Jump to content

what tweaks dose this program use

kurt476

By kurt476
in Windows Tips 'n' Tweaks

 Share

Recommended Posts


kurt476

kurt476

Posted
  • Author
Posted

ok here are these tweaks for supper computer and can some1 help me find out what has has changed like before and after?

hare is the comparesion:

----------------------------------

Keys deleted:1

----------------------------------

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\StuckRects2

----------------------------------

Keys added:5

----------------------------------

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\FastMode

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\FastMode\Command

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\XQSHP

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\XQSHP\Command

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Accessories

----------------------------------

Values deleted:2

----------------------------------

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Internet Explorer\Desktop\Components\0\CurrentState: 01 00 00 40

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\StuckRects2\Settings: 28 00 00 00 FF FF FF FF 02 00 00 00 03 00 00 00 6B 00 00 00 1E 00 00 00 00 00 00 00 E2 02 00 00 00 04 00 00 00 03 00 00

----------------------------------

Values added:17

----------------------------------

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\FastMode\Command\: ""%1" %* /prefetch:1"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\FastMode\: "Fast &Launch"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\XQSHP\Command\: "C:\WINDOWS\system32\cmd.exe /c start "XQSHP" /abovenormal "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\XQSHP\: "Run in &HighPriority"

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\FileSystem\ContigFileAllocSize: 0x00000200

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\FileSystem\NtfsDisableLastAccessUpdate: 0x00000001

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\FileSystem\NtfsMftZoneReservation: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\P3\Parameters\HackFlags: 0x00000001

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem\ContigFileAllocSize: 0x00000200

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsDisableLastAccessUpdate: 0x00000001

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsMftZoneReservation: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\P3\Parameters\HackFlags: 0x00000001

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Control Panel\Desktop\WindowMetrics\Shell Icon Size: "32"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Internet Explorer\Desktop\Components\0\CurrentState: 0x40000001

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Accessories\Order: 08 00 00 00 02 00 00 00 10 09 00 00 01 00 00 00 0E 00 00 00 F4 00 00 00 00 00 00 00 E6 00 00 00 41 75 67 4D 02 00 00 00 02 00 00 00 6C 00 31 00 00 00 00 00 BC 32 F6 8B 11 00 41 43 43 45 53 53 7E 31 00 00 46 00 03 00 04 00 EF BE BC 32 1C 8D BC 32 8C B9 14 00 30 00 41 00 63 00 63 00 65 00 73 00 73 00 69 00 62 00 69 00 6C 00 69 00 74 00 79 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 31 37 36 30 00 18 00 0E 00 00 00 0A 00 EF BE 00 00 00 00 18 00 00 00 66 00 31 00 00 00 00 00 BC 32 28 8B 11 00 41 43 43 45 53 53 7E 31 00 00 32 00 03 00 04 00 EF BE BC 32 28 8B BC 32 8C B9 14 00 00 00 41 00 63 00 63 00 65 00 73 00 73 00 69 00 62 00 69 00 6C 00 69 00 74 00 79 00 00 00 18 00 0E 00 00 00 00 00 EF BE 01 00 00 00 18 00 0E 00 00 00 0A 00 EF BE 01 00 00 00 18 00 00 00 00 00 00 00 00 00 8E 00 00 00 01 00 00 00 80 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 6E 00 31 00 00 00 00 00 BC 32 F7 8B 11 00 43 4F 4D 4D 55 4E 7E 31 00 00 48 00 03 00 04 00 EF BE BC 32 D0 8A BC 32 8C B9 14 00 32 00 43 00 6F 00 6D 00 6D 00 75 00 6E 00 69 00 63 00 61 00 74 00 69 00 6F 00 6E 00 73 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 31 37 36 38 00 18 00 0E 00 00 00 0A 00 EF BE 01 00 00 00 18 00 00 00 00 00 00 00 00 00 F4 00 00 00 02 00 00 00 E6 00 00 00 41 75 67 4D 02 00 00 00 02 00 00 00 6C 00 31 00 00 00 00 00 BC 32 27 8D 11 00 45 4E 54 45 52 54 7E 31 00 00 46 00 03 00 04 00 EF BE BC 32 1C 8D BC 32 8C B9 14 00 30 00 45 00 6E 00 74 00 65 00 72 00 74 00 61 00 69 00 6E 00 6D 00 65 00 6E 00 74 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 31 37 37 32 00 18 00 0E 00 00 00 0A 00 EF BE 00 00 00 00 18 00 00 00 66 00 31 00 00 00 00 00 BC 32 28 8B 11 00 45 4E 54 45 52 54 7E 31 00 00 32 00 03 00 04 00 EF BE BC 32 28 8B BC 32 8C B9 14 00 00 00 45 00 6E 00 74 00 65 00 72 00 74 00 61 00 69 00 6E 00 6D 00 65 00 6E 00 74 00 00 00 18 00 0E 00 00 00 00 00 EF BE 01 00 00 00 18 00 0E 00 00 00 0A 00 EF BE 01 00 00 00 18 00 00 00 00 00 00 00 00 00 8A 00 00 00 03 00 00 00 7C 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 6A 00 31 00 00 00 00 00 BC 32 D4 8C 11 00 53 59 53 54 45 4D 7E 31 00 00 44 00 03 00 04 00 EF BE BC 32 28 8B BC 32 8C B9 14 00 2E 00 53 00 79 00 73 00 74 00 65 00 6D 00 20 00 54 00 6F 00 6F 00 6C 00 73 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 31 37 38 38 00 18 00 0E 00 00 00 0A 00 EF BE 01 00 00 00 18 00 00 00 00 00 00 00 00 00 96 00 00 00 04 00 00 00 88 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 76 00 32 00 06 03 00 00 BC 32 28 8D 20 00 41 44 44 52 45 53 7E 31 2E 4C 4E 4B 00 00 4C 00 03 00 04 00 EF BE BC 32 28 8D BC 32 28 8D 14 00 36 00 41 00 64 00 64 00 72 00 65 00 73 00 73 00 20 00 42 00 6F 00 6F 00 6B 00 2E 00 6C 00 6E 00 6B 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 32 30 31 37 00 1C 00 0E 00 00 00 0A 00 EF BE 00 00 00 00 1C 00 00 00 00 00 00 00 00 00 92 00 00 00 05 00 00 00 84 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 72 00 32 00 DA 05 00 00 BC 32 28 8B 20 00 43 41 4C 43 55 4C 7E 31 2E 4C 4E 4B 00 00 48 00 03 00 04 00 EF BE BC 32 28 8B BC 32 28 8B 14 00 32 00 43 00 61 00 6C 00 63 00 75 00 6C 00 61 00 74 00 6F 00 72 00 2E 00 6C 00 6E 00 6B 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 32 30 31 39 00 1C 00 0E 00 00 00 0A 00 EF BE 01 00 00 00 1C 00 00 00 00 00 00 00 00 00 9A 00 00 00 06 00 00 00 8C 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 7A 00 32 00 13 06 00 00 BC 32 F6 8B 20 00 43 4F 4D 4D 41 4E 7E 31 2E 4C 4E 4B 00 00 50 00 03 00 04 00 EF BE BC 32 1C 8D BC 32 1C 8D 14 00 3A 00 43 00 6F 00 6D 00 6D 00 61 00 6E 00 64 00 20 00 50 00 72 00 6F 00 6D 00 70 00 74 00 2E 00 6C 00 6E 00 6B 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 32 30 32 32 00 1C 00 0E 00 00 00 0A 00 EF BE 00 00 00 00 1C 00 00 00 00 00 00 00 00 00 8A 00 00 00 07 00 00 00 7C 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 6A 00 32 00 EF 05 00 00 BC 32 F6 8B 20 00 4E 6F 74 65 70 61 64 2E 6C 6E 6B 00 42 00 03 00 04 00 EF BE BC 32 1C 8D BC 32 1C 8D 14 00 2C 00 4E 00 6F 00 74 00 65 00 70 00 61 00 64 00 2E 00 6C 00 6E 00 6B 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 32 30 35 31 00 1A 00 0E 00 00 00 0A 00 EF BE 00 00 00 00 1A 00 00 00 00 00 00 00 00 00 84 00 00 00 08 00 00 00 76 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 64 00 32 00 EB 05 00 00 BC 32 28 8B 20 00 50 61 69 6E 74 2E 6C 6E 6B 00 3E 00 03 00 04 00 EF BE BC 32 28 8B BC 32 28 8B 14 00 28 00 50 00 61 00 69 00 6E 00 74 00 2E 00 6C 00 6E 00 6B 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 32 30 35 34 00 18 00 0E 00 00 00 0A 00 EF BE 01 00 00 00 18 00 00 00 00 00 00 00 00 00 CA 00 00 00 09 00 00 00 BC 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 AA 00 32 00 82 01 00 00 BC 32 F6 8B 20 00 50 52 4F 47 52 41 7E 31 2E 4C 4E 4B 00 00 80 00 03 00 04 00 EF BE BC 32 1C 8D BC 32 1C 8D 14 00 56 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 43 00 6F 00 6D 00 70 00 61 00 74 00 69 00 62 00 69 00 6C 00 69 00 74 00 79 00 20 00 57 00 69 00 7A 00 61 00 72 00 64 00 2E 00 6C 00 6E 00 6B 00 00 00 40 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 63 6F 6D 70 61 74 55 49 2E 64 6C 6C 2C 2D 31 31 35 00 00 1C 00 0E 00 00 00 0A 00 EF BE 00 00 00 00 1C 00 00 00 00 00 00 00 00 00 94 00 00 00 0A 00 00 00 86 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 74 00 32 00 EF 05 00 00 BC 32 F6 8B 20 00 53 59 4E 43 48 52 7E 31 2E 4C 4E 4B 00 00 4A 00 03 00 04 00 EF BE BC 32 1C 8D BC 32 1C 8D 14 00 34 00 53 00 79 00 6E 00 63 00 68 00 72 00 6F 00 6E 00 69 00 7A 00 65 00 2E 00 6C 00 6E 00 6B 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 32 30 36 32 00 1C 00 0E 00 00 00 0A 00 EF BE 00 00 00 00 1C 00 00 00 00 00 00 00 00 00 AE 00 00 00 0B 00 00 00 A0 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 8E 00 32 00 F7 05 00 00 BC 32 F6 8B 20 00 54 4F 55 52 57 49 7E 31 2E 4C 4E 4B 00 00 64 00 03 00 04 00 EF BE BC 32 1C 8D BC 32 1C 8D 14 00 3C 00 54 00 6F 00 75 00 72 00 20 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 58 00 50 00 2E 00 6C 00 6E 00 6B 00 00 00 40 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 74 6F 75 72 73 74 61 72 74 2E 65 78 65 2C 2D 31 00 1C 00 0E 00 00 00 0A 00 EF BE 00 00 00 00 1C 00 00 00 00 00 00 00 00 00 9E 00 00 00 0C 00 00 00 90 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 7E 00 32 00 CF 05 00 00 BC 32 8A 8B 20 00 57 49 4E 44 4F 57 7E 31 2E 4C 4E 4B 00 00 54 00 03 00 04 00 EF BE BC 32 1C 8D BC 32 1C 8D 14 00 3E 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 45 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 00 2E 00 6C 00 6E 00 6B 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 32 30 36 37 00 1C 00 0E 00 00 00 0A 00 EF BE 00 00 00 00 1C 00 00 00 00 00 00 00 00 00 8A 00 00 00 0D 00 00 00 7C 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 6A 00 32 00 6F 03 00 00 BC 32 28 8B 20 00 57 6F 72 64 50 61 64 2E 6C 6E 6B 00 42 00 03 00 04 00 EF BE BC 32 28 8B BC 32 28 8B 14 00 2C 00 57 00 6F 00 72 00 64 00 50 00 61 00 64 00 2E 00 6C 00 6E 00 6B 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 32 30 36 39 00 1A 00 0E 00 00 00 0A 00 EF BE 01 00 00 00 1A 00 00 00 00 00 00 00 00 00

