- Oct 13, 2014
- 462
- 0
- 4,860
Hello.
I want to know what does TweakNT actually do to the registry in the "remove timebomb" operation, so I use regshot to capture the changes as following:
So can anyone explain what does it actually do, and can I do it manually without using the TweakNT?
Thanks.
I want to know what does TweakNT actually do to the registry in the "remove timebomb" operation, so I use regshot to capture the changes as following:
----------------------------------
Keys added: 57
----------------------------------
HKLM\SYSTEM\WPA\MediaCenter
HKLM\SYSTEM\WPA\TabletPC
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\reg
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\OpenWithProgids
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\OpenWithProgids
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.css
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.css\OpenWithProgids
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\OpenWithProgids
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\OpenWithProgids
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\OpenWithProgids
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithProgids
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\OpenWithProgids
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\OpenWithProgids
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\OpenWithProgids
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\OpenWithProgids
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithProgids
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithProgids
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\OpenWithProgids
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\OpenWithProgids
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithProgids
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\OpenWithProgids
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithProgids
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\0
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\0\0
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\0\0\0
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\0\0\0\0
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\3
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\Bags\7
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\Bags\7\Shell
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\Bags\8
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\Bags\8\Shell
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\Bags\9
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\Bags\9\Shell
----------------------------------
Values added: 101
----------------------------------
HKLM\SYSTEM\ControlSet001\Services\MSDTC\Performance\WbemAdapFileSignature: 80 1B A8 73 02 E1 62 1B 77 52 ED E6 03 C6 6E 17
HKLM\SYSTEM\ControlSet001\Services\MSDTC\Performance\WbemAdapFileTime: 93 87 DA DD 9E 4B C9 01
HKLM\SYSTEM\ControlSet001\Services\MSDTC\Performance\WbemAdapFileSize: 0x00027800
HKLM\SYSTEM\ControlSet001\Services\MSDTC\Performance\WbemAdapStatus: 0x00000000
HKLM\SYSTEM\ControlSet001\Services\PerfDisk\Performance\WbemAdapFileSignature: AB FB 67 3B 24 A9 B3 28 77 61 D4 97 52 9F B5 B9
HKLM\SYSTEM\ControlSet001\Services\PerfDisk\Performance\WbemAdapFileTime: 75 D9 8B DD 9E 4B C9 01
HKLM\SYSTEM\ControlSet001\Services\PerfDisk\Performance\WbemAdapFileSize: 0x00006800
HKLM\SYSTEM\ControlSet001\Services\PerfDisk\Performance\WbemAdapStatus: 0x00000000
HKLM\SYSTEM\ControlSet001\Services\PerfNet\Performance\WbemAdapFileSignature: 91 3A F8 8B 02 91 D7 D3 A0 FD C9 2F 5E 1C C7 D7
HKLM\SYSTEM\ControlSet001\Services\PerfNet\Performance\WbemAdapFileTime: 63 B0 26 F1 9E 4B C9 01
HKLM\SYSTEM\ControlSet001\Services\PerfNet\Performance\WbemAdapFileSize: 0x00004600
HKLM\SYSTEM\ControlSet001\Services\PerfNet\Performance\WbemAdapStatus: 0x00000000
