Logfile created on: 10/30/2006 12:12
WinPFind2 by OldTimer - Version 1.0.12 Folder = C:\Documents and Settings\Administrator\Desktop\WinPFind2\
Microsoft Windows 2000 Service Pack 4 (Version = 5.0.2195)
Internet Explorer (Version = 6.0.2800.1106)
< Processes (Non-Microsoft Only) >
c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe - (Anti-Malware Development a.s. )
c:\program files\common files\symantec shared\ccevtmgr.exe - (Symantec Corporation )
c:\program files\common files\symantec shared\ccsetmgr.exe - (Symantec Corporation )
c:\winnt\system32\cpqnimgt\cpqnimgt.exe - (Hewlett-Packard Company )
c:\winnt\system32\cpqrcmc.exe - (Compaq )
c:\winnt\system32\cpqmgmt\cpqwmgmt.exe - (HP Corporation )
c:\winnt\system32\cpqmgmt\cqmghost\cqmghost.exe - (Hewlett-Packard Company )
c:\winnt\system32\cpqmgmt\cqmgserv\cqmgserv.exe - (Hewlett-Packard Company )
c:\winnt\system32\cpqmgmt\cqmgstor\cqmgstor.exe - (Hewlett-Packard Company )
c:\program files\symantec antivirus\defwatch.exe - (Symantec Corporation )
c:\program files\grisoft\avg anti-spyware 7.5\guard.exe - (Anti-Malware Development a.s. )
c:\compaq\hpdiags\hpdiags.exe - ( )
c:\program files\java\j2re1.4.2_01\bin\jusched.exe - ( )
c:\program files\compaq\securepath\agent\securepathagent.exe - (Hewlett Packard Corporation )
c:\winnt\system32\sysdown.exe - (Compaq Computer Corporation )
c:\program files\tapeware\twwinsdr.exe - ( )
c:\compaq\vcagent\vcagent.exe - (Hewlett-Packard Company )
c:\documents and settings\administrator\desktop\winpfind2\winpfind2.exe - (OldTimer Tools )
c:\program files\realvnc\vnc4\winvnc4.exe - (RealVNC Ltd. )
< Registry Entries >
[>> Internet Explorer Settings <<]
HKLM->Main\\Start Page - about:blank
HKLM->Main\\Search Page -
http://www.microsoft...amp;ar=iesearch HKLM->Main\\Default_Page_URL -
http://www.microsoft...p...&ar=msnhome HKLM->Main\\Default_Search_URL -
http://www.microsoft...amp;ar=iesearch HKLM->Main\\Local Page - C:\WINNT\SYSTEM32\blank.htm
HKCU->Main\\Start Page -
http://www.microsoft...p...&ar=msnhome HKCU->Main\\Search Page -
http://www.microsoft...amp;ar=iesearch HKCU->Main\\Default_Search_URL -
http://www.microsoft.com/isapi HKCU->Main\\Local Page - C:\WINNT\SYSTEM32\blank.htm
HKLM->Search\\CustomizeSearch -
http://ie.search.msn...st/srchcust.htm HKLM->Search\\SearchAssistant -
http://ie.search.msn...st/srchasst.htm HKCU->URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation )
HKCU->Internet Settings\\ProxyEnable - 0
[>> BHO's <<]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} - Yahoo! Toolbar Helper = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc. )
[>> Internet Explorer Bars, Toolbars and Extensions <<]
[HKLM-> Internet Explorer Bars]
{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation )
[HKCU-> Internet Explorer Bars]
{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )
{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File and Folders Search ActiveX Control = C:\WINNT\system32\shell32.dll (Microsoft Corporation )
{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation )
[HKLM-> Internet Explorer ToolBars]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc. )
[HKCU-> Internet Explorer ToolBars]
ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )
ShellBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )
WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )
WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc. )
[HKCU-> Internet Explorer CmdMapping]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8193 - Reg Data - Key not found
NextId - 8194
[>> Approved Shell Extensions (Non-Microsoft only) <<]
[HKLM-> Approved Shell Extensions]
{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll (File not found)