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer: 0x00000004

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server: 0x00000008

----------------------------------

Values modified:196

----------------------------------

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed: 7E 73 3B C9 0F 69 CB A8 71 4F 30 BD 93 6E F2 A8 03 F8 05 25 B1 2C B1 6B 24 B4 A5 C6 10 FE DF 77 9A 56 14 0B CA 77 F6 FE 23 D9 F3 53 C0 26 78 E4 5F 03 D7 97 B5 8A 39 09 C3 A8 5D AE CF B8 5A A9 95 F4 7C 83 B8 1B E0 43 D9 21 42 BC BB F0 E5 96

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed: 0D 05 DA 0A D3 8A 39 3E 83 09 89 32 3F 31 94 1E 8A F5 59 A9 32 95 4E 38 40 F4 24 D6 6B 4B 53 B1 09 3D 42 C2 E9 80 7B 5C E8 A6 99 6D A9 E9 4F A7 6F 3D DD A4 4D 69 88 34 3F B0 88 53 8A D8 C5 BD 12 EE F8 13 13 7E 4B E6 4D 73 54 64 FE F4 40 42

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DoReport: 0x00000001

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DoReport: 0x00000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell: 0x00000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell: 0x00000001

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WaitToKillServiceTimeout: "5000"

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WaitToKillServiceTimeout: "1000"

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemStartOptions: "NOEXECUTE=OPTIN FASTDETECT"

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemStartOptions: "FASTDETECT"

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CrashControl\AutoReboot: 0x00000000

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CrashControl\AutoReboot: 0x00000001

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CrashControl\CrashDumpEnabled: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CrashControl\CrashDumpEnabled: 0x00000000

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CrashControl\LogEvent: 0x00000001

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CrashControl\LogEvent: 0x00000000

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CrashControl\SendAlert: 0x00000001

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CrashControl\SendAlert: 0x00000000

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PriorityControl\Win32PrioritySeparation: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PriorityControl\Win32PrioritySeparation: 0x00000026

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\type: 0x00000000

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\type: 0x00000056

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Executive\AdditionalCriticalWorkerThreads: 0x00000000

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Executive\AdditionalCriticalWorkerThreads: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Update\UpdateMode: 0x00000001

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Update\UpdateMode: 0x00000000

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Alerter\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Alerter\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ALG\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ALG\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Browser\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Browser\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CiSvc\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CiSvc\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ClipSrv\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ClipSrv\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\COMSysApp\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\COMSysApp\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CryptSvc\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CryptSvc\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dmadmin\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dmadmin\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dmserver\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dmserver\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ERSvc\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ERSvc\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystem\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystem\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FastUserSwitchingCompatibility\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FastUserSwitchingCompatibility\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\helpsvc\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\helpsvc\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ImapiService\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ImapiService\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanserver\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanserver\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LmHosts\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LmHosts\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Messenger\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Messenger\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmsrvc\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmsrvc\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetDDE\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetDDE\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetDDEdsdm\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetDDEdsdm\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netlogon\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netlogon\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netman\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netman\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Nla\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Nla\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NtLmSsp\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NtLmSsp\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NtmsSvc\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NtmsSvc\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProtectedStorage\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProtectedStorage\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasAuto\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasAuto\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasMan\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasMan\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDSessMgr\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDSessMgr\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteRegistry\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteRegistry\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcLocator\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcLocator\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RSVP\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RSVP\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SamSs\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SamSs\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCardSvr\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCardSvr\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Schedule\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Schedule\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\seclogon\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\seclogon\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SENS\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SENS\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ShellHWDetection\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ShellHWDetection\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Spooler\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Spooler\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srservice\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srservice\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSDPSRV\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSDPSRV\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\stisvc\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\stisvc\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SwPrv\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SwPrv\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SysmonLog\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SysmonLog\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TapiSrv\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TapiSrv\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DisableTaskOffload: 0x00000001

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DisableTaskOffload: 0x00000000

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DisableDynamicUpdate: 0x00000001

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DisableDynamicUpdate: 0x00000000

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\EnablePMTUBHDetect: 0x00000001

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\EnablePMTUBHDetect: 0x00000000

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TermService\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TermService\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Themes\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Themes\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TlntSvr\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TlntSvr\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrkWks\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrkWks\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\upnphost\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\upnphost\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UPS\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UPS\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WebClient\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WebClient\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmdmPmSN\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmdmPmSN\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wmi\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wmi\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmiApSrv\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmiApSrv\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wscsvc\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wscsvc\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WZCSVC\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WZCSVC\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WaitToKillServiceTimeout: "5000"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WaitToKillServiceTimeout: "1000"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemStartOptions: "NOEXECUTE=OPTIN FASTDETECT"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemStartOptions: "FASTDETECT"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\AutoReboot: 0x00000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\AutoReboot: 0x00000001

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\CrashDumpEnabled: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\CrashDumpEnabled: 0x00000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\LogEvent: 0x00000001

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\LogEvent: 0x00000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\SendAlert: 0x00000001

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\SendAlert: 0x00000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\PriorityControl\Win32PrioritySeparation: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\PriorityControl\Win32PrioritySeparation: 0x00000026

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\type: 0x00000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\type: 0x00000056

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Executive\AdditionalCriticalWorkerThreads: 0x00000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Executive\AdditionalCriticalWorkerThreads: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Update\UpdateMode: 0x00000001

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Update\UpdateMode: 0x00000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Alerter\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Alerter\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ALG\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ALG\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CiSvc\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CiSvc\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ClipSrv\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ClipSrv\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\COMSysApp\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\COMSysApp\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmadmin\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmadmin\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmserver\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmserver\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ERSvc\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ERSvc\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventSystem\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventSystem\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FastUserSwitchingCompatibility\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FastUserSwitchingCompatibility\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\helpsvc\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\helpsvc\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ImapiService\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ImapiService\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LmHosts\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LmHosts\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmsrvc\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmsrvc\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSDTC\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSDTC\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDE\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDE\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDEdsdm\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDEdsdm\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netman\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netman\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nla\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nla\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtLmSsp\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtLmSsp\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtmsSvc\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtmsSvc\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ProtectedStorage\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ProtectedStorage\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasAuto\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasAuto\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDSessMgr\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDSessMgr\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcLocator\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcLocator\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RSVP\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RSVP\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SamSs\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SamSs\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SCardSvr\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SCardSvr\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SENS\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SENS\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ShellHWDetection\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ShellHWDetection\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Spooler\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Spooler\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srservice\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srservice\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSDPSRV\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSDPSRV\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\stisvc\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\stisvc\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SwPrv\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SwPrv\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TapiSrv\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TapiSrv\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DisableTaskOffload: 0x00000001

