICCC - C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.) inetinfo - C:\WINDOWS\system32\inetinfo.exe (Microsoft Corporation) ccApp - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) SpySweeper - C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.) NAV CfgWiz - C:\Program Files\Common Files\Symantec Shared\SymProbe.exe () [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] IMAIL Installed = 1 MAPI Installed = 1 MSFS Installed = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) MsnMsgr - C:\Program Files\MSN Messenger\MsnMsgr.Exe (Microsoft Corporation) EPSON Stylus CX4600 Series - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE (SEIKO EPSON CORPORATION) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run] >>> Startup Links <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini () C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup] C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\desktop.ini () >>> MSConfig Disabled Items <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state [All Users Startup Folder Disabled Items] [Current User Startup Folder Disabled Items] >>> User Agent Post Platform <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] \\SV1 - >>> AppInit Dll's <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs] >>> Image File Execution Options <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] \Your Image File Name Here without a path - Debugger = ntsd -d >>> Shell Service Object Delay Load <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] \\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation) \\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation) \\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll (Microsoft Corporation) \\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) \\WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} = C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) >>> Shell Execute Hooks <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] \\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation) >>> Shared Task Scheduler <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] \\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\system32\browseui.dll (Microsoft Corporation) \\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\system32\browseui.dll (Microsoft Corporation) >>> Winlogon <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] \\UserInit = C:\WINDOWS\SYSTEM32\Userinit.exe, \\Shell = Explorer.exe \\System = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] \AtiExtEvent - Ati2evxx.dll = (ATI Technologies Inc.) \crypt32chain - crypt32.dll = (Microsoft Corporation) \cryptnet - cryptnet.dll = (Microsoft Corporation) \cscdll - cscdll.dll = (Microsoft Corporation) \ScCertProp - wlnotify.dll = (Microsoft Corporation) \Schedule - wlnotify.dll = (Microsoft Corporation) \sclgntfy - sclgntfy.dll = (Microsoft Corporation) \SensLogn - WlNotify.dll = (Microsoft Corporation) \termsrv - wlnotify.dll = (Microsoft Corporation) \WgaLogon - WgaLogon.dll = (Microsoft Corporation) \wlballoon - wlnotify.dll = (Microsoft Corporation) \WRNotifier - WRLogonNTF.dll = (Webroot Software, Inc.) >>> DNS Name Servers <<< {30B41D9D-62B8-450A-8425-17C9A8956422} - (1394 Net Adapter) {32382C74-6CCE-4FD9-91F6-87188DFA2095} - () {C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37} - (Realtek RTL8139 Family PCI Fast Ethernet NIC) {E454848F-8496-479A-A49E-EF2E6AC32203} - (Intel(R) PRO/100 VE Network Connection) >>> All Winsock2 Catalogs <<< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries] \000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation) \000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation) \000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation) \000000000004\\LibraryPath - %SystemRoot%\System32\nwprovau.dll (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries] \000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation) \000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation) \000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000018\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000019\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000020\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000021\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000022\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000023\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000024\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) >>> Protocol Handlers (Non-Microsoft Only) <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler] \ipp - () \msdaipp - () \siteadvisor - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll (McAfee, Inc.) >>> Protocol Filters (Non-Microsoft Only) <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter] >>> Selected AddOn's <<< >>>>Output for AddOn file BotCheck_NoSubs.def<<<< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole - No SUBKEYS [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole] Ole\\DefaultLaunchPermission - 01 00 04 80 5C 00 00 00 6C 00 00 00 00 00 00 00 14 00 00 00 02 00 48 00 03 00 00 00 00 00 18 00 1F 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 0B 00 00 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 14 00 0B 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 Ole\\MachineLaunchRestriction - 01 00 04 80 48 00 00 00 58 00 00 00 00 00 00 00 14 00 00 00 02 00 34 00 02 00 00 00 00 00 18 00 1F 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 0B 00 00 00 01 01 00 00 00 00 00 01 00 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 Ole\\MachineAccessRestriction - 01 00 04 80 44 00 00 00 54 00 00 00 00 00 00 00 14 00 00 00 02 00 30 00 02 00 00 00 00 00 14 00 03 00 00 00 01 01 00 00 00 00 00 05 07 00 00 00 00 00 14 00 07 00 00 00 01 01 00 00 00 00 00 01 00 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 Ole\\EnableDCOM - Y \AppCompat \NONREDIST HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center - No SUBKEYS [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] Security Center\\FirstRunDisabled - 1 Security Center\\AntiVirusDisableNotify - 1 Security Center\\FirewallDisableNotify - 1 Security Center\\UpdatesDisableNotify - 0 Security Center\\AntiVirusOverride - 0 Security Center\\FirewallOverride - 0 \Monitoring HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate - No SUBKEYS HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate - not found. HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile - No SUBKEYS HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile - not found. HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile - No SUBKEYS HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile - not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control - No SUBKEYS [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control] Control\\CurrentUser - USERNAME Control\\WaitToKillServiceTimeout - 20000 Control\\SystemStartOptions - NOEXECUTE=OPTIN FASTDETECT SAFEBOOT:MINIMAL SOS BOOTLOG NOGUIBOOT Control\\SystemBootDevice - multi(0)disk(0)rdisk(0)partition(2) \AGP \Arbiters \BackupRestore \Biosinfo \Biosinfo \Class \Class \COM Name Arbite \ComputerName \ContentIndex \ContentIndex \CrashControl \CrashControl \DeviceClasses \EFR \FileSystem \GraphicsDrivers \GroupOrderList \HAL \IDConfigDB \Keyboard Layout \Keyboard Layout \Lsa \MediaCategories \MediaInterfaces \MediaProperties \MediaResources \MediaSets \MediumCache \MSPaper \Network \NetworkProvider \Nls \NodeInterfaces \NTMS \PnP \Print \PriorityControl \ProductOptions \SafeBoot \ScsiPort \ScsiPort \ScsiPort \ScsiPort \ScsiPort \ServiceProvider \Session Manager \Setup \StillImage \SystemResources \Terminal Server \Terminal Server \Update \UsbFlags \Video \Video \Watchdog \Windows \WMI \WOW \hivelist \ServiceCurrent HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa - No SUBKEYS [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] Lsa\\Authentication Packages - msv1_0;nwprovau; Lsa\\Bounds - 00 30 00 00 00 20 00 00 Lsa\\Security Packages - kerberos;msv1_0;schannel;wdigest; Lsa\\ImpersonatePrivilegeUpgradeToolHasRun - 1 Lsa\\LsaPid - 348 Lsa\\SecureBoot - 1 Lsa\\auditbaseobjects - 0 Lsa\\crashonauditfail - 0 Lsa\\disabledomaincreds - 0 Lsa\\everyoneincludesanonymous - 0 Lsa\\fipsalgorithmpolicy - 0 Lsa\\forceguest - 1 Lsa\\fullprivilegeauditing - 00 Lsa\\limitblankpassworduse - 1 Lsa\\lmcompatibilitylevel - 0 Lsa\\nodefaultadminowner - 1 Lsa\\nolmhash - 0 Lsa\\restrictanonymous - 0 Lsa\\restrictanonymoussam - 1 Lsa\\Notification Packages - scecli; Lsa\\enabledcom - y \AccessProviders \Audit \Data \GBG \JD \Kerberos \MSV1_0 \Skew1 \SSO \SspiCache HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters - No SUBKEYS [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters] Parameters\\autodisconnect - 15 Parameters\\enableforcedlogoff - 1 Parameters\\enablesecuritysignature - 0 Parameters\\requiresecuritysignature - 0 Parameters\\NullSessionPipes - COMNAP;COMNODE;SQL\QUERY;SPOOLSS;LLSRPC;browser; Parameters\\NullSessionShares - COMCFG;DFS$; Parameters\\ServiceDll - %SystemRoot%\System32\srvsvc.dll Parameters\\Lmannounce - 0 Parameters\\Size - 1 Parameters\\Guid - E0 ED B7 63 09 0C E1 48 87 97 60 0E 36 44 4D FC Parameters\\AdjustedNullSessionPipes - 1 