{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = Reg Data - Key not found (File not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = Reg Data - Key not found (File not found)
{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINNT\System32\hticons.dll (Hilgraeve, Inc. )
{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ( )
{BDA77241-42F6-11d0-85E2-00AA001FE28C} - LDVP Shell Extensions = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll (Symantec Corporation )
[>> ContextMenuHandlers (Non-Microsoft only) <<]
[HKLM-> ContextMenuHandlers]
* - AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s. )
* - LDVPMenu - {BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll (Symantec Corporation )
* - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
Directory - AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s. )
Directory - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
Folder - LDVPMenu - {BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll (Symantec Corporation )
Folder - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
[>> ColumnHandlers (Non-Microsoft only) <<]
[HKLM-> ColumnHandlers]
[>> File Associations Keys <<]
HKLM->SOFTWARE\Classes\.bat\\'' - batfile
HKLM->SOFTWARE\Classes\batfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.cmd\\'' - cmdfile
HKLM->SOFTWARE\Classes\cmdfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.com\\'' - comfile
HKLM->SOFTWARE\Classes\comfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.exe\\'' - exefile
HKLM->SOFTWARE\Classes\exefile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.hta\\'' - htafile
HKLM->SOFTWARE\Classes\htafile\shell\open\command\\'' - C:\WINNT\system32\mshta.exe "%1" %*
HKLM->SOFTWARE\Classes\.js\\'' - JSFile
HKLM->SOFTWARE\Classes\jsfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.jse\\'' - JSEFile
HKLM->SOFTWARE\Classes\jsefile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.scr\\'' - scrfile
HKLM->SOFTWARE\Classes\scrfile\shell\open\command\\'' - "%1" /S
HKLM->SOFTWARE\Classes\.vbe\\'' - VBEFile
HKLM->SOFTWARE\Classes\vbefile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.vbs\\'' - VBSFile
HKLM->SOFTWARE\Classes\vbsfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.wsf\\'' - WSFFile
HKLM->SOFTWARE\Classes\wsffile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.wsh\\'' - WSHFile
HKLM->SOFTWARE\Classes\wshfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.txt\\'' - txtfile
HKLM->SOFTWARE\Classes\txtfile\shell\open\command\\'' - %SystemRoot%\system32\NOTEPAD.EXE %1
[>> Registry Run Keys <<]
HKLM->Run\\!AVG Anti-Spyware - "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized (Anti-Malware Development a.s. )
HKLM->Run\\SunJavaUpdateSched - C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe ( )
HKCU->Run\\ccleaner - "C:\Program Files\CCleaner\ccleaner.exe" /AUTO (File not found)
[>> Miscellaneous Startup Keys <<]
[AppInit DLLs]
AppInit_DLL - RPCRT3.dll (File not found)
[Image File Execution Options]
Your Image File Name Here without a path - Debugger = ntsd -d
[Shell Service Object Delay Load]
Network.ConnectionTray - {7007ACCF-3202-11D1-AAD2-00805FC1270E} = C:\WINNT\system32\NETSHELL.dll (Microsoft Corporation )
SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = stobject.dll (Microsoft Corporation )
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll (Microsoft Corporation )
[Shell Execute Hooks]
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s. )
{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation )
[Shared Task Scheduler]
{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )
{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )
[SafeBoot Option]
[HKLM Command Processor AutoRun]
HKLM->Command Processor\\AutoRun -
[HKCU Command Processor AutoRun]
[Security Providers]