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DisableTaskOffload: 0x00000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DisableDynamicUpdate: 0x00000001

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DisableDynamicUpdate: 0x00000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnablePMTUBHDetect: 0x00000001

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnablePMTUBHDetect: 0x00000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Themes\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Themes\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrkWks\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrkWks\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\upnphost\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\upnphost\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UPS\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UPS\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmdmPmSN\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmdmPmSN\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wmi\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wmi\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmiApSrv\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmiApSrv\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WZCSVC\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WZCSVC\Start: 0x00000004

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Control Panel\Desktop\AutoEndTasks: "0"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Control Panel\Desktop\AutoEndTasks: "1"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Control Panel\Desktop\DragFullWindows: "1"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Control Panel\Desktop\DragFullWindows: "0"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Control Panel\Desktop\FontSmoothing: "2"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Control Panel\Desktop\FontSmoothing: "0"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Control Panel\Desktop\FontSmoothingType: 0x00000001

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Control Panel\Desktop\FontSmoothingType: 0x00000000

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Control Panel\Desktop\HungAppTimeout: "5000"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Control Panel\Desktop\HungAppTimeout: "1000"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Control Panel\Desktop\MenuShowDelay: "400"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Control Panel\Desktop\MenuShowDelay: "155"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Control Panel\Desktop\UserPreferencesMask: 1E 2C 04 80

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Control Panel\Desktop\UserPreferencesMask: 00 00 00 80

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Control Panel\Desktop\SmoothScroll: 0x00000001

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Control Panel\Desktop\SmoothScroll: 0x00000000

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Control Panel\Desktop\WindowMetrics\Shell Icon BPP: "16"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Control Panel\Desktop\WindowMetrics\Shell Icon BPP: "8"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Control Panel\Desktop\WindowMetrics\MinAnimate: "1"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Control Panel\Desktop\WindowMetrics\MinAnimate: "0"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Internet Explorer\Desktop\Components\GeneralFlags: 0x00000001

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Internet Explorer\Desktop\Components\GeneralFlags: 0x00000000

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Internet Explorer\Main\Friendly http errors: "Yes"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Internet Explorer\Main\Friendly http errors: "no"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Internet Explorer\Main\Print_Background: "Yes"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Internet Explorer\Main\Print_Background: "no"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Internet Explorer\Main\SmoothScroll: 0x00000001

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Internet Explorer\Main\SmoothScroll: 0x00000000

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ThumbnailSize: 0x00000060

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ThumbnailSize: 0x00000030

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ThumbnailQuality: 0x0000005A

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ThumbnailQuality: 0x00000050

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\MRUList: "fedcbajihg"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\MRUList: "dfecbajihg"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\hiv\MRUList: "cba"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\hiv\MRUList: "acb"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Intelli HyperSpeed 2005\Order: 08 00 00 00 02 00 00 00 E0 01 00 00 01 00 00 00 03 00 00 00 A0 00 00 00 00 00 00 00 92 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 80 00 32 00 08 07 00 00 BC 32 59 8D 20 00 49 4E 54 45 4C 4C 7E 31 2E 4C 4E 4B 00 00 56 00 03 00 04 00 EF BE BC 32 59 8D BC 32 59 8D 14 00 00 00 49 00 6E 00 74 00 65 00 6C 00 6C 00 69 00 20 00 48 00 79 00 70 00 65 00 72 00 53 00 70 00 65 00 65 00 64 00 20 00 32 00 30 00 30 00 35 00 2E 00 65 00 78 00 65 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 0E 00 00 00 0A 00 EF BE 00 00 00 00 1C 00 00 00 00 00 00 00 00 00 88 00 00 00 01 00 00 00 7A 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 68 00 32 00 B4 06 00 00 BC 32 59 8D 20 00 49 4E 54 45 4C 4C 7E 32 2E 4C 4E 4B 00 00 3E 00 03 00 04 00 EF BE BC 32 59 8D BC 32 59 8D 14 00 00 00 49 00 6E 00 74 00 65 00 6C 00 6C 00 69 00 48 00 65 00 6C 00 70 00 2E 00 63 00 68 00 6D 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 0E 00 00 00 0A 00 EF BE 00 00 00 00 1C 00 00 00 00 00 00 00 00 00 AC 00 00 00 02 00 00 00 9E 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 8C 00 32 00 02 07 00 00 BC 32 59 8D 20 00 55 4E 49 4E 53 54 7E 31 2E 4C 4E 4B 00 00 62 00 03 00 04 00 EF BE BC 32 59 8D BC 32 59 8D 14 00 00 00 55 00 6E 00 69 00 6E 00 73 00 74 00 61 00 6C 00 6C 00 20 00 49 00 6E 00 74 00 65 00 6C 00 6C 00 69 00 20 00 48 00 79 00 70 00 65 00 72 00 53 00 70 00 65 00 65 00 64 00 20 00 32 00 30 00 30 00 35 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 0E 00 00 00 0A 00 EF BE 00 00 00 00 1C 00 00 00 00 00 00 00 00 00

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Intelli HyperSpeed 2005\Order: 08 00 00 00 02 00 00 00 E0 01 00 00 01 00 00 00 03 00 00 00 A0 00 00 00 00 00 00 00 92 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 80 00 32 00 08 07 00 00 BC 32 59 8D 20 00 49 4E 54 45 4C 4C 7E 31 2E 4C 4E 4B 00 00 56 00 03 00 04 00 EF BE BC 32 59 8D BC 32 96 BA 14 00 00 00 49 00 6E 00 74 00 65 00 6C 00 6C 00 69 00 20 00 48 00 79 00 70 00 65 00 72 00 53 00 70 00 65 00 65 00 64 00 20 00 32 00 30 00 30 00 35 00 2E 00 65 00 78 00 65 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 0E 00 00 00 0A 00 EF BE 00 00 00 00 1C 00 00 00 00 00 00 00 00 00 88 00 00 00 01 00 00 00 7A 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 68 00 32 00 B4 06 00 00 BC 32 59 8D 20 00 49 4E 54 45 4C 4C 7E 32 2E 4C 4E 4B 00 00 3E 00 03 00 04 00 EF BE BC 32 59 8D BC 32 96 BA 14 00 00 00 49 00 6E 00 74 00 65 00 6C 00 6C 00 69 00 48 00 65 00 6C 00 70 00 2E 00 63 00 68 00 6D 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 0E 00 00 00 0A 00 EF BE 00 00 00 00 1C 00 00 00 00 00 00 00 00 00 AC 00 00 00 02 00 00 00 9E 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 8C 00 32 00 02 07 00 00 BC 32 59 8D 20 00 55 4E 49 4E 53 54 7E 31 2E 4C 4E 4B 00 00 62 00 03 00 04 00 EF BE BC 32 59 8D BC 32 96 BA 14 00 00 00 55 00 6E 00 69 00 6E 00 73 00 74 00 61 00 6C 00 6C 00 20 00 49 00 6E 00 74 00 65 00 6C 00 6C 00 69 00 20 00 48 00 79 00 70 00 65 00 72 00 53 00 70 00 65 00 65 00 64 00 20 00 32 00 30 00 30 00 35 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 0E 00 00 00 0A 00 EF BE 00 00 00 00 1C 00 00 00 00 00 00 00 00 00