Parameters\\CachedOpenLimit - 0 Parameters\\srvcomment - Home HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanServer\Parameters - No SUBKEYS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanServer\Parameters] Parameters\\autodisconnect - 15 Parameters\\enableforcedlogoff - 1 Parameters\\enablesecuritysignature - 0 Parameters\\requiresecuritysignature - 0 Parameters\\NullSessionPipes - COMNAP;COMNODE;SQL\QUERY;SPOOLSS;LLSRPC;browser; Parameters\\NullSessionShares - COMCFG;DFS$; Parameters\\ServiceDll - %SystemRoot%\System32\srvsvc.dll Parameters\\Lmannounce - 0 Parameters\\Size - 1 Parameters\\Guid - AA DF A6 28 8B 04 6E 43 93 35 1C DF 1B 75 9C D2 Parameters\\AdjustedNullSessionPipes - 1 Parameters\\CachedOpenLimit - 0 Parameters\\srvcomment - Home HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\Parameters - No SUBKEYS [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\Parameters] Parameters\\enableplaintextpassword - 0 Parameters\\enablesecuritysignature - 1 Parameters\\requiresecuritysignature - 0 Parameters\\ServiceDll - %SystemRoot%\System32\wkssvc.dll Parameters\\OtherDomains - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanworkstation\Parameters - No SUBKEYS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanworkstation\Parameters] Parameters\\enableplaintextpassword - 0 Parameters\\enablesecuritysignature - 1 Parameters\\requiresecuritysignature - 0 Parameters\\ServiceDll - %SystemRoot%\System32\wkssvc.dll Parameters\\OtherDomains - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess - No SUBKEYS [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess] SharedAccess\\DependOnGroup - SharedAccess\\DependOnService - Netman;WinMgmt; SharedAccess\\Description - Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. SharedAccess\\DisplayName - Windows Firewall/Internet Connection Sharing (ICS) SharedAccess\\ErrorControl - 1 SharedAccess\\ImagePath - %SystemRoot%\system32\svchost.exe -k netsvcs SharedAccess\\ObjectName - LocalSystem SharedAccess\\Start - 2 SharedAccess\\Type - 32 \Epoch \Parameters \Setup \Enum HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry - No SUBKEYS [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry] RemoteRegistry\\Description - Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. RemoteRegistry\\DependOnService - RPCSS; RemoteRegistry\\DisplayName - Remote Registry RemoteRegistry\\ErrorControl - 1 RemoteRegistry\\ImagePath - %SystemRoot%\system32\svchost.exe -k LocalService RemoteRegistry\\ObjectName - NT AUTHORITY\LocalService RemoteRegistry\\Group - RemoteRegistry\\Start - 2 RemoteRegistry\\Type - 32 RemoteRegistry\\FailureActions - 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 \Parameters \Security \Enum HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteRegistry - No SUBKEYS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteRegistry] RemoteRegistry\\Description - Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. RemoteRegistry\\DependOnService - RPCSS; RemoteRegistry\\DisplayName - Remote Registry RemoteRegistry\\ErrorControl - 1 RemoteRegistry\\ImagePath - %SystemRoot%\system32\svchost.exe -k LocalService RemoteRegistry\\ObjectName - NT AUTHORITY\LocalService RemoteRegistry\\Group - RemoteRegistry\\Start - 2 RemoteRegistry\\Type - 32 RemoteRegistry\\FailureActions - 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 \Parameters \Security HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpipservice - No SUBKEYS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpipservice - not found. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tcpipservice - No SUBKEYS HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tcpipservice - not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr - No SUBKEYS [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr] TlntSvr\\Type - 16 TlntSvr\\Start - 4 TlntSvr\\ErrorControl - 1 TlntSvr\\ImagePath - C:\WINDOWS\system32\tlntsvr.exe TlntSvr\\DisplayName - Telnet TlntSvr\\DependOnService - RPCSS;TCPIP;NTLMSSP; TlntSvr\\DependOnGroup - TlntSvr\\ObjectName - LocalSystem TlntSvr\\Description - Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. \Security HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TlntSvr - No SUBKEYS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TlntSvr] TlntSvr\\Type - 16 TlntSvr\\Start - 4 TlntSvr\\ErrorControl - 1 TlntSvr\\ImagePath - C:\WINDOWS\system32\tlntsvr.exe TlntSvr\\DisplayName - Telnet TlntSvr\\DependOnService - RPCSS;TCPIP;NTLMSSP; TlntSvr\\DependOnGroup - TlntSvr\\ObjectName - LocalSystem TlntSvr\\Description - Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. \Security HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv - No SUBKEYS [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv] wuauserv\\Type - 32 wuauserv\\Start - 2 wuauserv\\ErrorControl - 1 wuauserv\\ImagePath - %systemroot%\system32\svchost.exe -k netsvcs wuauserv\\DisplayName - Automatic Updates wuauserv\\ObjectName - LocalSystem wuauserv\\Description - Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. \Parameters \Security \Enum HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv - No SUBKEYS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv] wuauserv\\Type - 32 wuauserv\\Start - 2 wuauserv\\ErrorControl - 1 wuauserv\\ImagePath - %systemroot%\system32\svchost.exe -k netsvcs wuauserv\\DisplayName - Automatic Updates wuauserv\\ObjectName - LocalSystem wuauserv\\Description - Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. \Parameters \Security HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings - No SUBKEYS [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings] Internet Settings\\ProxyEnable - 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings - No SUBKEYS [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings] Internet Settings\\ProxyEnable - 0 >>>>Output for AddOn file BotCheck_Subs.def<<<< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole - Include SUBKEYS [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole] Ole\\DefaultLaunchPermission - 01 00 04 80 5C 00 00 00 6C 00 00 00 00 00 00 00 14 00 00 00 02 00 48 00 03 00 00 00 00 00 18 00 1F 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 0B 00 00 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 14 00 0B 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 Ole\\MachineLaunchRestriction - 01 00 04 80 48 00 00 00 58 00 00 00 00 00 00 00 14 00 00 00 02 00 34 00 02 00 00 00 00 00 18 00 1F 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 0B 00 00 00 01 01 00 00 00 00 00 01 00 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 Ole\\MachineAccessRestriction - 01 00 04 80 44 00 00 00 54 00 00 00 00 00 00 00 14 00 00 00 02 00 30 00 02 00 00 00 00 00 14 00 03 00 00 00 01 01 00 00 00 00 00 05 07 00 00 00 00 00 14 00 07 00 00 00 01 01 00 00 00 00 00 01 00 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 Ole\\EnableDCOM - Y Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} - 1 Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} - 1 Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} - 1 Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} - 1 Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center - Include SUBKEYS [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] Security Center\\FirstRunDisabled - 1 Security Center\\AntiVirusDisableNotify - 1 Security Center\\FirewallDisableNotify - 1 Security Center\\UpdatesDisableNotify - 0 Security Center\\AntiVirusOverride - 0 Security Center\\FirewallOverride - 0 Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring - 1 Security Center\Monitoring\SymantecFirewall\\DisableMonitoring - 1 HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate - Include SUBKEYS HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate - not found. HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile - Include SUBKEYS HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile - not found. HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile - Include SUBKEYS HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile - not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control - No SUBKEYS [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control] Control\\CurrentUser - USERNAME Control\\WaitToKillServiceTimeout - 20000 Control\\SystemStartOptions - NOEXECUTE=OPTIN FASTDETECT SAFEBOOT:MINIMAL SOS BOOTLOG NOGUIBOOT Control\\SystemBootDevice - multi(0)disk(0)rdisk(0)partition(2) \AGP \Arbiters \BackupRestore \Biosinfo \Biosinfo \Class \Class \COM Name Arbite \ComputerName \ContentIndex \ContentIndex \CrashControl \CrashControl \DeviceClasses \EFR \FileSystem \GraphicsDrivers \GroupOrderList \HAL \IDConfigDB \Keyboard Layout \Keyboard Layout \Lsa \MediaCategories \MediaInterfaces \MediaProperties \MediaResources \MediaSets \MediumCache \MSPaper \Network \NetworkProvider \Nls \NodeInterfaces \NTMS \PnP \Print \PriorityControl \ProductOptions \SafeBoot \ScsiPort \ScsiPort \ScsiPort \ScsiPort \ScsiPort \ServiceProvider \Session Manager \Setup \StillImage \SystemResources \Terminal Server \Terminal Server \Update \UsbFlags \Video \Video \Watchdog \Windows \WMI \WOW \hivelist \ServiceCurrent HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa - Include SUBKEYS [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] Lsa\\Authentication Packages - msv1_0;nwprovau; Lsa\\Bounds - 00 30 00 00 00 20 00 00 Lsa\\Security Packages - kerberos;msv1_0;schannel;wdigest; Lsa\\ImpersonatePrivilegeUpgradeToolHasRun - 1 Lsa\\LsaPid - 348 Lsa\\SecureBoot - 1 Lsa\\auditbaseobjects - 0 Lsa\\crashonauditfail - 0 Lsa\\disabledomaincreds - 0 Lsa\\everyoneincludesanonymous - 0 Lsa\\fipsalgorithmpolicy - 0 Lsa\\forceguest - 1 Lsa\\fullprivilegeauditing - 00 Lsa\\limitblankpassworduse - 1 Lsa\\lmcompatibilitylevel - 0 Lsa\\nodefaultadminowner - 1 Lsa\\nolmhash - 0 Lsa\\restrictanonymous - 0 Lsa\\restrictanonymoussam - 1 Lsa\\Notification Packages - scecli; Lsa\\enabledcom - y Lsa\AccessProviders\\ProviderOrder - Windows NT Access Provider; Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath - %SystemRoot%\system32\ntmarta.dll Lsa\Data\\Pattern - 78 AA A0 D3 11 5A 07 E5 65 C4 8E 0E 4E B8 F9 54 36 61 32 66 30 38 34 66 00 00 00 00 1B 88 00 00 18 CA 06 00 99 D0 BF 71 04 CA 06 00 10 00 00 00 00 00 00 00 D8 B2 F2 F5 48 EF 2F E8 5A 71 49 6A Lsa\GBG\\GrafBlumGroup - 1B 70 B0 20 23 9C E4 33 EB Lsa\JD\\Lookup - 02 D8 7F 17 08 F5 Lsa\MSV1_0\\Auth132 - IISSUBA Lsa\MSV1_0\\ntlmminclientsec - 0 Lsa\MSV1_0\\ntlmminserversec - 0 Lsa\Skew1\\SkewMatrix - 71 13 E7 FC CA 46 76 35 72 51 FA 9B AE 1B A3 DA Lsa\SSO\Passport1.4\\SSOURL - http://www.passport.com Lsa\SspiCache\\Time - 84 13 93 01 FC D3 C5 01 Lsa\SspiCache\digest.dll\\Name - Digest Lsa\SspiCache\digest.dll\\Comment - Digest SSPI Authentication Package Lsa\SspiCache\digest.dll\\Capabilities - 16464 Lsa\SspiCache\digest.dll\\RpcId - 65535 Lsa\SspiCache\digest.dll\\Version - 1 Lsa\SspiCache\digest.dll\\TokenSize - 65535 Lsa\SspiCache\digest.dll\\Time - 00 60 DB 8F D1 7E C4 01 Lsa\SspiCache\digest.dll\\Type - 49 Lsa\SspiCache\msapsspc.dll\\Name - DPA Lsa\SspiCache\msapsspc.dll\\Comment - DPA Security Package Lsa\SspiCache\msapsspc.dll\\Capabilities - 55 Lsa\SspiCache\msapsspc.dll\\RpcId - 17 Lsa\SspiCache\msapsspc.dll\\Version - 1 Lsa\SspiCache\msapsspc.dll\\TokenSize - 768 Lsa\SspiCache\msapsspc.dll\\Time - 00 88 7C E3 96 7E C4 01 Lsa\SspiCache\msapsspc.dll\\Type - 49 Lsa\SspiCache\msnsspc.dll\\Name - MSN Lsa\SspiCache\msnsspc.dll\\Comment - MSN Security Package Lsa\SspiCache\msnsspc.dll\\Capabilities - 55 Lsa\SspiCache\msnsspc.dll\\RpcId - 18 Lsa\SspiCache\msnsspc.dll\\Version - 1 Lsa\SspiCache\msnsspc.dll\\TokenSize - 768 Lsa\SspiCache\msnsspc.dll\\Time - 00 60 DB 8F D1 7E C4 01 Lsa\SspiCache\msnsspc.dll\\Type - 49 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters - No SUBKEYS [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters] Parameters\\autodisconnect - 15 Parameters\\enableforcedlogoff - 1 Parameters\\enablesecuritysignature - 0 Parameters\\requiresecuritysignature - 0 Parameters\\NullSessionPipes - COMNAP;COMNODE;SQL\QUERY;SPOOLSS;LLSRPC;browser; Parameters\\NullSessionShares - COMCFG;DFS$; Parameters\\ServiceDll - %SystemRoot%\System32\srvsvc.dll Parameters\\Lmannounce - 0 Parameters\\Size - 1 Parameters\\Guid - E0 ED B7 63 09 0C E1 48 87 97 60 0E 36 44 4D FC Parameters\\AdjustedNullSessionPipes - 1 Parameters\\CachedOpenLimit - 0 Parameters\\srvcomment - Home HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanServer\Parameters - No SUBKEYS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanServer\Parameters] Parameters\\autodisconnect - 15 Parameters\\enableforcedlogoff - 1 Parameters\\enablesecuritysignature - 0 Parameters\\requiresecuritysignature - 0 Parameters\\NullSessionPipes - COMNAP;COMNODE;SQL\QUERY;SPOOLSS;LLSRPC;browser; Parameters\\NullSessionShares - COMCFG;DFS$; Parameters\\ServiceDll - %SystemRoot%\System32\srvsvc.dll Parameters\\Lmannounce - 0 Parameters\\Size - 1 Parameters\\Guid - AA DF A6 28 8B 04 6E 43 93 35 1C DF 1B 75 9C D2 Parameters\\AdjustedNullSessionPipes - 1 Parameters\\CachedOpenLimit - 0 Parameters\\srvcomment - Home HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\Parameters - No SUBKEYS [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\Parameters] Parameters\\enableplaintextpassword - 0 Parameters\\enablesecuritysignature - 1 Parameters\\requiresecuritysignature - 0 Parameters\\ServiceDll - %SystemRoot%\System32\wkssvc.dll Parameters\\OtherDomains - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanworkstation\Parameters - No SUBKEYS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanworkstation\Parameters] Parameters\\enableplaintextpassword - 0 Parameters\\enablesecuritysignature - 1 Parameters\\requiresecuritysignature - 0 Parameters\\ServiceDll - %SystemRoot%\System32\wkssvc.dll Parameters\\OtherDomains - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess - Include SUBKEYS [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess] SharedAccess\\DependOnGroup - SharedAccess\\DependOnService - Netman;WinMgmt; SharedAccess\\Description - Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. SharedAccess\\DisplayName - Windows Firewall/Internet Connection Sharing (ICS) SharedAccess\\ErrorControl - 1 SharedAccess\\ImagePath - %SystemRoot%\system32\svchost.exe -k netsvcs SharedAccess\\ObjectName - LocalSystem SharedAccess\\Start - 2 SharedAccess\\Type - 32 SharedAccess\Epoch\\Epoch - 3665 SharedAccess\Parameters\\ServiceDll - %SystemRoot%\System32\ipnathlp.dll SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe - %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%ProgramFiles%\iTunes\iTunes.exe - %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe - C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msncall.exe - C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall - 0 SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions - 0 SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications - 0 SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe - %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe - C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe - C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe - C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hposid01.exe - C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe - C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe - C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe - C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe - C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe - C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe - C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe - C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe - C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EarthLink TotalAccess\TaskPanl.exe - C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe - C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NovaLogic\Delta Force Black Hawk Down\dfbhd.exe - C:\Program Files\NovaLogic\Delta Force Black Hawk Down\dfbhd.exe:*:Enabled:dfbhd SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\StubInstaller.exe - C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe - C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire 4.10.0 SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe - C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\HP_Administrator\Desktop\ra2\RA2\Game.exe - C:\Documents and Settings\HP_Administrator\Desktop\ra2\RA2\Game.exe:*:Disabled:Main executable for Red Alert 2 SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Guild Wars\Gw.exe - C:\Program Files\Guild Wars\Gw.exe:*:Enabled:Gw SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\HP_Administrator\Desktop\runescape.exe - C:\Documents and Settings\HP_Administrator\Desktop\runescape.exe:*:Enabled:runescape SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Symantec\LiveUpdate\LUALL.EXE - C:\Program Files\Symantec\LiveUpdate\LUALL.EXE:*:Enabled:LiveUpdate SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Mop\iMop\iMop.exe - C:\Program Files\Mop\iMop\iMop.exe:*:Enabled:iMop SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Mop\iMop\iMoppros.exe - C:\Program Files\Mop\iMop\iMoppros.exe:*:Enabled:iMop Accelerator For Internet Explorer SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\Temp\102949.exe - C:\WINDOWS\Temp\102949.exe:*:Enabled:DM SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\Temp\102131.exe - C:\WINDOWS\Temp\102131.exe:*:Enabled:DM SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\eMule\emule.exe - C:\Program Files\eMule\emule.exe:*:Disabled:eMule SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Games\Rise of Nations\rise.exe - C:\Program Files\Microsoft Games\Rise of Nations\rise.exe:*:Enabled:Rise of Nations SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Macromedia\Fireworks MX\Fireworks.exe - C:\Program Files\Macromedia\Fireworks MX\Fireworks.exe:*:Enabled:Fireworks MX SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\IEXPLORE.EXE - C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Disabled:Internet Explorer SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Mozilla Firefox\firefox.exe - C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Warcraft III\Warcraft III.exe - C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe - C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msncall.exe - C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe - C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe - C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BearShare Applications\BearShare\BearShare.exe - C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP - 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP - 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 SharedAccess\Setup\\ServiceUpgrade - 1 SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All - 1 SharedAccess\Enum\\0 - Root\LEGACY_SHAREDACCESS\0000 SharedAccess\Enum\\Count - 1 SharedAccess\Enum\\NextInstance - 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry - Include SUBKEYS [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry] RemoteRegistry\\Description - Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. RemoteRegistry\\DependOnService - RPCSS; RemoteRegistry\\DisplayName - Remote Registry RemoteRegistry\\ErrorControl - 1 RemoteRegistry\\ImagePath - %SystemRoot%\system32\svchost.exe -k LocalService RemoteRegistry\\ObjectName - NT AUTHORITY\LocalService RemoteRegistry\\Group - RemoteRegistry\\Start - 2 RemoteRegistry\\Type - 32 RemoteRegistry\\FailureActions - 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 RemoteRegistry\Parameters\\ServiceDll - %SystemRoot%\system32\regsvc.dll RemoteRegistry\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 9D 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 RemoteRegistry\Enum\\0 - Root\LEGACY_REMOTEREGISTRY\0000 RemoteRegistry\Enum\\Count - 1 RemoteRegistry\Enum\\NextInstance - 1 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteRegistry - Include SUBKEYS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteRegistry] RemoteRegistry\\Description - Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. RemoteRegistry\\DependOnService - RPCSS; RemoteRegistry\\DisplayName - Remote Registry RemoteRegistry\\ErrorControl - 1 RemoteRegistry\\ImagePath - %SystemRoot%\system32\svchost.exe -k LocalService RemoteRegistry\\ObjectName - NT AUTHORITY\LocalService RemoteRegistry\\Group - RemoteRegistry\\Start - 2 RemoteRegistry\\Type - 32 RemoteRegistry\\FailureActions - 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 RemoteRegistry\Parameters\\ServiceDll - %SystemRoot%\system32\regsvc.dll RemoteRegistry\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 9D 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpipservice - Include SUBKEYS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpipservice - not found. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tcpipservice - Include SUBKEYS HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tcpipservice - not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr - Include SUBKEYS [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr] TlntSvr\\Type - 16 TlntSvr\\Start - 4 TlntSvr\\ErrorControl - 1 TlntSvr\\ImagePath - C:\WINDOWS\system32\tlntsvr.exe TlntSvr\\DisplayName - Telnet TlntSvr\\DependOnService - RPCSS;TCPIP;NTLMSSP; TlntSvr\\DependOnGroup - TlntSvr\\ObjectName - LocalSystem TlntSvr\\Description - Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. TlntSvr\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TlntSvr - Include SUBKEYS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TlntSvr] TlntSvr\\Type - 16 TlntSvr\\Start - 4 TlntSvr\\ErrorControl - 1 TlntSvr\\ImagePath - C:\WINDOWS\system32\tlntsvr.exe TlntSvr\\DisplayName - Telnet TlntSvr\\DependOnService - RPCSS;TCPIP;NTLMSSP; TlntSvr\\DependOnGroup - TlntSvr\\ObjectName - LocalSystem TlntSvr\\Description - Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. TlntSvr\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv - Include SUBKEYS [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv] wuauserv\\Type - 32 wuauserv\\Start - 2 wuauserv\\ErrorControl - 1 wuauserv\\ImagePath - %systemroot%\system32\svchost.exe -k netsvcs wuauserv\\DisplayName - Automatic Updates wuauserv\\ObjectName - LocalSystem wuauserv\\Description - Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. wuauserv\Parameters\\ServiceDll - C:\WINDOWS\system32\wuauserv.dll wuauserv\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 wuauserv\Enum\\0 - Root\LEGACY_WUAUSERV\0000 wuauserv\Enum\\Count - 1 wuauserv\Enum\\NextInstance - 1 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv - Include SUBKEYS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv] wuauserv\\Type - 32 wuauserv\\Start - 2 wuauserv\\ErrorControl - 1 wuauserv\\ImagePath - %systemroot%\system32\svchost.exe -k netsvcs wuauserv\\DisplayName - Automatic Updates wuauserv\\ObjectName - LocalSystem wuauserv\\Description - Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. wuauserv\Parameters\\ServiceDll - C:\WINDOWS\system32\wuauserv.dll wuauserv\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings - Include SUBKEYS [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings] Internet Settings\\ProxyEnable - 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings - Include SUBKEYS [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings] Internet Settings\\ProxyEnable - 0 >>>>Output for AddOn file Exe_Test.def<<<< DIR C:\WINDOWS\*.exe (Parameters = ) C:\WINDOWS\agrsmdel.exe( (Agere Systems)) C:\WINDOWS\ALCMTR.EXE( (Realtek Semiconductor Corp.)) C:\WINDOWS\ALCWZRD.EXE( (RealTek Semicoductor Corp.)) C:\WINDOWS\arpwrmsg.exe( (Microsoft)) C:\WINDOWS\arservice.exe( (Microsoft)) C:\WINDOWS\choice.exe( ()) C:\WINDOWS\CtDrvIns.exe( (Creative Technology Ltd.)) C:\WINDOWS\Ctregrun.exe( (Creative Technology Ltd )) C:\WINDOWS\explorer.exe( (Microsoft Corporation)) C:\WINDOWS\hh.exe( (Microsoft Corporation)) C:\WINDOWS\HPCPCUninstaller-6.3.2.116-9972322.exe( ()) C:\WINDOWS\IsUninst.exe( (InstallShield Software Corporation)) C:\WINDOWS\iun6002.exe( (Indigo Rose Corporation)) C:\WINDOWS\kb913800.exe( (Microsoft Corporation)) C:\WINDOWS\MicCal.exe( (Realtek Semiconductor Corp.)) C:\WINDOWS\NOTEPAD.EXE( (Microsoft Corporation)) C:\WINDOWS\P1120Cfg.exe( (Creative Technology Ltd.)) C:\WINDOWS\regedit.exe( (Microsoft Corporation)) C:\WINDOWS\RTHDCPL.EXE( (Realtek Semiconductor Corp.)) C:\WINDOWS\RTLCPL.EXE( (Realtek Semiconductor Corp.)) C:\WINDOWS\SOUNDMAN.EXE( (Realtek Semiconductor Corp.)) C:\WINDOWS\TASKMAN.EXE( (Microsoft Corporation)) C:\WINDOWS\twunk_16.exe( (Twain Working Group)) C:\WINDOWS\twunk_32.exe( (Twain Working Group)) C:\WINDOWS\UninstallFirefox.exe( ()) C:\WINDOWS\winhelp.exe( (Microsoft Corporation)) C:\WINDOWS\winhlp32.exe( (Microsoft Corporation)) DIR C:\*.* (Parameters = ) C:\appdata.txt( ()) C:\athmnalo.txt( ()) C:\AUTOEXEC.BAT( ()) C:\au_appdata.txt( ()) C:\avenger.txt( ()) C:\BOOT.BAK( ()) C:\boot.ini( ()) C:\CdnFiles.txt( ()) C:\cmldr( ()) C:\ComboFix.txt( ()) C:\ComboFix2.txt( ()) C:\CONFIG.SYS( ()) C:\CtDrvIns.log( ()) C:\CtDrvStp.log( ()) C:\Export.txt( ()) C:\filesearch.txt( ()) C:\IO.SYS( ()) C:\liiqsbnd.txt( ()) C:\MSDOS.SYS( ()) C:\NTDETECT.COM( ()) C:\ntldr( ()) C:\Report.txt( ()) C:\resolve.log( ()) C:\sqmnoopt00.sqm( ()) C:\StubInstaller.exe( (LimeWire)) C:\threatalerts.txt( ()) DIR C:\Program Files\*.* (Parameters = ) File C:\Program Files\*.* was not found! >>>>Output for AddOn file FileAssoc.def<<<< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bat - No SUBKEYS [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bat] .bat\\ - batfile \PersistentHandler HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile - Include SUBKEYS [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile] batfile\\ - MS-DOS Batch File batfile\\EditFlags - 30 04 00 00 batfile\DefaultIcon\\ - %SystemRoot%\System32\shell32.dll,-153 batfile\shell\edit\command\\ - %SystemRoot%\System32\NOTEPAD.EXE %1 batfile\shell\open\\EditFlags - 00 00 00 00 batfile\shell\open\command\\ - "%1" %* batfile\shell\print\command\\ - %SystemRoot%\System32\NOTEPAD.EXE /p %1 batfile\shellex\DropHandler\\ - {86C86720-42A0-1069-A2E8-08002B30309D} batfile\shellex\PropertySheetHandlers\PifProps\\ - {86F19A00-42A0-1069-A2E9-08002B30309D} batfile\shellex\PropertySheetHandlers\ShimLayer Property Page\\ - {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cmd - No SUBKEYS [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cmd] .cmd\\ - cmdfile \PersistentHandler HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cmdfile - Include SUBKEYS [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cmdfile] cmdfile\\ - Windows NT Command Script cmdfile\\EditFlags - 30 04 00 00 cmdfile\DefaultIcon\\ - %SystemRoot%\System32\shell32.dll,-153 cmdfile\shell\edit\command\\ - %SystemRoot%\System32\NOTEPAD.EXE %1 cmdfile\shell\open\\EditFlags - 00 00 00 00 cmdfile\shell\open\command\\ - "%1" %* cmdfile\shell\print\command\\ - %SystemRoot%\System32\NOTEPAD.EXE /p %1 cmdfile\shellex\DropHandler\\ - {86C86720-42A0-1069-A2E8-08002B30309D} cmdfile\shellex\PropertySheetHandlers\PifProps\\ - {86F19A00-42A0-1069-A2E9-08002B30309D} cmdfile\shellex\PropertySheetHandlers\ShimLayer Property Page\\ - {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.com - No SUBKEYS [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.com] .com\\ - comfile \PersistentHandler HKEY_LOCAL_MACHINE\SOFTWARE\Classes\comfile - Include SUBKEYS [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\comfile] comfile\\ - MS-DOS Application comfile\\EditFlags - 30 00 00 00 comfile\DefaultIcon\\ - %SystemRoot%\System32\shell32.dll,2 comfile\shell\open\\EditFlags - 00 00 00 00 comfile\shell\open\command\\ - "%1" %* comfile\shellex\DropHandler\\ - {86C86720-42A0-1069-A2E8-08002B30309D} comfile\shellex\PropertySheetHandlers\PifProps\\ - {86F19A00-42A0-1069-A2E9-08002B30309D} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe - No SUBKEYS [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe] .exe\\ - exefile .exe\\Content Type - application/x-msdownload \PersistentHandler HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile - Include SUBKEYS [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile] exefile\\ - Application exefile\\EditFlags - 38 07 00 00 exefile\\TileInfo - prop:FileDescription;Company;FileVersion exefile\\InfoTip - prop:FileDescription;Company;FileVersion;Create;Size exefile\DefaultIcon\\ - %1 exefile\shell\open\\EditFlags - 00 00 00 00 exefile\shell\open\command\\ - "%1" %* exefile\shell\runas\command\\ - "%1" %* exefile\shellex\ContextMenuHandlers\CmdLineExt\\ - {9869EFB4-18E9-11D3-A837-00104B9E30B5} exefile\shellex\DropHandler\\ - {86C86720-42A0-1069-A2E8-08002B30309D} exefile\shellex\PropertySheetHandlers\PifProps\\ - {86F19A00-42A0-1069-A2E9-08002B30309D} exefile\shellex\PropertySheetHandlers\ShimLayer Property Page\\ - {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\\ - HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk - Include SUBKEYS [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk] .lnk\\ - lnkfile .lnk\ShellEx\{000214EE-0000-0000-C000-000000000046}\\ - {00021401-0000-0000-C000-000000000046} .lnk\ShellEx\{000214F9-0000-0000-C000-000000000046}\\ - {00021401-0000-0000-C000-000000000046} .lnk\ShellEx\{00021500-0000-0000-C000-000000000046}\\ - {00021401-0000-0000-C000-000000000046} .lnk\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}\\ - {00021401-0000-0000-C000-000000000046} .lnk\ShellNew\\Command - rundll32.exe appwiz.cpl,NewLinkHere %1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile - Include SUBKEYS [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile] lnkfile\\ - Shortcut lnkfile\\EditFlags - 1 lnkfile\\IsShortcut - lnkfile\\NeverShowExt - lnkfile\CLSID\\ - {00021401-0000-0000-C000-000000000046} lnkfile\shellex\ContextMenuHandlers\Offline Files\\ - {750fdf0e-2a26-11d1-a3ea-080036587f03} lnkfile\shellex\DropHandler\\ - {00021401-0000-0000-C000-000000000046} lnkfile\shellex\IconHandler\\ - {00021401-0000-0000-C000-000000000046} lnkfile\shellex\PropertySheetHandlers\ShimLayer Property Page\\ - {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} HKEY_CURRENT_USER\SOFTWARE\Classes\.bat - No SUBKEYS HKEY_CURRENT_USER\SOFTWARE\Classes\.bat - not found. HKEY_CURRENT_USER\SOFTWARE\Classes\batfile - Include SUBKEYS HKEY_CURRENT_USER\SOFTWARE\Classes\batfile - not found. HKEY_CURRENT_USER\SOFTWARE\Classes\.cmd - No SUBKEYS HKEY_CURRENT_USER\SOFTWARE\Classes\.cmd - not found. HKEY_CURRENT_USER\SOFTWARE\Classes\cmdfile - Include SUBKEYS HKEY_CURRENT_USER\SOFTWARE\Classes\cmdfile - not found. HKEY_CURRENT_USER\SOFTWARE\Classes\.com - No SUBKEYS HKEY_CURRENT_USER\SOFTWARE\Classes\.com - not found. HKEY_CURRENT_USER\SOFTWARE\Classes\comfile - Include SUBKEYS HKEY_CURRENT_USER\SOFTWARE\Classes\comfile - not found. HKEY_CURRENT_USER\SOFTWARE\Classes\.exe - No SUBKEYS HKEY_CURRENT_USER\SOFTWARE\Classes\.exe - not found. HKEY_CURRENT_USER\SOFTWARE\Classes\exefile - Include SUBKEYS HKEY_CURRENT_USER\SOFTWARE\Classes\exefile - not found. HKEY_CURRENT_USER\SOFTWARE\Classes\.lnk - Include SUBKEYS HKEY_CURRENT_USER\SOFTWARE\Classes\.lnk - not found. HKEY_CURRENT_USER\SOFTWARE\Classes\lnkfile - Include SUBKEYS HKEY_CURRENT_USER\SOFTWARE\Classes\lnkfile - not found. >>>>Output for AddOn file HKCU_IEDesktop.def<<<< HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop - Include SUBKEYS [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop] Desktop\Components\\DeskHtmlVersion - 272 Desktop\Components\\DeskHtmlMinorVersion - 5 Desktop\Components\\Settings - 1 Desktop\Components\\GeneralFlags - 1 Desktop\Components\0\\Source - About:Home Desktop\Components\0\\SubscribedURL - About:Home Desktop\Components\0\\FriendlyName - My Current Home Page Desktop\Components\0\\Flags - 2 Desktop\Components\0\\Position - 2C 00 00 00 40 01 00 00 00 00 00 00 E0 01 00 00 3A 02 00 00 00 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 Desktop\Components\0\\CurrentState - 04 00 00 40 Desktop\Components\0\\OriginalStateInfo - 18 00 00 00 FF FF 00 00 FF FF 00 00 FF FF FF FF FF FF FF FF 04 00 00 00 Desktop\Components\0\\RestoredStateInfo - 18 00 00 00 6A 02 00 00 23 00 00 00 A4 00 00 00 9A 00 00 00 01 00 00 00 Desktop\General\\BackupWallpaper - %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp Desktop\General\\WallpaperFileTime - 42 1F 21 48 CF ED C6 01 Desktop\General\\WallpaperLocalFileTime - 42 47 C2 9B 94 ED C6 01 Desktop\General\\TileWallpaper - 0 Desktop\General\\WallpaperStyle - 2 Desktop\General\\Wallpaper - %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp Desktop\General\\ComponentsPositioned - 1 Desktop\General\Settings\\Text Color 01 - 4 Desktop\General\Settings\\Text Color 02 - 8 Desktop\General\Settings\\Text Color 03 - 21 Desktop\General\Toolbar\\Text Color A - 4 Desktop\General\Toolbar\\Text Color B - 5 Desktop\General\Toolbar\\Text Color C - 27 Desktop\Old WorkAreas\\NoOfOldWorkAreas - 1 Desktop\Old WorkAreas\\OldWorkAreaRects - 00 00 00 00 00 00 00 00 00 04 00 00 E2 02 00 00 Desktop\SafeMode\General\\Wallpaper - %SystemRoot%\Web\SafeMode.htt Desktop\SafeMode\General\\VisitGallery - 0 Desktop\Scheme\\Edit - Desktop\Scheme\\Display - >>>>Output for AddOn file Jobs.def<<<< DIR C:\WINDOWS\tasks\*.* (Parameters = Include SubFolders) C:\WINDOWS\tasks\desktop.ini( ()) C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - HP_Administrator.job( ()) C:\WINDOWS\tasks\SA.DAT( ()) >>>>Output for AddOn file Policies.def<<<< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} - 1 policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} - 1073741857 policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - 32 policies\system\\dontdisplaylastusername - 0 policies\system\\legalnoticecaption - policies\system\\legalnoticetext - policies\system\\shutdownwithoutlogon - 1 policies\system\\undockwithoutlogon - 1 policies\system\\InstallVisualStyle - C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles policies\system\\InstallTheme - C:\WINDOWS\Resources\Themes\Royale.theme HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] policies\Explorer\\NoDriveTypeAutoRun - 145 >>>>Output for AddOn file Security.def<<<< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center - Include SUBKEYS [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] Security Center\\FirstRunDisabled - 1 Security Center\\AntiVirusDisableNotify - 1 Security Center\\FirewallDisableNotify - 1 Security Center\\UpdatesDisableNotify - 0 Security Center\\AntiVirusOverride - 0 Security Center\\FirewallOverride - 0 Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring - 1 Security Center\Monitoring\SymantecFirewall\\DisableMonitoring - 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS - Include SUBKEYS [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS] BITS\\Type - 32 BITS\\Start - 3 BITS\\ErrorControl - 1 BITS\\ImagePath - %SystemRoot%\system32\svchost.exe -k netsvcs BITS\\DisplayName - Background Intelligent Transfer Service BITS\\DependOnService - RpcSs; BITS\\DependOnGroup - BITS\\ObjectName - LocalSystem BITS\\Description - Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly. BITS\\FailureActions - 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 68 E3 0C 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 BITS\Parameters\\ServiceDll - C:\WINDOWS\system32\qmgr.dll BITS\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 BITS\Enum\\0 - Root\LEGACY_BITS\0000 BITS\Enum\\Count - 1 BITS\Enum\\NextInstance - 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess - Include SUBKEYS [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess] SharedAccess\\DependOnGroup - SharedAccess\\DependOnService - Netman;WinMgmt; SharedAccess\\Description - Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. SharedAccess\\DisplayName - Windows Firewall/Internet Connection Sharing (ICS) SharedAccess\\ErrorControl - 1 SharedAccess\\ImagePath - %SystemRoot%\system32\svchost.exe -k netsvcs SharedAccess\\ObjectName - LocalSystem SharedAccess\\Start - 2 SharedAccess\\Type - 32 SharedAccess\Epoch\\Epoch - 3665 SharedAccess\Parameters\\ServiceDll - %SystemRoot%\System32\ipnathlp.dll SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe - %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%ProgramFiles%\iTunes\iTunes.exe - %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe - C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msncall.exe - C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall - 0 SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions - 0 SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications - 0 SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe - %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe - C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe - C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe - C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hposid01.exe - C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe - C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe - C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe - C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe - C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe - C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe - C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe - C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe - C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EarthLink TotalAccess\TaskPanl.exe - C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe - C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NovaLogic\Delta Force Black Hawk Down\dfbhd.exe - C:\Program Files\NovaLogic\Delta Force Black Hawk Down\dfbhd.exe:*:Enabled:dfbhd SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\StubInstaller.exe - C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe - C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire 4.10.0 SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe - C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\HP_Administrator\Desktop\ra2\RA2\Game.exe - C:\Documents and Settings\HP_Administrator\Desktop\ra2\RA2\Game.exe:*:Disabled:Main executable for Red Alert 2 SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Guild Wars\Gw.exe - C:\Program Files\Guild Wars\Gw.exe:*:Enabled:Gw SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\HP_Administrator\Desktop\runescape.exe - C:\Documents and Settings\HP_Administrator\Desktop\runescape.exe:*:Enabled:runescape SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Symantec\LiveUpdate\LUALL.EXE - C:\Program Files\Symantec\LiveUpdate\LUALL.EXE:*:Enabled:LiveUpdate SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Mop\iMop\iMop.exe - C:\Program Files\Mop\iMop\iMop.exe:*:Enabled:iMop SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Mop\iMop\iMoppros.exe - C:\Program Files\Mop\iMop\iMoppros.exe:*:Enabled:iMop Accelerator For Internet Explorer SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\Temp\102949.exe - C:\WINDOWS\Temp\102949.exe:*:Enabled:DM SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\Temp\102131.exe - C:\WINDOWS\Temp\102131.exe:*:Enabled:DM SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\eMule\emule.exe - C:\Program Files\eMule\emule.exe:*:Disabled:eMule SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Games\Rise of Nations\rise.exe - C:\Program Files\Microsoft Games\Rise of Nations\rise.exe:*:Enabled:Rise of Nations SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Macromedia\Fireworks MX\Fireworks.exe - C:\Program Files\Macromedia\Fireworks MX\Fireworks.exe:*:Enabled:Fireworks MX SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\IEXPLORE.EXE - C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Disabled:Internet Explorer SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Mozilla Firefox\firefox.exe - C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Warcraft III\Warcraft III.exe - C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe - C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msncall.exe - C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe - C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe - C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BearShare Applications\BearShare\BearShare.exe - C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP - 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP - 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 SharedAccess\Setup\\ServiceUpgrade - 1 SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All - 1 SharedAccess\Enum\\0 - Root\LEGACY_SHAREDACCESS\0000 SharedAccess\Enum\\Count - 1 SharedAccess\Enum\\NextInstance - 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv - Include SUBKEYS [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv] wuauserv\\Type - 32 wuauserv\\Start - 2 wuauserv\\ErrorControl - 1 wuauserv\\ImagePath - %systemroot%\system32\svchost.exe -k netsvcs wuauserv\\DisplayName - Automatic Updates wuauserv\\ObjectName - LocalSystem wuauserv\\Description - Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. wuauserv\Parameters\\ServiceDll - C:\WINDOWS\system32\wuauserv.dll wuauserv\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 wuauserv\Enum\\0 - Root\LEGACY_WUAUSERV\0000 wuauserv\Enum\\Count - 1 wuauserv\Enum\\NextInstance - 1 >>>>Output for AddOn file ShellState.def<<<< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer - No SUBKEYS [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer] Explorer\\WebFindBandHook - {68F2D3FC-8366-4a46-8224-58EFA2749425} Explorer\\FileFindBandHook - {FFAC7A18-EDF9-40de-BA3F-49FC2269855E} Explorer\\Logon User Name - HP_Administrator Explorer\\ShellState - 24 00 00 00 38 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 0D 00 00 00 00 00 00 00 02 00 00 00 Explorer\\CleanShutdown - 0 Explorer\\FaultCount - 0 Explorer\\FaultTime - 0 Explorer\\Browse For Folder Width - 318 Explorer\\Browse For Folder Height - 288 Explorer\\SearchSystemDirs - 1 Explorer\\SearchHidden - 0 Explorer\\IncludeSubFolders - 1 Explorer\\CaseSensitive - 0 Explorer\\SearchSlowFiles - 0 Explorer\\Shutdown Setting - 4 Explorer\\Reason Setting - 255 Explorer\\link - 1E 00 00 00 Explorer\\WebKwClsid - 9A8F4C3D008075EEDC61925DAC6BC0D261A2DE11BD1A1876B017A7CECB6B0ACE04F5234171D6058B503DA8BBA7096D6FFB90747C28D58C3CF2895FBB049BCCBDACA1929E1D5402F31F0DE8927760D13353FC Explorer\\IconUnderline - ; Explorer\\NoFileFolderConnection - 0 Explorer\\EnableAutoTray - 1 \Advanced \AutoComplete \AutoplayHandlers \BitBucket \CabinetState \CD Burning \CLSID \ComDlg32 \ComputerDescriptions \Desktop \Discardable \FileExts \HideMyComputerIcons \MenuOrder \MountPoints2 \MyComputer \NewShortcutHandlers \PropSummary \PublishingWizard \RecentDocs \RunMRU \Shell Folders \ShellImageView \SmallIcons \StartPage \StreamMRU \Streams \StuckRects2 \tips \TrayNotify \User Shell Folders \UserAssist \VisualEffects \Wallpaper \WebView \WorkgroupCrawler \SessionInfo >>>>Output for AddOn file SID_Run_Policies.def<<<< HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run - No SUBKEYS [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run - No SUBKEYS [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies - Include SUBKEYS [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies] Policies\Explorer\\NoDriveTypeAutoRun - 145 HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies - Include SUBKEYS [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies] Policies\Explorer\\NoDriveTypeAutoRun - 145 >>>>Output for AddOn file Svc_Tcpip.def<<<< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip - Include SUBKEYS [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip] Tcpip\\Type - 1 Tcpip\\Start - 1 Tcpip\\ErrorControl - 1 Tcpip\\Tag - 3 Tcpip\\ImagePath - system32\DRIVERS\tcpip.sys Tcpip\\DisplayName - TCP/IP Protocol Driver Tcpip\\Group - PNP_TDI Tcpip\\DependOnService - IPSec; Tcpip\\DependOnGroup - Tcpip\\Description - TCP/IP Protocol Driver Tcpip\Linkage\\Bind - \Device\{30B41D9D-62B8-450A-8425-17C9A8956422};\Device\{E454848F-8496-479A-A49E-EF2E6AC32203};\Device\{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37};\Device\NdisWanIp; Tcpip\Linkage\\Route - "{30B41D9D-62B8-450A-8425-17C9A8956422}";"{E454848F-8496-479A-A49E-EF2E6AC32203}";"{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37}";"NdisWanIp"; Tcpip\Linkage\\Export - \Device\Tcpip_{30B41D9D-62B8-450A-8425-17C9A8956422};\Device\Tcpip_{E454848F-8496-479A-A49E-EF2E6AC32203};\Device\Tcpip_{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37};\Device\Tcpip_{806D2A77-DA02-437A-8697-82CEA873675A};\Device\Tcpip_{5AB0B083-40AF-4683-96A9-1B28EF6F403D}; Tcpip\Parameters\\NV Hostname - your-55e5f9e3d2 Tcpip\Parameters\\DataBasePath - %SystemRoot%\System32\drivers\etc Tcpip\Parameters\\NameServer - Tcpip\Parameters\\ForwardBroadcasts - 0 Tcpip\Parameters\\IPEnableRouter - 0 Tcpip\Parameters\\Domain - Tcpip\Parameters\\Hostname - your-55e5f9e3d2 Tcpip\Parameters\\SearchList - Tcpip\Parameters\\UseDomainNameDevolution - 1 Tcpip\Parameters\\EnableICMPRedirect - 1 Tcpip\Parameters\\DeadGWDetectDefault - 1 Tcpip\Parameters\\DontAddDefaultGatewayDefault - 0 Tcpip\Parameters\\EnableSecurityFilters - 0 Tcpip\Parameters\\EnablePMTUDiscovery - 1 Tcpip\Parameters\\TcpWindowSize - 20888 Tcpip\Parameters\\SackOpts - 1 Tcpip\Parameters\\DhcpNameServer - 64.59.144.92 64.59.144.93 Tcpip\Parameters\\DhcpDomain - vn.shawcable.net Tcpip\Parameters\Adapters\NdisWanIp\\LLInterface - WANARP Tcpip\Parameters\Adapters\NdisWanIp\\IpConfig - Tcpip\Parameters\Interfaces\{806D2A77-DA02-437A-8697-82CEA873675A};Tcpip\Parameters\Interfaces\{5AB0B083-40AF-4683-96A9-1B28EF6F403D}; Tcpip\Parameters\Adapters\NdisWanIp\\NumInterfaces - 2 Tcpip\Parameters\Adapters\NdisWanIp\\IpInterfaces - 77 2A 6D 80 02 DA 7A 43 86 97 82 CE A8 73 67 5A 83 B0 B0 5A AF 40 83 46 96 A9 1B 28 EF 6F 40 3D Tcpip\Parameters\Adapters\{30B41D9D-62B8-450A-8425-17C9A8956422}\\LLInterface - ARP1394 Tcpip\Parameters\Adapters\{30B41D9D-62B8-450A-8425-17C9A8956422}\\IpConfig - Tcpip\Parameters\Interfaces\{30B41D9D-62B8-450A-8425-17C9A8956422}; Tcpip\Parameters\Adapters\{32382C74-6CCE-4FD9-91F6-87188DFA2095}\\LLInterface - Tcpip\Parameters\Adapters\{32382C74-6CCE-4FD9-91F6-87188DFA2095}\\IpConfig - Tcpip\Parameters\Interfaces\{32382C74-6CCE-4FD9-91F6-87188DFA2095}; Tcpip\Parameters\Adapters\{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37}\\LLInterface - Tcpip\Parameters\Adapters\{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37}\\IpConfig - Tcpip\Parameters\Interfaces\{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37}; Tcpip\Parameters\Adapters\{E454848F-8496-479A-A49E-EF2E6AC32203}\\LLInterface - Tcpip\Parameters\Adapters\{E454848F-8496-479A-A49E-EF2E6AC32203}\\IpConfig - Tcpip\Parameters\Interfaces\{E454848F-8496-479A-A49E-EF2E6AC32203}; Tcpip\Parameters\Interfaces\{30B41D9D-62B8-450A-8425-17C9A8956422}\\UseZeroBroadcast - 0 Tcpip\Parameters\Interfaces\{30B41D9D-62B8-450A-8425-17C9A8956422}\\EnableDHCP - 1 Tcpip\Parameters\Interfaces\{30B41D9D-62B8-450A-8425-17C9A8956422}\\IPAddress - 0.0.0.0; Tcpip\Parameters\Interfaces\{30B41D9D-62B8-450A-8425-17C9A8956422}\\SubnetMask - 0.0.0.0; Tcpip\Parameters\Interfaces\{30B41D9D-62B8-450A-8425-17C9A8956422}\\DefaultGateway - Tcpip\Parameters\Interfaces\{30B41D9D-62B8-450A-8425-17C9A8956422}\\DefaultGatewayMetric - Tcpip\Parameters\Interfaces\{30B41D9D-62B8-450A-8425-17C9A8956422}\\NameServer - Tcpip\Parameters\Interfaces\{30B41D9D-62B8-450A-8425-17C9A8956422}\\Domain - Tcpip\Parameters\Interfaces\{30B41D9D-62B8-450A-8425-17C9A8956422}\\RegistrationEnabled - 1 Tcpip\Parameters\Interfaces\{30B41D9D-62B8-450A-8425-17C9A8956422}\\RegisterAdapterName - 0 Tcpip\Parameters\Interfaces\{30B41D9D-62B8-450A-8425-17C9A8956422}\\TCPAllowedPorts - 0; Tcpip\Parameters\Interfaces\{30B41D9D-62B8-450A-8425-17C9A8956422}\\UDPAllowedPorts - 0; Tcpip\Parameters\Interfaces\{30B41D9D-62B8-450A-8425-17C9A8956422}\\RawIPAllowedProtocols - 0; Tcpip\Parameters\Interfaces\{30B41D9D-62B8-450A-8425-17C9A8956422}\\MTU - 1492 Tcpip\Parameters\Interfaces\{30B41D9D-62B8-450A-8425-17C9A8956422}\\TcpWindowSize - 20888 Tcpip\Parameters\Interfaces\{32382C74-6CCE-4FD9-91F6-87188DFA2095}\\UseZeroBroadcast - 0 Tcpip\Parameters\Interfaces\{32382C74-6CCE-4FD9-91F6-87188DFA2095}\\EnableDeadGWDetect - 1 Tcpip\Parameters\Interfaces\{32382C74-6CCE-4FD9-91F6-87188DFA2095}\\EnableDHCP - 1 Tcpip\Parameters\Interfaces\{32382C74-6CCE-4FD9-91F6-87188DFA2095}\\IPAddress - 0.0.0.0; Tcpip\Parameters\Interfaces\{32382C74-6CCE-4FD9-91F6-87188DFA2095}\\SubnetMask - 0.0.0.0; Tcpip\Parameters\Interfaces\{32382C74-6CCE-4FD9-91F6-87188DFA2095}\\DefaultGateway - Tcpip\Parameters\Interfaces\{32382C74-6CCE-4FD9-91F6-87188DFA2095}\\DefaultGatewayMetric - Tcpip\Parameters\Interfaces\{32382C74-6CCE-4FD9-91F6-87188DFA2095}\\NameServer - Tcpip\Parameters\Interfaces\{32382C74-6CCE-4FD9-91F6-87188DFA2095}\\Domain - Tcpip\Parameters\Interfaces\{32382C74-6CCE-4FD9-91F6-87188DFA2095}\\RegistrationEnabled - 1 Tcpip\Parameters\Interfaces\{32382C74-6CCE-4FD9-91F6-87188DFA2095}\\RegisterAdapterName - 0 Tcpip\Parameters\Interfaces\{32382C74-6CCE-4FD9-91F6-87188DFA2095}\\TCPAllowedPorts - 0; Tcpip\Parameters\Interfaces\{32382C74-6CCE-4FD9-91F6-87188DFA2095}\\UDPAllowedPorts - 0; Tcpip\Parameters\Interfaces\{32382C74-6CCE-4FD9-91F6-87188DFA2095}\\RawIPAllowedProtocols - 0; Tcpip\Parameters\Interfaces\{32382C74-6CCE-4FD9-91F6-87188DFA2095}\\NTEContextList - Tcpip\Parameters\Interfaces\{32382C74-6CCE-4FD9-91F6-87188DFA2095}\\DhcpClassIdBin - Tcpip\Parameters\Interfaces\{32382C74-6CCE-4FD9-91F6-87188DFA2095}\\MTU - 1492 Tcpip\Parameters\Interfaces\{32382C74-6CCE-4FD9-91F6-87188DFA2095}\\TcpWindowSize - 20888 Tcpip\Parameters\Interfaces\{5AB0B083-40AF-4683-96A9-1B28EF6F403D}\\UseZeroBroadcast - 0 Tcpip\Parameters\Interfaces\{5AB0B083-40AF-4683-96A9-1B28EF6F403D}\\EnableDHCP - 0 Tcpip\Parameters\Interfaces\{5AB0B083-40AF-4683-96A9-1B28EF6F403D}\\IPAddress - 0.0.0.0; Tcpip\Parameters\Interfaces\{5AB0B083-40AF-4683-96A9-1B28EF6F403D}\\SubnetMask - 0.0.0.0; Tcpip\Parameters\Interfaces\{5AB0B083-40AF-4683-96A9-1B28EF6F403D}\\DefaultGateway - Tcpip\Parameters\Interfaces\{5AB0B083-40AF-4683-96A9-1B28EF6F403D}\\EnableDeadGWDetect - 1 Tcpip\Parameters\Interfaces\{5AB0B083-40AF-4683-96A9-1B28EF6F403D}\\DontAddDefaultGateway - 0 Tcpip\Parameters\Interfaces\{5AB0B083-40AF-4683-96A9-1B28EF6F403D}\\MTU - 1492 Tcpip\Parameters\Interfaces\{5AB0B083-40AF-4683-96A9-1B28EF6F403D}\\TcpWindowSize - 20888 Tcpip\Parameters\Interfaces\{806D2A77-DA02-437A-8697-82CEA873675A}\\UseZeroBroadcast - 0 Tcpip\Parameters\Interfaces\{806D2A77-DA02-437A-8697-82CEA873675A}\\EnableDHCP - 0 Tcpip\Parameters\Interfaces\{806D2A77-DA02-437A-8697-82CEA873675A}\\IPAddress - 0.0.0.0; Tcpip\Parameters\Interfaces\{806D2A77-DA02-437A-8697-82CEA873675A}\\SubnetMask - 0.0.0.0; Tcpip\Parameters\Interfaces\{806D2A77-DA02-437A-8697-82CEA873675A}\\DefaultGateway - Tcpip\Parameters\Interfaces\{806D2A77-DA02-437A-8697-82CEA873675A}\\EnableDeadGWDetect - 1 Tcpip\Parameters\Interfaces\{806D2A77-DA02-437A-8697-82CEA873675A}\\DontAddDefaultGateway - 0 Tcpip\Parameters\Interfaces\{806D2A77-DA02-437A-8697-82CEA873675A}\\MTU - 1492 Tcpip\Parameters\Interfaces\{806D2A77-DA02-437A-8697-82CEA873675A}\\TcpWindowSize - 20888 Tcpip\Parameters\Interfaces\{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37}\\UseZeroBroadcast - 0 Tcpip\Parameters\Interfaces\{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37}\\EnableDeadGWDetect - 1 Tcpip\Parameters\Interfaces\{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37}\\EnableDHCP - 1 Tcpip\Parameters\Interfaces\{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37}\\IPAddress - 0.0.0.0; Tcpip\Parameters\Interfaces\{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37}\\SubnetMask - 0.0.0.0; Tcpip\Parameters\Interfaces\{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37}\\DefaultGateway - Tcpip\Parameters\Interfaces\{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37}\\DefaultGatewayMetric - Tcpip\Parameters\Interfaces\{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37}\\NameServer - Tcpip\Parameters\Interfaces\{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37}\\Domain - Tcpip\Parameters\Interfaces\{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37}\\RegistrationEnabled - 1 Tcpip\Parameters\Interfaces\{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37}\\RegisterAdapterName - 0 Tcpip\Parameters\Interfaces\{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37}\\TCPAllowedPorts - 0; Tcpip\Parameters\Interfaces\{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37}\\UDPAllowedPorts - 0; Tcpip\Parameters\Interfaces\{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37}\\RawIPAllowedProtocols - 0; Tcpip\Parameters\Interfaces\{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37}\\NTEContextList - 0x00000002; Tcpip\Parameters\Interfaces\{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37}\\DhcpClassIdBin - Tcpip\Parameters\Interfaces\{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37}\\DhcpServer - 10.1.1.1 Tcpip\Parameters\Interfaces\{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37}\\Lease - 600 Tcpip\Parameters\Interfaces\{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37}\\LeaseObtainedTime - 1120286053 Tcpip\Parameters\Interfaces\{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37}\\T1 - 1120286353 Tcpip\Parameters\Interfaces\{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37}\\T2 - 1120286578 Tcpip\Parameters\Interfaces\{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37}\\LeaseTerminatesTime - 1120286653 Tcpip\Parameters\Interfaces\{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37}\\IPAutoconfigurationAddress - 0.0.0.0 Tcpip\Parameters\Interfaces\{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37}\\IPAutoconfigurationMask - 255.255.0.0 Tcpip\Parameters\Interfaces\{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37}\\IPAutoconfigurationSeed - 0 Tcpip\Parameters\Interfaces\{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37}\\AddressType - 0 Tcpip\Parameters\Interfaces\{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37}\\DhcpIPAddress - 10.1.2.213 Tcpip\Parameters\Interfaces\{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37}\\DhcpSubnetMask - 255.255.252.0 Tcpip\Parameters\Interfaces\{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37}\\DhcpDomain - sgt.cpqcorp.net Tcpip\Parameters\Interfaces\{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37}\\DhcpSubnetMaskOpt - 255.255.252.0; Tcpip\Parameters\Interfaces\{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37}\\MTU - 1492 Tcpip\Parameters\Interfaces\{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37}\\TcpWindowSize - 20888 Tcpip\Parameters\Interfaces\{E454848F-8496-479A-A49E-EF2E6AC32203}\\UseZeroBroadcast - 0 Tcpip\Parameters\Interfaces\{E454848F-8496-479A-A49E-EF2E6AC32203}\\EnableDeadGWDetect - 1 Tcpip\Parameters\Interfaces\{E454848F-8496-479A-A49E-EF2E6AC32203}\\EnableDHCP - 1 Tcpip\Parameters\Interfaces\{E454848F-8496-479A-A49E-EF2E6AC32203}\\IPAddress - 0.0.0.0; Tcpip\Parameters\Interfaces\{E454848F-8496-479A-A49E-EF2E6AC32203}\\SubnetMask - 0.0.0.0; Tcpip\Parameters\Interfaces\{E454848F-8496-479A-A49E-EF2E6AC32203}\\DefaultGateway - Tcpip\Parameters\Interfaces\{E454848F-8496-479A-A49E-EF2E6AC32203}\\DefaultGatewayMetric - Tcpip\Parameters\Interfaces\{E454848F-8496-479A-A49E-EF2E6AC32203}\\NameServer - Tcpip\Parameters\Interfaces\{E454848F-8496-479A-A49E-EF2E6AC32203}\\Domain - Tcpip\Parameters\Interfaces\{E454848F-8496-479A-A49E-EF2E6AC32203}\\RegistrationEnabled - 1 Tcpip\Parameters\Interfaces\{E454848F-8496-479A-A49E-EF2E6AC32203}\\RegisterAdapterName - 0 Tcpip\Parameters\Interfaces\{E454848F-8496-479A-A49E-EF2E6AC32203}\\TCPAllowedPorts - 0; Tcpip\Parameters\Interfaces\{E454848F-8496-479A-A49E-EF2E6AC32203}\\UDPAllowedPorts - 0; Tcpip\Parameters\Interfaces\{E454848F-8496-479A-A49E-EF2E6AC32203}\\RawIPAllowedProtocols - 0; Tcpip\Parameters\Interfaces\{E454848F-8496-479A-A49E-EF2E6AC32203}\\NTEContextList - 0x00000002; Tcpip\Parameters\Interfaces\{E454848F-8496-479A-A49E-EF2E6AC32203}\\DhcpClassIdBin - Tcpip\Parameters\Interfaces\{E454848F-8496-479A-A49E-EF2E6AC32203}\\DhcpServer - 64.59.144.80 Tcpip\Parameters\Interfaces\{E454848F-8496-479A-A49E-EF2E6AC32203}\\Lease - 86593 Tcpip\Parameters\Interfaces\{E454848F-8496-479A-A49E-EF2E6AC32203}\\LeaseObtainedTime - 1160778231 Tcpip\Parameters\Interfaces\{E454848F-8496-479A-A49E-EF2E6AC32203}\\T1 - 1160821527 Tcpip\Parameters\Interfaces\{E454848F-8496-479A-A49E-EF2E6AC32203}\\T2 - 1160853999 Tcpip\Parameters\Interfaces\{E454848F-8496-479A-A49E-EF2E6AC32203}\\LeaseTerminatesTime - 1160864824 Tcpip\Parameters\Interfaces\{E454848F-8496-479A-A49E-EF2E6AC32203}\\IPAutoconfigurationAddress - 0.0.0.0 Tcpip\Parameters\Interfaces\{E454848F-8496-479A-A49E-EF2E6AC32203}\\IPAutoconfigurationMask - 255.255.0.0 Tcpip\Parameters\Interfaces\{E454848F-8496-479A-A49E-EF2E6AC32203}\\IPAutoconfigurationSeed - 0 Tcpip\Parameters\Interfaces\{E454848F-8496-479A-A49E-EF2E6AC32203}\\AddressType - 0 Tcpip\Parameters\Interfaces\{E454848F-8496-479A-A49E-EF2E6AC32203}\\MTU - 1492 Tcpip\Parameters\Interfaces\{E454848F-8496-479A-A49E-EF2E6AC32203}\\TcpWindowSize - 20888 Tcpip\Parameters\Interfaces\{E454848F-8496-479A-A49E-EF2E6AC32203}\\DhcpIPAddress - 24.87.58.39 Tcpip\Parameters\Interfaces\{E454848F-8496-479A-A49E-EF2E6AC32203}\\DhcpSubnetMask - 255.255.252.0 Tcpip\Parameters\Interfaces\{E454848F-8496-479A-A49E-EF2E6AC32203}\\DhcpNameServer - 64.59.144.92 64.59.144.93 Tcpip\Parameters\Interfaces\{E454848F-8496-479A-A49E-EF2E6AC32203}\\DhcpDefaultGateway - 24.87.56.1; Tcpip\Parameters\Interfaces\{E454848F-8496-479A-A49E-EF2E6AC32203}\\DhcpDomain - vn.shawcable.net Tcpip\Parameters\Interfaces\{E454848F-8496-479A-A49E-EF2E6AC32203}\\DhcpSubnetMaskOpt - 255.255.252.0; Tcpip\Parameters\Winsock\\UseDelayedAcceptance - 0 Tcpip\Parameters\Winsock\\HelperDllName - %SystemRoot%\System32\wshtcpip.dll Tcpip\Parameters\Winsock\\MaxSockAddrLength - 16 Tcpip\Parameters\Winsock\\MinSockAddrLength - 16 Tcpip\Parameters\Winsock\\Mapping - 0B 00 00 00 03 00 00 00 02 00 00 00 01 00 00 00 06 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 01 00 00 00 06 00 00 00 02 00 00 00 02 00 00 00 11 00 00 00 02 00 00 00 02 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 02 00 00 00 11 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 Tcpip\Performance\\Close - CloseTcpIpPerformanceData Tcpip\Performance\\Collect - CollectTcpIpPerformanceData Tcpip\Performance\\Library - Perfctrs.dll Tcpip\Performance\\Open - OpenTcpIpPerformanceData Tcpip\Performance\\Object List - 502 510 546 582 638 658 Tcpip\Performance\\WbemAdapFileSignature - 96 49 2C 72 1C 6E A5 17 E2 BF D5 38 1F EF 55 E3 Tcpip\Performance\\WbemAdapFileTime - 00 88 7C E3 96 7E C4 01 Tcpip\Performance\\WbemAdapFileSize - 39936 Tcpip\Performance\\WbemAdapStatus - 0 Tcpip\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 Tcpip\ServiceProvider\\Class - 8 Tcpip\ServiceProvider\\DnsPriority - 2000 Tcpip\ServiceProvider\\HostsPriority - 500 Tcpip\ServiceProvider\\LocalPriority - 499 Tcpip\ServiceProvider\\ProviderPath - %SystemRoot%\System32\wsock32.dll Tcpip\ServiceProvider\\NetbtPriority - 2001 Tcpip\ServiceProvider\\Name - TCP/IP Tcpip\Enum\\0 - Root\LEGACY_TCPIP\0000 Tcpip\Enum\\Count - 1 Tcpip\Enum\\NextInstance - 1 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters - No SUBKEYS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters] Parameters\\NV Hostname - your-55e5f9e3d2 Parameters\\DataBasePath - %SystemRoot%\System32\drivers\etc Parameters\\NameServer - Parameters\\ForwardBroadcasts - 0 Parameters\\IPEnableRouter - 0 Parameters\\Domain - Parameters\\Hostname - your-55e5f9e3d2 Parameters\\SearchList - Parameters\\UseDomainNameDevolution - 1 Parameters\\EnableICMPRedirect - 1 Parameters\\DeadGWDetectDefault - 1 Parameters\\DontAddDefaultGatewayDefault - 0 Parameters\\EnableSecurityFilters - 0 Parameters\\EnablePMTUDiscovery - 1 Parameters\\TcpWindowSize - 20888 Parameters\\SackOpts - 1 Parameters\\DhcpNameServer - 64.59.144.92 64.59.144.93 Parameters\\DhcpDomain - vn.shawcable.net \Adapters \DNSRegisteredAdapters \Interfaces \PersistentRoutes \Winsock HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters - No SUBKEYS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters] Parameters\\NV Hostname - your-55e5f9e3d2 Parameters\\DataBasePath - %SystemRoot%\System32\drivers\etc Parameters\\NameServer - Parameters\\ForwardBroadcasts - 0 Parameters\\IPEnableRouter - 0 Parameters\\Domain - Parameters\\Hostname - your-55e5f9e3d2 Parameters\\SearchList - Parameters\\UseDomainNameDevolution - 1 Parameters\\EnableICMPRedirect - 1 Parameters\\DeadGWDetectDefault - 1 Parameters\\DontAddDefaultGatewayDefault - 0 Parameters\\EnableSecurityFilters - 0 Parameters\\EnablePMTUDiscovery - 1 Parameters\\TcpWindowSize - 20888 Parameters\\SackOpts - 1 Parameters\\DhcpNameServer - 64.59.144.92 64.59.144.93 Parameters\\DhcpDomain - vn.shawcable.net \Adapters \DNSRegisteredAdapters \Interfaces \PersistentRoutes \Winsock DIR C:\WINDOWS\system32\drivers\etc\*.* (Parameters = ) C:\WINDOWS\system32\drivers\etc\hosts( ()) C:\WINDOWS\system32\drivers\etc\hosts.bak( ()) C:\WINDOWS\system32\drivers\etc\lmhosts.sam( ()) C:\WINDOWS\system32\drivers\etc\networks( ()) C:\WINDOWS\system32\drivers\etc\protocol( ()) C:\WINDOWS\system32\drivers\etc\services( ()) >>>>Output for AddOn file SvcHost_Check.def<<<< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - No SUBKEYS [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost] Svchost\\HTTPFilter - HTTPFilter; Svchost\\LocalService - Alerter;WebClient;LmHosts;RemoteRegistry;upnphost;SSDPSRV; Svchost\\NetworkService - DnsCache; Svchost\\netsvcs - 6to4;AppMgmt;AudioSrv;Browser;CryptSvc;DMServer;DHCP;ERSvc;EventSystem;FastUserSwitchingCompatibility;HidServ;Ias;Iprip;Irmon;LanmanServer;LanmanWorkstation;Messenger;Netman;Nla;Ntmssvc;NWCWorkstation;Nwsapagent;Rasauto;Rasman;Remoteaccess;Schedule;Seclogon;SENS;Sharedaccess;SRService;Tapisrv;Themes;TrkWks;W32Time;WZCSVC;Wmi;WmdmPmSp;winmgmt;wscsvc;xmlprov;MHN;BITS;wuauserv;ShellHWDetection;helpsvc;WmdmPmSN; Svchost\\DcomLaunch - DcomLaunch;TermService; Svchost\\rpcss - RpcSs; Svchost\\imgsvc - StiSvc; Svchost\\termsvcs - TermService; Svchost\\Usnsvc - usnsvc; Svchost\\WudfServiceGroup - WUDFSvc; \DComLaunch \HTTPFilter \LocalService \netsvcs \PCHealth \termsvcs >>>>Output for AddOn file SystemRestore.def<<<< HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestore - Include SUBKEYS HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestore - not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr - Include SUBKEYS [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr] sr\\Type - 2 sr\\Start - 0 sr\\ErrorControl - 1 sr\\Tag - 4 sr\\ImagePath - system32\DRIVERS\sr.sys sr\\DisplayName - System Restore Filter Driver sr\\Group - FSFilter System Recovery sr\Parameters\\FirstRun - 0 sr\Parameters\\DontBackup - 0 sr\Parameters\\MachineGuid - {B9823275-D858-498B-A4DC-C4EEDA322F67} sr\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 sr\Enum\\0 - Root\LEGACY_SR\0000 sr\Enum\\Count - 1 sr\Enum\\NextInstance - 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Enum\Root\LEGACY_SR - Include SUBKEYS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Enum\Root\LEGACY_SR - not found. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sr - Include SUBKEYS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sr] sr\\Type - 2 sr\\Start - 0 sr\\ErrorControl - 1 sr\\Tag - 4 sr\\ImagePath - system32\DRIVERS\sr.sys sr\\DisplayName - System Restore Filter Driver sr\\Group - FSFilter System Recovery sr\Parameters\\FirstRun - 0 sr\Parameters\\DontBackup - 0 sr\Parameters\\MachineGuid - {B9823275-D858-498B-A4DC-C4EEDA322F67} sr\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Enum\Root\LEGACY_SR - Include SUBKEYS HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Enum\Root\LEGACY_SR - not found. >>>>Output for AddOn file ZoneMap.def<<<< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - No SUBKEYS [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] ProtocolDefaults\\ - ProtocolDefaults\\http - 3 ProtocolDefaults\\https - 3 ProtocolDefaults\\ftp - 3 ProtocolDefaults\\file - 3 ProtocolDefaults\\@ivt - 1 ProtocolDefaults\\shell - 0 HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - No SUBKEYS [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] ProtocolDefaults\\ - ProtocolDefaults\\http - 3 ProtocolDefaults\\https - 3 ProtocolDefaults\\ftp - 3 ProtocolDefaults\\file - 3 ProtocolDefaults\\@ivt - 1 ProtocolDefaults\\shell - 0 »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»