SecurityProviders\\SecurityProviders - msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
[BootExecute]
Session Manager\\BootExecute - DfsInit;
[PendingFileRenameOperations]
[FileRenameOperations]
[ExcludeFromKnownDlls]
Session Manager\\ExcludeFromKnownDlls -
[>> Disabled MSConfig Items <<]
StartUpReg\AtiPTA - AtiPTA = Atiptaxx.exe (ATI Technologies, Inc. )
StartUpReg\CPQTEAM - CPQTEAM = cpqteam.exe (Hewlett-Packard Company )
[>> User Agent Post Platform <<]
[>> Winlogon <<]
HMLM->AltDefaultDomainName - BISSAUSMSCDB2
HMLM->AltDefaultUserName - Administrator
HMLM->AutoAdminLogon - 0
HMLM->DefaultDomainName - BISSAUSMSCDB2
HMLM->DefaultUserName - Administrator
HKLM->Shell - Explorer.exe (Microsoft Corporation )
HKLM->System - (File not found)
HMLM->UserInit - C:\WINNT\system32\userinit.exe, (Microsoft Corporation )
HKLM->VMApplet - rundll32 shell32,Control_RunDLL "sysdm.cpl"
Notify\crypt32chain - crypt32.dll (Microsoft Corporation )
Notify\cryptnet - cryptnet.dll (Microsoft Corporation )
Notify\cscdll - cscdll.dll (Microsoft Corporation )
Notify\sclgntfy - sclgntfy.dll (Microsoft Corporation )
Notify\SensLogn - WlNotify.dll (Microsoft Corporation )
Notify\wzcnotif - wzcdlg.dll (Microsoft Corporation )
[>> DNS Name Servers <<]
{0AF4895B-CA3F-4791-859C-1E80B3331301} - 213.137.128.73,213.137.128.74 (HP NC7781 Gigabit Server Adapter)
{4CEB5FBB-7891-4093-AA6E-9A230F0A10C4} - (HP NC7771 Gigabit Server Adapter)
{862EDDDE-DE83-4A0E-8B70-4AAF9E543B42} - (HP NC7781 Gigabit Server Adapter)
[>> All Winsock2 Catalogs <<]
NameSpace_Catalog5\Catalog_Entries\000000000001 (Tcpip) - %SystemRoot%\System32\rnr20.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000002 (NTDS) - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
[>> Protocol Handlers (Non-Microsoft only) <<]
hpapp - C:\Program Files\Compaq\Cpqacuxe\Bin\hpapp.dll (Hewlett-Packard Company )
hpapp\Apps - (File not found)
ipp - (File not found)
msdaipp - (File not found)
vnd.ms.radio - C:\WINNT\System32\msdxm.ocx ( )
[>> Protocol Filters (Non-Microsoft only) <<]
< Services (Non-Microsoft Only) >
AVG Anti-Spyware Guard (AVG Anti-Spyware Guard) - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (Anti-Malware Development a.s. ) [Automatic - Running - Win32, running in it's own process]
Symantec Event Manager (ccEvtMgr) - "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Symantec Settings Manager (ccSetMgr) - "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
HP Insight NIC Agent (CpqNicMgmt) - C:\WINNT\System32\CPQNiMgt\cpqnimgt.exe (Hewlett-Packard Company ) [Automatic - Running - Win32, running in it's own process]
Compaq Remote Monitor Service (CpqRcmc) - C:\WINNT\System32\CpqRcmc.exe (Compaq ) [Automatic - Running - Win32, running in it's own process]
HP Version Control Agent (cpqvcagent) - C:\Compaq\vcagent\vcagent.exe (Hewlett-Packard Company ) [Automatic - Running - Win32, running in it's own process]
HP Insight Web Agent (CpqWebMgmt) - C:\WINNT\System32\CPQMgmt\cpqwmgmt.exe (HP Corporation ) [Automatic - Running - Win32, running in it's own process]
HP Insight Foundation Agent (CqMgHost) - C:\WINNT\System32\CPQMgmt\CqMgHost\cqmghost.exe (Hewlett-Packard Company ) [Automatic - Running - Win32, running in it's own process]
HP Insight Server Agents (CqMgServ) - C:\WINNT\System32\CPQMgmt\CqMgServ\cqmgserv.exe (Hewlett-Packard Company ) [Automatic - Running - Win32, running in it's own process]
HP Insight Storage Agents (CqMgStor) - C:\WINNT\System32\CPQMgmt\CqMgStor\cqmgstor.exe (Hewlett-Packard Company ) [Automatic - Running - Win32, running in it's own process]
Symantec AntiVirus Definition Watcher (DefWatch) - "C:\Program Files\Symantec AntiVirus\DefWatch.exe" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