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\ProgramsCache: 09 00 00 00 0B 00 56 00 00 00 54 00 31 00 00 00 00 00 BC 32 27 8D 11 00 50 72 6F 67 72 61 6D 73 00 00 3C 00 03 00 04 00 EF BE BC 32 1C 8D BC 32 27 8D 14 00 26 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 73 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 31 37 38 32 00 18 00 00 00 01 EA 00 00 00 E8 00 32 00 FF 02 00 00 BC 32 2E 8D 20 00 49 4E 54 45 52 4E 7E 31 2E 4C 4E 4B 00 00 58 00 03 00 04 00 EF BE BC 32 23 8D BC 32 2E 8D 14 00 40 00 49 00 6E 00 74 00 65 00 72 00 6E 00 65 00 74 00 20 00 45 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 00 2E 00 6C 00 6E 00 6B 00 00 00 40 78 70 73 70 31 72 65 73 2E 64 6C 6C 2C 2D 31 31 30 30 31 00 00 1C 00 74 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 49 00 6E 00 74 00 65 00 72 00 6E 00 65 00 74 00 20 00 45 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 00 5C 00 49 00 45 00 58 00 50 00 4C 00 4F 00 52 00 45 00 2E 00 45 00 58 00 45 00 00 00 00 00 1C 00 00 00 01 DC 00 00 00 DA 00 32 00 E2 02 00 00 BC 32 2E 8D 20 00 4F 55 54 4C 4F 4F 7E 31 2E 4C 4E 4B 00 00 54 00 03 00 04 00 EF BE BC 32 26 8D BC 32 2E 8D 14 00 3C 00 4F 00 75 00 74 00 6C 00 6F 00 6F 00 6B 00 20 00 45 00 78 00 70 00 72 00 65 00 73 00 73 00 2E 00 6C 00 6E 00 6B 00 00 00 40 78 70 73 70 31 72 65 73 2E 64 6C 6C 2C 2D 31 31 30 30 34 00 00 1C 00 6A 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 4F 00 75 00 74 00 6C 00 6F 00 6F 00 6B 00 20 00 45 00 78 00 70 00 72 00 65 00 73 00 73 00 5C 00 6D 00 73 00 69 00 6D 00 6E 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 01 E0 00 00 00 DE 00 32 00 3F 06 00 00 BC 32 F7 8B 20 00 52 45 4D 4F 54 45 7E 31 2E 4C 4E 4B 00 00 6A 00 03 00 04 00 EF BE BC 32 1C 8D BC 32 1C 8D 14 00 40 00 52 00 65 00 6D 00 6F 00 74 00 65 00 20 00 41 00 73 00 73 00 69 00 73 00 74 00 61 00 6E 00 63 00 65 00 2E 00 6C 00 6E 00 6B 00 00 00 40 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 72 63 62 64 79 63 74 6C 2E 64 6C 6C 2C 2D 31 35 32 00 00 1C 00 58 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 25 00 53 00 59 00 53 00 54 00 45 00 4D 00 52 00 4F 00 4F 00 54 00 25 00 5C 00 73 00 79 00 73 00 74 00 65 00 6D 00 33 00 32 00 5C 00 72 00 63 00 69 00 6D 00 6C 00 62 00 79 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 01 E0 00 00 00 DE 00 32 00 18 03 00 00 BC 32 27 8D 20 00 57 49 4E 44 4F 57 7E 31 2E 4C 4E 4B 00 00 48 00 03 00 04 00 EF BE BC 32 1C 8D BC 32 27 8D 14 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 4D 00 65 00 64 00 69 00 61 00 20 00 50 00 6C 00 61 00 79 00 65 00 72 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 7A 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 4D 00 65 00 64 00 69 00 61 00 20 00 50 00 6C 00 61 00 79 00 65 00 72 00 5C 00 77 00 6D 00 70 00 6C 00 61 00 79 00 65 00 72 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 00 B0 00 00 00 54 00 31 00 00 00 00 00 BC 32 27 8D 11 00 50 72 6F 67 72 61 6D 73 00 00 3C 00 03 00 04 00 EF BE BC 32 1C 8D BC 32 27 8D 14 00 26 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 73 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 31 37 38 32 00 18 00 5A 00 31 00 00 00 00 00 BC 32 28 8D 11 00 41 43 43 45 53 53 7E 31 00 00 42 00 03 00 04 00 EF BE BC 32 1C 8D BC 32 28 8D 14 00 2C 00 41 00 63 00 63 00 65 00 73 00 73 00 6F 00 72 00 69 00 65 00 73 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 31 37 36 31 00 18 00 00 00 01 D0 00 00 00 CE 00 32 00 06 03 00 00 BC 32 28 8D 20 00 41 44 44 52 45 53 7E 31 2E 4C 4E 4B 00 00 4C 00 03 00 04 00 EF BE BC 32 28 8D BC 32 28 8D 14 00 36 00 41 00 64 00 64 00 72 00 65 00 73 00 73 00 20 00 42 00 6F 00 6F 00 6B 00 2E 00 6C 00 6E 00 6B 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 32 30 31 37 00 1C 00 66 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 43 00 3A 00 5C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 46 00 69 00 6C 00 65 00 73 00 5C 00 4F 00 75 00 74 00 6C 00 6F 00 6F 00 6B 00 20 00 45 00 78 00 70 00 72 00 65 00 73 00 73 00 5C 00 77 00 61 00 62 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 01 BE 00 00 00 BC 00 32 00 13 06 00 00 BC 32 F6 8B 20 00 43 4F 4D 4D 41 4E 7E 31 2E 4C 4E 4B 00 00 50 00 03 00 04 00 EF BE BC 32 1C 8D BC 32 1C 8D 14 00 3A 00 43 00 6F 00 6D 00 6D 00 61 00 6E 00 64 00 20 00 50 00 72 00 6F 00 6D 00 70 00 74 00 2E 00 6C 00 6E 00 6B 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 32 30 32 32 00 1C 00 50 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 25 00 53 00 79 00 73 00 74 00 65 00 6D 00 52 00 6F 00 6F 00 74 00 25 00 5C 00 73 00 79 00 73 00 74 00 65 00 6D 00 33 00 32 00 5C 00 63 00 6D 00 64 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 01 B6 00 00 00 B4 00 32 00 EF 05 00 00 BC 32 F6 8B 20 00 4E 6F 74 65 70 61 64 2E 6C 6E 6B 00 42 00 03 00 04 00 EF BE BC 32 1C 8D BC 32 1C 8D 14 00 2C 00 4E 00 6F 00 74 00 65 00 70 00 61 00 64 00 2E 00 6C 00 6E 00 6B 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 32 30 35 31 00 1A 00 58 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 25 00 53 00 79 00 73 00 74 00 65 00 6D 00 52 00 6F 00 6F 00 74 00 25 00 5C 00 73 00 79 00 73 00 74 00 65 00 6D 00 33 00 32 00 5C 00 6E 00 6F 00 74 00 65 00 70 00 61 00 64 00 2E 00 65 00 78 00 65 00 00 00 00 00 1A 00 00 00 01 B4 00 00 00 B2 00 32 00 82 01 00 00 BC 32 F6 8B 20 00 50 52 4F 47 52 41 7E 31 2E 4C 4E 4B 00 00 80 00 03 00 04 00 EF BE BC 32 1C 8D BC 32 1C 8D 14 00 56 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 43 00 6F 00 6D 00 70 00 61 00 74 00 69 00 62 00 69 00 6C 00 69 00 74 00 79 00 20 00 57 00 69 00 7A 00 61 00 72 00 64 00 2E 00 6C 00 6E 00 6B 00 00 00 40 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 63 6F 6D 70 61 74 55 49 2E 64 6C 6C 2C 2D 31 31 35 00 00 1C 00 16 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 00 00 00 00 1C 00 00 00 01 C0 00 00 00 BE 00 32 00 EF 05 00 00 BC 32 F6 8B 20 00 53 59 4E 43 48 52 7E 31 2E 4C 4E 4B 00 00 4A 00 03 00 04 00 EF BE BC 32 1C 8D BC 32 1C 8D 14 00 34 00 53 00 79 00 6E 00 63 00 68 00 72 00 6F 00 6E 00 69 00 7A 00 65 00 2E 00 6C 00 6E 00 6B 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 32 30 36 32 00 1C 00 58 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 25 00 53 00 79 00 73 00 74 00 65 00 6D 00 52 00 6F 00 6F 00 74 00 25 00 5C 00 73 00 79 00 73 00 74 00 65 00 6D 00 33 00 32 00 5C 00 6D 00 6F 00 62 00 73 00 79 00 6E 00 63 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 01 DE 00 00 00 DC 00 32 00 F7 05 00 00 BC 32 F6 8B 20 00 54 4F 55 52 57 49 7E 31 2E 4C 4E 4B 00 00 64 00 03 00 04 00 EF BE BC 32 1C 8D BC 32 1C 8D 14 00 3C 00 54 00 6F 00 75 00 72 00 20 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 58 00 50 00 2E 00 6C 00 6E 00 6B 00 00 00 40 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 74 6F 75 72 73 74 61 72 74 2E 65 78 65 2C 2D 31 00 1C 00 5C 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 25 00 53 00 79 00 73 00 74 00 65 00 6D 00 52 00 6F 00 6F 00 74 00 25 00 5C 00 73 00 79 00 73 00 74 00 65 00 6D 00 33 00 32 00 5C 00 74 00 6F 00 75 00 72 00 73 00 74 00 61 00 72 00 74 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 01 BA 00 00 00 B8 00 32 00 CF 05 00 00 BC 32 8A 8B 20 00 57 49 4E 44 4F 57 7E 31 2E 4C 4E 4B 00 00 54 00 03 00 04 00 EF BE BC 32 1C 8D BC 32 1C 8D 14 00 3E 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 45 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 00 2E 00 6C 00 6E 00 6B 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 32 30 36 37 00 1C 00 48 00 00 00 0B 00 EF BE 00 00 00 00 00 00 00 00 25 00 53 00 79 00 73 00 74 00 65 00 6D 00 52 00 6F 00 6F 00 74 00 25 00 5C 00 65 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 00 2E 00 65 00 78 00 65 00 00 00 00 00 1C 00 00 00 00 0E 01 00 00 54 00 31 00 00 00 00 00 BC 32 27 8D 11 00 50 72 6F 67 72 61 6D 73 00 00 3C 00 03 00 04 00 EF BE BC 32 1C 8D BC 32 27 8D 14 00 26 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 73 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 31 37 38 32 00 18 00 5A 00 31 00 00 00 00 00 BC 32 28 8D 11 00 41 43 43 45 53 53 7E 31 00 00 42 00 03 00 04 00 EF BE BC 32 1C 8D BC 32 28 8D 14 00 2C 00 41 00 63 00 63 00 65 00 73 00 73 00 6F 00 72 00 69 00 65 00 73 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 31 37 36 31 00 18 00 5E 00 31 00 00 00 00 00 BC 32 F6 8B 11 00 41 43 43 45 53 53 7E 31 00 00 46 00 03 00 04 00 EF BE BC 32 1C 8D BC 32 1C 8D 14 00 30 00 41 00 63 00 63 00 65 00 73 00 73 00 69 00 62 00 69 00 6C 00 69 00 74 00 79 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 31 37 36 30 00 18 00 00 00 01 BC 00 00 00 BA 00 32 00 F5 05 00 00 BC 32 F6 8B 20 00 4D 41 47 4E 49 46 7E 31 2E 4C 4E 4B 00 00 46 00 03 00 04 00 EF BE BC 32 1C 8D BC 32

Link to comment
Share on other sites
kurt476

kurt476

Posted
  • Author
Posted

here is the 2nd comparesion this one is called office work:

----------------------------------

Keys deleted:1

----------------------------------

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\StuckRects2

----------------------------------

Keys added:4

----------------------------------

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\FastMode

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\FastMode\Command

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\XQSHP

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\XQSHP\Command

----------------------------------

Values deleted:2

----------------------------------

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Internet Explorer\Desktop\Components\0\CurrentState: 01 00 00 40

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\StuckRects2\Settings: 28 00 00 00 FF FF FF FF 02 00 00 00 03 00 00 00 6B 00 00 00 20 00 00 00 FE FF FF FF E2 02 00 00 02 04 00 00 02 03 00 00

----------------------------------

Values added:19

----------------------------------

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\FastMode\Command\: ""%1" %* /prefetch:1"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\FastMode\: "Fast &Launch"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\XQSHP\Command\: "C:\WINDOWS\system32\cmd.exe /c start "XQSHP" /abovenormal "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\XQSHP\: "Run in &HighPriority"

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\FileSystem\ContigFileAllocSize: 0x00000200

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\FileSystem\NtfsDisableLastAccessUpdate: 0x00000001

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\FileSystem\NtfsMftZoneReservation: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\P3\Parameters\HackFlags: 0x00000001

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem\ContigFileAllocSize: 0x00000200

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsDisableLastAccessUpdate: 0x00000001

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsMftZoneReservation: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\P3\Parameters\HackFlags: 0x00000001

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Control Panel\Desktop\WindowMetrics\Shell Icon Size: "32"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Internet Explorer\Desktop\Components\0\CurrentState: 0x40000001

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe\j: "D:\regshot161e5\regshot.exe"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\f: "D:\regshot161e5\regshot.exe\1"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer: 0x00000004

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server: 0x00000008

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\@%SystemRoot%\system32\usmt\migwiz.exe,-203: "Migrates files and settings from one computer to another."

----------------------------------

Values modified:136

----------------------------------

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed: BB 0A C5 46 7E 7C EC 78 FE 29 47 2D 87 E1 92 02 92 5A BF E4 39 C9 80 B0 6F EB FC 66 AE 9D 72 72 F1 D4 A5 EE 54 D1 76 9D 37 29 8F 59 4A 12 1F 72 1F 34 04 B0 A0 55 65 16 8C EB C5 CF 02 8B 88 F2 7A D7 CE CE 6F 59 9F 8F 46 37 37 10 66 63 F4 9A

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed: A4 C9 4D 1A 5D 5C 06 BC 38 93 4B 02 26 A3 0C DF 3D 3D B2 98 FA 15 07 18 1E 6D 38 47 24 AD AD 56 A3 62 E0 8D 0B BB FF 69 E0 E1 79 D6 C4 99 63 40 AF 85 92 3F 91 EF 12 29 01 4F D3 86 9C 03 F7 01 C3 A2 9A 81 93 C1 65 00 7C D1 41 1E 88 3C 92 CD

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DoReport: 0x00000001

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DoReport: 0x00000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Max Cached Icons: 0x00000500

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Max Cached Icons: 0x00002000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell: 0x00000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell: 0x00000001

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WaitToKillServiceTimeout: "5000"

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WaitToKillServiceTimeout: "1000"

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemStartOptions: "NOEXECUTE=OPTIN FASTDETECT"

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemStartOptions: "FASTDETECT"

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CrashControl\AutoReboot: 0x00000000

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CrashControl\AutoReboot: 0x00000001

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CrashControl\CrashDumpEnabled: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CrashControl\CrashDumpEnabled: 0x00000000

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CrashControl\LogEvent: 0x00000001

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CrashControl\LogEvent: 0x00000000

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CrashControl\SendAlert: 0x00000001

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CrashControl\SendAlert: 0x00000000

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PriorityControl\Win32PrioritySeparation: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PriorityControl\Win32PrioritySeparation: 0x00000026

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\type: 0x00000000

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\type: 0x0000003D

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Executive\AdditionalCriticalWorkerThreads: 0x00000000

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Executive\AdditionalCriticalWorkerThreads: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Update\UpdateMode: 0x00000001

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Update\UpdateMode: 0x00000000

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Alerter\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Alerter\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ALG\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ALG\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Browser\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Browser\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CiSvc\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CiSvc\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ClipSrv\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ClipSrv\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dmserver\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dmserver\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ERSvc\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ERSvc\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystem\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystem\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\helpsvc\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\helpsvc\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LmHosts\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LmHosts\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Messenger\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Messenger\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmsrvc\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmsrvc\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetDDE\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetDDE\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetDDEdsdm\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetDDEdsdm\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netlogon\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netlogon\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDSessMgr\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDSessMgr\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteRegistry\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteRegistry\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCardSvr\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCardSvr\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\seclogon\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\seclogon\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srservice\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srservice\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSDPSRV\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSDPSRV\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SysmonLog\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SysmonLog\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DisableTaskOffload: 0x00000001

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DisableTaskOffload: 0x00000000

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DisableDynamicUpdate: 0x00000001

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DisableDynamicUpdate: 0x00000000

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\EnablePMTUBHDetect: 0x00000001

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\EnablePMTUBHDetect: 0x00000000

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TlntSvr\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TlntSvr\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrkWks\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrkWks\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\upnphost\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\upnphost\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UPS\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UPS\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WebClient\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WebClient\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmdmPmSN\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmdmPmSN\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmiApSrv\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmiApSrv\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wscsvc\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wscsvc\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WZCSVC\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WZCSVC\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WaitToKillServiceTimeout: "5000"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WaitToKillServiceTimeout: "1000"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemStartOptions: "NOEXECUTE=OPTIN FASTDETECT"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemStartOptions: "FASTDETECT"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\AutoReboot: 0x00000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\AutoReboot: 0x00000001

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\CrashDumpEnabled: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\CrashDumpEnabled: 0x00000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\LogEvent: 0x00000001

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\LogEvent: 0x00000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\SendAlert: 0x00000001

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\SendAlert: 0x00000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\PriorityControl\Win32PrioritySeparation: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\PriorityControl\Win32PrioritySeparation: 0x00000026

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\type: 0x00000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\type: 0x0000003D

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Executive\AdditionalCriticalWorkerThreads: 0x00000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Executive\AdditionalCriticalWorkerThreads: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Update\UpdateMode: 0x00000001

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Update\UpdateMode: 0x00000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Alerter\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Alerter\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ALG\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ALG\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CiSvc\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CiSvc\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ClipSrv\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ClipSrv\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmserver\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmserver\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ERSvc\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ERSvc\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventSystem\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventSystem\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\helpsvc\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\helpsvc\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LmHosts\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LmHosts\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmsrvc\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmsrvc\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDE\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDE\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDEdsdm\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDEdsdm\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDSessMgr\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDSessMgr\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SCardSvr\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SCardSvr\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srservice\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srservice\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSDPSRV\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSDPSRV\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DisableTaskOffload: 0x00000001

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DisableTaskOffload: 0x00000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DisableDynamicUpdate: 0x00000001

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DisableDynamicUpdate: 0x00000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnablePMTUBHDetect: 0x00000001

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnablePMTUBHDetect: 0x00000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrkWks\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrkWks\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\upnphost\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\upnphost\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UPS\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UPS\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmdmPmSN\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmdmPmSN\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmiApSrv\Start: 0x00000003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmiApSrv\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start: 0x00000004

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WZCSVC\Start: 0x00000002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WZCSVC\Start: 0x00000003

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Control Panel\Desktop\AutoEndTasks: "0"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Control Panel\Desktop\AutoEndTasks: "1"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Control Panel\Desktop\DragFullWindows: "1"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Control Panel\Desktop\DragFullWindows: "0"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Control Panel\Desktop\FontSmoothingType: 0x00000001

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Control Panel\Desktop\FontSmoothingType: 0x00000002

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Control Panel\Desktop\HungAppTimeout: "5000"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Control Panel\Desktop\HungAppTimeout: "1000"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Control Panel\Desktop\MenuShowDelay: "400"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Control Panel\Desktop\MenuShowDelay: "155"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Control Panel\Desktop\UserPreferencesMask: 1E 2C 04 80

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Control Panel\Desktop\UserPreferencesMask: 00 00 00 80

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Control Panel\Desktop\SmoothScroll: 0x00000001

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Control Panel\Desktop\SmoothScroll: 0x00000000

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Control Panel\Desktop\FontSmoothingGamma: 0x00000578

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Control Panel\Desktop\FontSmoothingGamma: 0x000003E8