HP Insight Diagnostics (hpdiags) - C:\compaq\hpdiags\hpdiags.exe -ntservice_s -l en ( ) [Automatic - Running - Win32, running in it's own process]
Secure Path Agent (SecurePathAgent) - C:\Program Files\Compaq\SecurePath\Agent\SecurePathAgent.exe (Hewlett Packard Corporation ) [Automatic - Running - Win32, running in it's own process]
HP ProLiant System Shutdown Service (sysdown) - C:\WINNT\System32\sysdown.exe (Compaq Computer Corporation ) [Automatic - Running - Win32, running in it's own process]
TapeWare (TapeWare) - C:\Program Files\TapeWare\TWWINSDR.EXE ( ) [Automatic - Running - Win32, running in it's own process]
VNC Server Version 4 (WinVNC4) - "C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (RealVNC Ltd. ) [Automatic - Running - Win32, running in it's own process]
< Files >
Auto-Start Folders
HKLM->Explorer\Shell Folders\\Common Startup = C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZoneAlarm Pro.lnk - C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe (Zone Labs Inc. [Ver = 3.0.091 | Size = 299040 bytes | Date = 03/15/2002 20:21 | Attr = ])
HKLM->Explorer\User Shell Folders\\Common Startup = %ALLUSERSPROFILE%\Start Menu\Programs\Startup
HKLM->Explorer\Shell Folders\\Startup = C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
HKCU->Explorer\User Shell Folders\\Startup = %USERPROFILE%\Start Menu\Programs\Startup
Miscellaneous Auto-Start Files
System.ini->[Boot]\\Shell - Explorer.exe
Miscellaneous Folders
AllUsers ApplicationData Folder
CurrentUser ApplicationData Folder
Program Files Folder
C:\Program Files\desktop.ini - ( [Ver = | Size = 271 bytes | Date = 05/01/2004 01:04 | Attr = H ])
C:\Program Files\folder.htt - ( [Ver = | Size = 21952 bytes | Date = 05/01/2004 01:04 | Attr = H ])
Common Files Folder
DPF files
{00134F72-5284-44F7-95A8-52A619F70751} - ObjWinNTCheck Class - CodeBase =
https://192.168.100....ll/WinNTChk.cab{08D75BB0-D2B5-11D1-88FC-0080C859833B} - OfficeScan Corp Edition Web-Deployment SetupINICtrl Class - CodeBase =
https://192.168.100....ll/setupini.cab{08D75BC1-D2B5-11D1-88FC-0080C859833B} - OfficeScan Corp Edition Web-Deployment SetupCtrl Class - CodeBase =
https://192.168.100....stall/setup.cab{35C3D91E-401A-4E45-88A5-F3B32CD72DF4} - Encrypt Class - CodeBase =
https://192.168.100....html/AtxEnc.cab{5EFE8CB1-D095-11D1-88FC-0080C859833B} - OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class - CodeBase =
https://192.168.100..../RemoveCtrl.cab{9D190AE6-C81E-4039-8061-978EBAD10073} - F-Secure Online Scanner 3.0 - CodeBase =
http://support.f-sec...m/ols/fscax.cab{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase =
http://download.macr...ash/swflash.cabDirectAnimation Java Classes - - CodeBase = file://C:\WINNT\Java\classes\dajava.cab
Microsoft XML Parser for Java - - CodeBase = file://C:\WINNT\Java\classes\xmldso.cab
Hosts file = 686 bytes. Reading all entries. C:\WINNT\System32\drivers\etc\Hosts
# Copyright © 1993-1999 Microsoft Corp. -
# -
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. -
# -
# This file contains the mappings of IP addresses to host names. Each -
# entry should be kept on an individual line. The IP address should -
# be placed in the first column followed by the corresponding host name. -
# The IP address and the host name should be separated by at least one -
# space. -
# -
# Additionally, comments (such as these) may be inserted on individual -
# lines or following the machine name denoted by a "#" symbol. -
# -
# For example: -
# -
# 102.54.94.97 rhino.acme.com # source server -
# 38.25.63.10 x.acme.com # x client host -
# -
127.0.0.1 localhost -
< Add On's >
>>>>Output for AddOn file HKCU_IEDesktop.def<<<<
KEY - HKCU\Software\Microsoft\Internet Explorer\Desktop - Include SUBKEYS
HKCU\Software\Microsoft\Internet Explorer\Desktop -
Desktop\Components -
Desktop\Components\\DeskHtmlVersion - 272