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Control Panel\Desktop\WindowMetrics\Shell Icon BPP: "16"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Control Panel\Desktop\WindowMetrics\Shell Icon BPP: "8"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Control Panel\Desktop\WindowMetrics\MinAnimate: "1"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Control Panel\Desktop\WindowMetrics\MinAnimate: "0"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Internet Explorer\Desktop\Components\GeneralFlags: 0x00000001

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Internet Explorer\Desktop\Components\GeneralFlags: 0x00000000

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Internet Explorer\Main\Friendly http errors: "Yes"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Internet Explorer\Main\Friendly http errors: "no"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Internet Explorer\Main\Print_Background: "Yes"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Internet Explorer\Main\Print_Background: "no"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Internet Explorer\Main\SmoothScroll: 0x00000001

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Internet Explorer\Main\SmoothScroll: 0x00000000

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\DesktopProcess: 0x00000000

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\DesktopProcess: 0x00000001

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ThumbnailQuality: 0x0000005A

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ThumbnailQuality: 0x00000050

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\a: 45 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 00 2E 00 45 00 58 00 45 00 00 00 44 00 3A 00 5C 00 75 00 6E 00 61 00 74 00 74 00 65 00 6E 00 64 00 65 00 64 00 00 00

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\a: 45 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 00 2E 00 45 00 58 00 45 00 00 00 44 00 3A 00 5C 00 72 00 65 00 67 00 73 00 68 00 6F 00 74 00 31 00 36 00 31 00 65 00 35 00 00 00

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\MRUList: "hgcfaedb"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\MRUList: "gahcfedb"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\MRUList: "gdfecbajih"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\MRUList: "dehgfcbaji"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\h: "D:\LiteShell 0.9.2 setup.exe"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\h: "D:\regshot161e5\regshot.exe"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe\MRUList: "ihgfedcba"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe\MRUList: "jihgfedcba"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\hiv\MRUList: "acb"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\hiv\MRUList: "abc"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Accessories\Order: 08 00 00 00 02 00 00 00 10 09 00 00 01 00 00 00 0E 00 00 00 F4 00 00 00 00 00 00 00 E6 00 00 00 41 75 67 4D 02 00 00 00 02 00 00 00 6C 00 31 00 00 00 00 00 BC 32 F6 8B 11 00 41 43 43 45 53 53 7E 31 00 00 46 00 03 00 04 00 EF BE BC 32 1C 8D BC 32 8C B9 14 00 30 00 41 00 63 00 63 00 65 00 73 00 73 00 69 00 62 00 69 00 6C 00 69 00 74 00 79 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 31 37 36 30 00 18 00 0E 00 00 00 0A 00 EF BE 00 00 00 00 18 00 00 00 66 00 31 00 00 00 00 00 BC 32 28 8B 11 00 41 43 43 45 53 53 7E 31 00 00 32 00 03 00 04 00 EF BE BC 32 28 8B BC 32 8C B9 14 00 00 00 41 00 63 00 63 00 65 00 73 00 73 00 69 00 62 00 69 00 6C 00 69 00 74 00 79 00 00 00 18 00 0E 00 00 00 00 00 EF BE 01 00 00 00 18 00 0E 00 00 00 0A 00 EF BE 01 00 00 00 18 00 00 00 00 00 00 00 00 00 8E 00 00 00 01 00 00 00 80 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 6E 00 31 00 00 00 00 00 BC 32 F7 8B 11 00 43 4F 4D 4D 55 4E 7E 31 00 00 48 00 03 00 04 00 EF BE BC 32 D0 8A BC 32 8C B9 14 00 32 00 43 00 6F 00 6D 00 6D 00 75 00 6E 00 69 00 63 00 61 00 74 00 69 00 6F 00 6E 00 73 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 31 37 36 38 00 18 00 0E 00 00 00 0A 00 EF BE 01 00 00 00 18 00 00 00 00 00 00 00 00 00 F4 00 00 00 02 00 00 00 E6 00 00 00 41 75 67 4D 02 00 00 00 02 00 00 00 6C 00 31 00 00 00 00 00 BC 32 27 8D 11 00 45 4E 54 45 52 54 7E 31 00 00 46 00 03 00 04 00 EF BE BC 32 1C 8D BC 32 8C B9 14 00 30 00 45 00 6E 00 74 00 65 00 72 00 74 00 61 00 69 00 6E 00 6D 00 65 00 6E 00 74 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 31 37 37 32 00 18 00 0E 00 00 00 0A 00 EF BE 00 00 00 00 18 00 00 00 66 00 31 00 00 00 00 00 BC 32 28 8B 11 00 45 4E 54 45 52 54 7E 31 00 00 32 00 03 00 04 00 EF BE BC 32 28 8B BC 32 8C B9 14 00 00 00 45 00 6E 00 74 00 65 00 72 00 74 00 61 00 69 00 6E 00 6D 00 65 00 6E 00 74 00 00 00 18 00 0E 00 00 00 00 00 EF BE 01 00 00 00 18 00 0E 00 00 00 0A 00 EF BE 01 00 00 00 18 00 00 00 00 00 00 00 00 00 8A 00 00 00 03 00 00 00 7C 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 6A 00 31 00 00 00 00 00 BC 32 D4 8C 11 00 53 59 53 54 45 4D 7E 31 00 00 44 00 03 00 04 00 EF BE BC 32 28 8B BC 32 8C B9 14 00 2E 00 53 00 79 00 73 00 74 00 65 00 6D 00 20 00 54 00 6F 00 6F 00 6C 00 73 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 31 37 38 38 00 18 00 0E 00 00 00 0A 00 EF BE 01 00 00 00 18 00 00 00 00 00 00 00 00 00 96 00 00 00 04 00 00 00 88 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 76 00 32 00 06 03 00 00 BC 32 28 8D 20 00 41 44 44 52 45 53 7E 31 2E 4C 4E 4B 00 00 4C 00 03 00 04 00 EF BE BC 32 28 8D BC 32 28 8D 14 00 36 00 41 00 64 00 64 00 72 00 65 00 73 00 73 00 20 00 42 00 6F 00 6F 00 6B 00 2E 00 6C 00 6E 00 6B 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 32 30 31 37 00 1C 00 0E 00 00 00 0A 00 EF BE 00 00 00 00 1C 00 00 00 00 00 00 00 00 00 92 00 00 00 05 00 00 00 84 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 72 00 32 00 DA 05 00 00 BC 32 28 8B 20 00 43 41 4C 43 55 4C 7E 31 2E 4C 4E 4B 00 00 48 00 03 00 04 00 EF BE BC 32 28 8B BC 32 28 8B 14 00 32 00 43 00 61 00 6C 00 63 00 75 00 6C 00 61 00 74 00 6F 00 72 00 2E 00 6C 00 6E 00 6B 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 32 30 31 39 00 1C 00 0E 00 00 00 0A 00 EF BE 01 00 00 00 1C 00 00 00 00 00 00 00 00 00 9A 00 00 00 06 00 00 00 8C 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 7A 00 32 00 13 06 00 00 BC 32 F6 8B 20 00 43 4F 4D 4D 41 4E 7E 31 2E 4C 4E 4B 00 00 50 00 03 00 04 00 EF BE BC 32 1C 8D BC 32 1C 8D 14 00 3A 00 43 00 6F 00 6D 00 6D 00 61 00 6E 00 64 00 20 00 50 00 72 00 6F 00 6D 00 70 00 74 00 2E 00 6C 00 6E 00 6B 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 32 30 32 32 00 1C 00 0E 00 00 00 0A 00 EF BE 00 00 00 00 1C 00 00 00 00 00 00 00 00 00 8A 00 00 00 07 00 00 00 7C 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 6A 00 32 00 EF 05 00 00 BC 32 F6 8B 20 00 4E 6F 74 65 70 61 64 2E 6C 6E 6B 00 42 00 03 00 04 00 EF BE BC 32 1C 8D BC 32 1C 8D 14 00 2C 00 4E 00 6F 00 74 00 65 00 70 00 61 00 64 00 2E 00 6C 00 6E 00 6B 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 32 30 35 31 00 1A 00 0E 00 00 00 0A 00 EF BE 00 00 00 00 1A 00 00 00 00 00 00 00 00 00 84 00 00 00 08 00 00 00 76 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 64 00 32 00 EB 05 00 00 BC 32 28 8B 20 00 50 61 69 6E 74 2E 6C 6E 6B 00 3E 00 03 00 04 00 EF BE BC 32 28 8B BC 32 28 8B 14 00 28 00 50 00 61 00 69 00 6E 00 74 00 2E 00 6C 00 6E 00 6B 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 32 30 35 34 00 18 00 0E 00 00 00 0A 00 EF BE 01 00 00 00 18 00 00 00 00 00 00 00 00 00 CA 00 00 00 09 00 00 00 BC 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 AA 00 32 00 82 01 00 00 BC 32 F6 8B 20 00 50 52 4F 47 52 41 7E 31 2E 4C 4E 4B 00 00 80 00 03 00 04 00 EF BE BC 32 1C 8D BC 32 1C 8D 14 00 56 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 43 00 6F 00 6D 00 70 00 61 00 74 00 69 00 62 00 69 00 6C 00 69 00 74 00 79 00 20 00 57 00 69 00 7A 00 61 00 72 00 64 00 2E 00 6C 00 6E 00 6B 00 00 00 40 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 63 6F 6D 70 61 74 55 49 2E 64 6C 6C 2C 2D 31 31 35 00 00 1C 00 0E 00 00 00 0A 00 EF BE 00 00 00 00 1C 00 00 00 00 00 00 00 00 00 94 00 00 00 0A 00 00 00 86 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 74 00 32 00 EF 05 00 00 BC 32 F6 8B 20 00 53 59 4E 43 48 52 7E 31 2E 4C 4E 4B 00 00 4A 00 03 00 04 00 EF BE BC 32 1C 8D BC 32 1C 8D 14 00 34 00 53 00 79 00 6E 00 63 00 68 00 72 00 6F 00 6E 00 69 00 7A 00 65 00 2E 00 6C 00 6E 00 6B 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 32 30 36 32 00 1C 00 0E 00 00 00 0A 00 EF BE 00 00 00 00 1C 00 00 00 00 00 00 00 00 00 AE 00 00 00 0B 00 00 00 A0 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 8E 00 32 00 F7 05 00 00 BC 32 F6 8B 20 00 54 4F 55 52 57 49 7E 31 2E 4C 4E 4B 00 00 64 00 03 00 04 00 EF BE BC 32 1C 8D BC 32 1C 8D 14 00 3C 00 54 00 6F 00 75 00 72 00 20 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 58 00 50 00 2E 00 6C 00 6E 00 6B 00 00 00 40 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 74 6F 75 72 73 74 61 72 74 2E 65 78 65 2C 2D 31 00 1C 00 0E 00 00 00 0A 00 EF BE 00 00 00 00 1C 00 00 00 00 00 00 00 00 00 9E 00 00 00 0C 00 00 00 90 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 7E 00 32 00 CF 05 00 00 BC 32 8A 8B 20 00 57 49 4E 44 4F 57 7E 31 2E 4C 4E 4B 00 00 54 00 03 00 04 00 EF BE BC 32 1C 8D BC 32 1C 8D 14 00 3E 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 45 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 00 2E 00 6C 00 6E 00 6B 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 32 30 36 37 00 1C 00 0E 00 00 00 0A 00 EF BE 00 00 00 00 1C 00 00 00 00 00 00 00 00 00 8A 00 00 00 0D 00 00 00 7C 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 6A 00 32 00 6F 03 00 00 BC 32 28 8B 20 00 57 6F 72 64 50 61 64 2E 6C 6E 6B 00 42 00 03 00 04 00 EF BE BC 32 28 8B BC 32 28 8B 14 00 2C 00 57 00 6F 00 72 00 64 00 50 00 61 00 64 00 2E 00 6C 00 6E 00 6B 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 32 30 36 39 00 1A 00 0E 00 00 00 0A 00 EF BE 01 00 00 00 1A 00 00 00 00 00 00 00 00 00

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Accessories\Order: 08 00 00 00 02 00 00 00 10 09 00 00 01 00 00 00 0E 00 00 00 F4 00 00 00 00 00 00 00 E6 00 00 00 41 75 67 4D 02 00 00 00 02 00 00 00 6C 00 31 00 00 00 00 00 BC 32 F6 8B 11 00 41 43 43 45 53 53 7E 31 00 00 46 00 03 00 04 00 EF BE BC 32 1C 8D BC 32 8C B9 14 00 30 00 41 00 63 00 63 00 65 00 73 00 73 00 69 00 62 00 69 00 6C 00 69 00 74 00 79 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 31 37 36 30 00 18 00 0E 00 00 00 0A 00 EF BE 00 00 00 00 18 00 00 00 66 00 31 00 00 00 00 00 BC 32 28 8B 11 00 41 43 43 45 53 53 7E 31 00 00 32 00 03 00 04 00 EF BE BC 32 28 8B BC 32 8C B9 14 00 00 00 41 00 63 00 63 00 65 00 73 00 73 00 69 00 62 00 69 00 6C 00 69 00 74 00 79 00 00 00 18 00 0E 00 00 00 00 00 EF BE 01 00 00 00 18 00 0E 00 00 00 0A 00 EF BE 01 00 00 00 18 00 00 00 00 00 00 00 00 00 8E 00 00 00 01 00 00 00 80 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 6E 00 31 00 00 00 00 00 BC 32 F7 8B 11 00 43 4F 4D 4D 55 4E 7E 31 00 00 48 00 03 00 04 00 EF BE BC 32 D0 8A BC 32 8C B9 14 00 32 00 43 00 6F 00 6D 00 6D 00 75 00 6E 00 69 00 63 00 61 00 74 00 69 00 6F 00 6E 00 73 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 31 37 36 38 00 18 00 0E 00 00 00 0A 00 EF BE 01 00 00 00 18 00 00 00 00 00 00 00 00 00 F4 00 00 00 02 00 00 00 E6 00 00 00 41 75 67 4D 02 00 00 00 02 00 00 00 6C 00 31 00 00 00 00 00 BC 32 27 8D 11 00 45 4E 54 45 52 54 7E 31 00 00 46 00 03 00 04 00 EF BE BC 32 1C 8D BC 32 8C B9 14 00 30 00 45 00 6E 00 74 00 65 00 72 00 74 00 61 00 69 00 6E 00 6D 00 65 00 6E 00 74 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 31 37 37 32 00 18 00 0E 00 00 00 0A 00 EF BE 00 00 00 00 18 00 00 00 66 00 31 00 00 00 00 00 BC 32 28 8B 11 00 45 4E 54 45 52 54 7E 31 00 00 32 00 03 00 04 00 EF BE BC 32 28 8B BC 32 8C B9 14 00 00 00 45 00 6E 00 74 00 65 00 72 00 74 00 61 00 69 00 6E 00 6D 00 65 00 6E 00 74 00 00 00 18 00 0E 00 00 00 00 00 EF BE 01 00 00 00 18 00 0E 00 00 00 0A 00 EF BE 01 00 00 00 18 00 00 00 00 00 00 00 00 00 8A 00 00 00 03 00 00 00 7C 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 6A 00 31 00 00 00 00 00 BC 32 D4 8C 11 00 53 59 53 54 45 4D 7E 31 00 00 44 00 03 00 04 00 EF BE BC 32 28 8B BC 32 8C B9 14 00 2E 00 53 00 79 00 73 00 74 00 65 00 6D 00 20 00 54 00 6F 00 6F 00 6C 00 73 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 31 37 38 38 00 18 00 0E 00 00 00 0A 00 EF BE 01 00 00 00 18 00 00 00 00 00 00 00 00 00 96 00 00 00 04 00 00 00 88 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 76 00 32 00 06 03 00 00 BC 32 28 8D 20 00 41 44 44 52 45 53 7E 31 2E 4C 4E 4B 00 00 4C 00 03 00 04 00 EF BE BC 32 28 8D BC 32 1B BB 14 00 36 00 41 00 64 00 64 00 72 00 65 00 73 00 73 00 20 00 42 00 6F 00 6F 00 6B 00 2E 00 6C 00 6E 00 6B 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 32 30 31 37 00 1C 00 0E 00 00 00 0A 00 EF BE 00 00 00 00 1C 00 00 00 00 00 00 00 00 00 92 00 00 00 05 00 00 00 84 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 72 00 32 00 DA 05 00 00 BC 32 28 8B 20 00 43 41 4C 43 55 4C 7E 31 2E 4C 4E 4B 00 00 48 00 03 00 04 00 EF BE BC 32 28 8B BC 32 1B BB 14 00 32 00 43 00 61 00 6C 00 63 00 75 00 6C 00 61 00 74 00 6F 00 72 00 2E 00 6C 00 6E 00 6B 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 32 30 31 39 00 1C 00 0E 00 00 00 0A 00 EF BE 01 00 00 00 1C 00 00 00 00 00 00 00 00 00 9A 00 00 00 06 00 00 00 8C 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 7A 00 32 00 13 06 00 00 BC 32 F6 8B 20 00 43 4F 4D 4D 41 4E 7E 31 2E 4C 4E 4B 00 00 50 00 03 00 04 00 EF BE BC 32 1C 8D BC 32 1B BB 14 00 3A 00 43 00 6F 00 6D 00 6D 00 61 00 6E 00 64 00 20 00 50 00 72 00 6F 00 6D 00 70 00 74 00 2E 00 6C 00 6E 00 6B 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 32 30 32 32 00 1C 00 0E 00 00 00 0A 00 EF BE 00 00 00 00 1C 00 00 00 00 00 00 00 00 00 8A 00 00 00 07 00 00 00 7C 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 6A 00 32 00 EF 05 00 00 BC 32 F6 8B 20 00 4E 6F 74 65 70 61 64 2E 6C 6E 6B 00 42 00 03 00 04 00 EF BE BC 32 1C 8D BC 32 1B BB 14 00 2C 00 4E 00 6F 00 74 00 65 00 70 00 61 00 64 00 2E 00 6C 00 6E 00 6B 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 32 30 35 31 00 1A 00 0E 00 00 00 0A 00 EF BE 00 00 00 00 1A 00 00 00 00 00 00 00 00 00 84 00 00 00 08 00 00 00 76 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 64 00 32 00 EB 05 00 00 BC 32 28 8B 20 00 50 61 69 6E 74 2E 6C 6E 6B 00 3E 00 03 00 04 00 EF BE BC 32 28 8B BC 32 1B BB 14 00 28 00 50 00 61 00 69 00 6E 00 74 00 2E 00 6C 00 6E 00 6B 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 32 30 35 34 00 18 00 0E 00 00 00 0A 00 EF BE 01 00 00 00 18 00 00 00 00 00 00 00 00 00 CA 00 00 00 09 00 00 00 BC 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 AA 00 32 00 82 01 00 00 BC 32 F6 8B 20 00 50 52 4F 47 52 41 7E 31 2E 4C 4E 4B 00 00 80 00 03 00 04 00 EF BE BC 32 1C 8D BC 32 1B BB 14 00 56 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 43 00 6F 00 6D 00 70 00 61 00 74 00 69 00 62 00 69 00 6C 00 69 00 74 00 79 00 20 00 57 00 69 00 7A 00 61 00 72 00 64 00 2E 00 6C 00 6E 00 6B 00 00 00 40 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 63 6F 6D 70 61 74 55 49 2E 64 6C 6C 2C 2D 31 31 35 00 00 1C 00 0E 00 00 00 0A 00 EF BE 00 00 00 00 1C 00 00 00 00 00 00 00 00 00 94 00 00 00 0A 00 00 00 86 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 74 00 32 00 EF 05 00 00 BC 32 F6 8B 20 00 53 59 4E 43 48 52 7E 31 2E 4C 4E 4B 00 00 4A 00 03 00 04 00 EF BE BC 32 1C 8D BC 32 1B BB 14 00 34 00 53 00 79 00 6E 00 63 00 68 00 72 00 6F 00 6E 00 69 00 7A 00 65 00 2E 00 6C 00 6E 00 6B 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 32 30 36 32 00 1C 00 0E 00 00 00 0A 00 EF BE 00 00 00 00 1C 00 00 00 00 00 00 00 00 00 AE 00 00 00 0B 00 00 00 A0 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 8E 00 32 00 F7 05 00 00 BC 32 F6 8B 20 00 54 4F 55 52 57 49 7E 31 2E 4C 4E 4B 00 00 64 00 03 00 04 00 EF BE BC 32 1C 8D BC 32 1B BB 14 00 3C 00 54 00 6F 00 75 00 72 00 20 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 58 00 50 00 2E 00 6C 00 6E 00 6B 00 00 00 40 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 74 6F 75 72 73 74 61 72 74 2E 65 78 65 2C 2D 31 00 1C 00 0E 00 00 00 0A 00 EF BE 00 00 00 00 1C 00 00 00 00 00 00 00 00 00 9E 00 00 00 0C 00 00 00 90 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 7E 00 32 00 CF 05 00 00 BC 32 8A 8B 20 00 57 49 4E 44 4F 57 7E 31 2E 4C 4E 4B 00 00 54 00 03 00 04 00 EF BE BC 32 1C 8D BC 32 1B BB 14 00 3E 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 45 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 00 2E 00 6C 00 6E 00 6B 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 32 30 36 37 00 1C 00 0E 00 00 00 0A 00 EF BE 00 00 00 00 1C 00 00 00 00 00 00 00 00 00 8A 00 00 00 0D 00 00 00 7C 00 00 00 41 75 67 4D 02 00 00 00 01 00 00 00 6A 00 32 00 6F 03 00 00 BC 32 28 8B 20 00 57 6F 72 64 50 61 64 2E 6C 6E 6B 00 42 00 03 00 04 00 EF BE BC 32 28 8B BC 32 1B BB 14 00 2C 00 57 00 6F 00 72 00 64 00 50 00 61 00 64 00 2E 00 6C 00 6E 00 6B 00 00 00 40 73 68 65 6C 6C 33 32 2E 64 6C 6C 2C 2D 32 32 30 36 39 00 1A 00 0E 00 00 00 0A 00 EF BE 01 00 00 00 1A 00 00 00 00 00 00 00 00 00