Desktop\Components\\DeskHtmlMinorVersion - 3
Desktop\Components\\Settings - 1
Desktop\Components\\GeneralFlags - 5
Desktop\Components\0 -
Desktop\Components\0\\Source - About:Home
Desktop\Components\0\\SubscribedURL - About:Home
Desktop\Components\0\\FriendlyName - My Current Home Page
Desktop\Components\0\\Flags - 8194
Desktop\Components\0\\Position - 2C 00 00 00 A0 00 00 00 00 00 00 00 80 02 00 00 3C 02 00 00 00 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00
Desktop\Components\0\\CurrentState - 04 00 00 C0
Desktop\Components\0\\OriginalStateInfo - 18 00 00 00 FF FF 00 00 FF FF 00 00 FF FF FF FF FF FF FF FF 04 00 00 00
Desktop\Components\0\\RestoredStateInfo - 18 00 00 00 F0 01 00 00 1F 00 00 00 80 00 00 00 76 00 00 00 01 00 00 00
Desktop\General -
Desktop\General\\WallpaperFileTime - C2 06 E8 36 47 4C C4 01
Desktop\General\\WallpaperLocalFileTime - C2 6E AC 98 4F 4C C4 01
Desktop\General\\ComponentsPositioned - 1
Desktop\General\\TileWallpaper - 0
Desktop\General\\WallpaperStyle - 0
Desktop\General\\Wallpaper - %USERPROFILE%\Desktop\untitled.bmp
Desktop\General\\BackupWallpaper - %USERPROFILE%\Desktop\untitled.bmp
Desktop\Old WorkAreas -
Desktop\Old WorkAreas\\NoOfOldWorkAreas - 1
Desktop\Old WorkAreas\\OldWorkAreaRects - 00 00 00 00 00 00 00 00 20 03 00 00 3C 02 00 00
Desktop\SafeMode -
Desktop\SafeMode\General -
Desktop\SafeMode\General\\Wallpaper - %SystemRoot%\Web\SafeMode.htt
Desktop\SafeMode\General\\VisitGallery - 0
Desktop\Scheme -
Desktop\Scheme\\Edit -
Desktop\Scheme\\Display -
>>>>Output for AddOn file Jobs.def<<<<
DIR - C:\WINNT\tasks\*.* - Parameters = Include SubFolders
C:\WINNT\tasks\desktop.ini - ( [Ver = | Size = 65 bytes | Date = 07/24/2002 13:00 | Attr = RH ])
C:\WINNT\tasks\RunBackupForDB.job - ( [Ver = | Size = 248 bytes | Date = 10/30/2006 02:25 | Attr = ])
C:\WINNT\tasks\SA.DAT - ( [Ver = | Size = 6 bytes | Date = 10/30/2006 11:29 | Attr = H ])
C:\WINNT\tasks\XoftSpy.job - ( [Ver = | Size = 316 bytes | Date = 01/24/2006 13:50 | Attr = ])
>>>>Output for AddOn file Policies.def<<<<
KEY - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies -
policies\ActiveDesktop -
policies\ActiveDesktop\AdminComponent -
policies\Explorer -
policies\Explorer\\ShowSuperHidden - 1
policies\NonEnum -
policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} - 1
policies\Ratings -
policies\system -
policies\system\\disablecad - 0
policies\system\\dontdisplaylastusername - 0
policies\system\\legalnoticecaption -
policies\system\\legalnoticetext -
policies\system\\shutdownwithoutlogon - 0
KEY - HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer - Include SUBKEYS
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer not found. -
KEY - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies -
policies\Explorer -
policies\Explorer\\NoDriveTypeAutoRun - 149
policies\System -
policies\System\\DisableRegistryTools - 0
KEY - HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer - Include SUBKEYS
HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer not found. -
>>>>Output for AddOn file SID_Run_Policies.def<<<<
KEY - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run - No SUBKEYS
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run -
Run\\SrvC - c:\red.exe
KEY - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run - No SUBKEYS
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run not found. -
KEY - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies - Include SUBKEYS
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies -
Policies\Explorer -
Policies\Explorer\\NoDriveTypeAutoRun - 149
KEY - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies - Include SUBKEYS
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies not found. -
< End of report >