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\MRUList: "edbca"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\MRUList: "fedbca"

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\StartMenu_Balloon_Time: 50 9F 60 25 E0 63 C5 01

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\StartMenu_Balloon_Time: C0 A1 F4 FB E0 63 C5 01

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU: 01 00 00 00 2D 00 00 00 B0 7E 76 8B E0 63 C5 01

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU: 01 00 00 00 2F 00 00 00 60 A7 77 24 E1 63 C5 01

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Vagryyv UlcreFcrrq 2005\Vagryyv UlcreFcrrq 2005.rkr: 01 00 00 00 10 00 00 00 00 07 86 75 DC 63 C5 01

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Vagryyv UlcreFcrrq 2005\Vagryyv UlcreFcrrq 2005.rkr: 01 00 00 00 11 00 00 00 20 C0 1C 01 E1 63 C5 01

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY: 01 00 00 00 29 00 00 00 C0 D0 F7 74 DC 63 C5 01

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY: 01 00 00 00 2B 00 00 00 30 BE 91 00 E1 63 C5 01

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Vagryyv UlcreFcrrq 2005\Vagryyv UlcreFcrrq 2005.rkr.yax: 01 00 00 00 0F 00 00 00 20 4A F6 74 DC 63 C5 01

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Vagryyv UlcreFcrrq 2005\Vagryyv UlcreFcrrq 2005.rkr.yax: 01 00 00 00 10 00 00 00 B0 A3 8B 00 E1 63 C5 01

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Vagryyv UlcreFcrrq 2005: 01 00 00 00 0F 00 00 00 C0 D0 F7 74 DC 63 C5 01

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Vagryyv UlcreFcrrq 2005: 01 00 00 00 10 00 00 00 30 BE 91 00 E1 63 C5 01

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:Q:\ertfubg161r5\ertfubg.rkr: 01 00 00 00 09 00 00 00 B0 7E 76 8B E0 63 C5 01

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:Q:\ertfubg161r5\ertfubg.rkr: 01 00 00 00 0A 00 00 00 60 A7 77 24 E1 63 C5 01

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72267F6A-A6F9-11D0-BC94-00C04FB67863}\iexplore\Count: 0x00000024

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72267F6A-A6F9-11D0-BC94-00C04FB67863}\iexplore\Count: 0x00000026

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72267F6A-A6F9-11D0-BC94-00C04FB67863}\iexplore\Time: D5 07 05 00 06 00 1C 00 17 00 34 00 38 00 6D 03

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72267F6A-A6F9-11D0-BC94-00C04FB67863}\iexplore\Time: D5 07 05 00 06 00 1C 00 17 00 39 00 2F 00 17 02

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8856F961-340A-11D0-A96B-00C04FD705A2}\iexplore\Count: 0x00000016

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8856F961-340A-11D0-A96B-00C04FD705A2}\iexplore\Count: 0x00000017

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8856F961-340A-11D0-A96B-00C04FD705A2}\iexplore\Time: D5 07 05 00 06 00 1C 00 17 00 34 00 37 00 4E 03

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8856F961-340A-11D0-A96B-00C04FD705A2}\iexplore\Time: D5 07 05 00 06 00 1C 00 17 00 39 00 2F 00 86 02

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore\Count: 0x0000004B

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore\Count: 0x0000004C

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore\Time: D5 07 05 00 06 00 1C 00 17 00 34 00 39 00 0B 03

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore\Time: D5 07 05 00 06 00 1C 00 17 00 39 00 31 00 76 00

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\MRUListEx: 00 00 00 00 01 00 00 00 02 00 00 00 FF FF FF FF

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\MRUListEx: 02 00 00 00 00 00 00 00 01 00 00 00 FF FF FF FF

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\0\MRUListEx: 12 00 00 00 11 00 00 00 10 00 00 00 0F 00 00 00 0E 00 00 00 0D 00 00 00 00 00 00 00 09 00 00 00 0A 00 00 00 0B 00 00 00 0C 00 00 00 08 00 00 00 07 00 00 00 06 00 00 00 04 00 00 00 05 00 00 00 03 00 00 00 02 00 00 00 01 00 00 00 FF FF FF FF

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\0\MRUListEx: 12 00 00 00 00 00 00 00 11 00 00 00 10 00 00 00 0F 00 00 00 0E 00 00 00 0D 00 00 00 09 00 00 00 0A 00 00 00 0B 00 00 00 0C 00 00 00 08 00 00 00 07 00 00 00 06 00 00 00 04 00 00 00 05 00 00 00 03 00 00 00 02 00 00 00 01 00 00 00 FF FF FF FF

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\SessionInformation\ProgramCount: 0x00000002

HKEY_USERS\S-1-5-21-1935655697-706699826-1708537768-500\SessionInformation\ProgramCount: 0x00000001

----------------------------------

Total changes:162

----------------------------------

i need to know the changes of witch i should put in too my os for this one when i make the unattended cd.

Link to comment
Share on other sites
kurt476

kurt476

Posted
  • Author
Posted
did this help your speed at all?

Yes Intelli Hyperspeed did help, i am going to buy this. i am going to extrack the tweaks from the program, make a simple dos program to change tweaks for speed.

Link to comment
Share on other sites
  • 3 weeks later...
Takeshi

Takeshi

Posted
Posted

It

disables many system servcies

tweaks the WaitToKillServiceTimeout

tweaks the NTFS time stamp etc.

resorts your Start menu order

all of these can be found here and elsewhere...

PS. Putting the long list in code box tag would be better.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...