HKLM\SYSTEM\ControlSet001\Services\PerfOS\Performance\WbemAdapFileSignature: AC DA FC D1 4E C0 EC E8 91 98 50 37 46 A5 C1 47
HKLM\SYSTEM\ControlSet001\Services\PerfOS\Performance\WbemAdapFileTime: 8D 5C 7E D4 9E 4B C9 01
HKLM\SYSTEM\ControlSet001\Services\PerfOS\Performance\WbemAdapFileSize: 0x00006200
HKLM\SYSTEM\ControlSet001\Services\PerfOS\Performance\WbemAdapStatus: 0x00000000
HKLM\SYSTEM\ControlSet001\Services\PerfProc\Performance\WbemAdapFileSignature: 17 93 CC 66 06 05 F6 3B 14 FB 96 C7 70 7F 75 BA
HKLM\SYSTEM\ControlSet001\Services\PerfProc\Performance\WbemAdapFileTime: EB BE 80 D4 9E 4B C9 01
HKLM\SYSTEM\ControlSet001\Services\PerfProc\Performance\WbemAdapFileSize: 0x00008800
HKLM\SYSTEM\ControlSet001\Services\PerfProc\Performance\WbemAdapStatus: 0x00000000
HKLM\SYSTEM\ControlSet001\Services\PSched\Performance\WbemAdapFileSignature: B4 45 9D 13 47 3D 07 FC B4 33 65 C0 27 32 DE 16
HKLM\SYSTEM\ControlSet001\Services\PSched\Performance\WbemAdapFileTime: EB 6F 75 F9 9E 4B C9 01
HKLM\SYSTEM\ControlSet001\Services\PSched\Performance\WbemAdapFileSize: 0x00002A00
HKLM\SYSTEM\ControlSet001\Services\PSched\Performance\WbemAdapStatus: 0x00000000
HKLM\SYSTEM\ControlSet001\Services\Tcpip\Performance\WbemAdapFileSignature: DB E2 B6 23 53 66 0E CC A0 D7 5E A3 07 A7 17 E9
HKLM\SYSTEM\ControlSet001\Services\Tcpip\Performance\WbemAdapFileTime: A7 EB 21 F1 9E 4B C9 01
HKLM\SYSTEM\ControlSet001\Services\Tcpip\Performance\WbemAdapFileSize: 0x00009C00
HKLM\SYSTEM\ControlSet001\Services\Tcpip\Performance\WbemAdapStatus: 0x00000000
HKLM\SYSTEM\WPA\MediaCenter\Installed: 0x00000000
HKLM\SYSTEM\WPA\TabletPC\Installed: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\MSDTC\Performance\WbemAdapFileSignature: 80 1B A8 73 02 E1 62 1B 77 52 ED E6 03 C6 6E 17
HKLM\SYSTEM\CurrentControlSet\Services\MSDTC\Performance\WbemAdapFileTime: 93 87 DA DD 9E 4B C9 01
HKLM\SYSTEM\CurrentControlSet\Services\MSDTC\Performance\WbemAdapFileSize: 0x00027800
HKLM\SYSTEM\CurrentControlSet\Services\MSDTC\Performance\WbemAdapStatus: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\PerfDisk\Performance\WbemAdapFileSignature: AB FB 67 3B 24 A9 B3 28 77 61 D4 97 52 9F B5 B9
HKLM\SYSTEM\CurrentControlSet\Services\PerfDisk\Performance\WbemAdapFileTime: 75 D9 8B DD 9E 4B C9 01
HKLM\SYSTEM\CurrentControlSet\Services\PerfDisk\Performance\WbemAdapFileSize: 0x00006800
HKLM\SYSTEM\CurrentControlSet\Services\PerfDisk\Performance\WbemAdapStatus: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\PerfNet\Performance\WbemAdapFileSignature: 91 3A F8 8B 02 91 D7 D3 A0 FD C9 2F 5E 1C C7 D7
HKLM\SYSTEM\CurrentControlSet\Services\PerfNet\Performance\WbemAdapFileTime: 63 B0 26 F1 9E 4B C9 01
HKLM\SYSTEM\CurrentControlSet\Services\PerfNet\Performance\WbemAdapFileSize: 0x00004600
HKLM\SYSTEM\CurrentControlSet\Services\PerfNet\Performance\WbemAdapStatus: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\PerfOS\Performance\WbemAdapFileSignature: AC DA FC D1 4E C0 EC E8 91 98 50 37 46 A5 C1 47
HKLM\SYSTEM\CurrentControlSet\Services\PerfOS\Performance\WbemAdapFileTime: 8D 5C 7E D4 9E 4B C9 01
HKLM\SYSTEM\CurrentControlSet\Services\PerfOS\Performance\WbemAdapFileSize: 0x00006200
HKLM\SYSTEM\CurrentControlSet\Services\PerfOS\Performance\WbemAdapStatus: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\PerfProc\Performance\WbemAdapFileSignature: 17 93 CC 66 06 05 F6 3B 14 FB 96 C7 70 7F 75 BA
HKLM\SYSTEM\CurrentControlSet\Services\PerfProc\Performance\WbemAdapFileTime: EB BE 80 D4 9E 4B C9 01
HKLM\SYSTEM\CurrentControlSet\Services\PerfProc\Performance\WbemAdapFileSize: 0x00008800
HKLM\SYSTEM\CurrentControlSet\Services\PerfProc\Performance\WbemAdapStatus: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\PSched\Performance\WbemAdapFileSignature: B4 45 9D 13 47 3D 07 FC B4 33 65 C0 27 32 DE 16
HKLM\SYSTEM\CurrentControlSet\Services\PSched\Performance\WbemAdapFileTime: EB 6F 75 F9 9E 4B C9 01
HKLM\SYSTEM\CurrentControlSet\Services\PSched\Performance\WbemAdapFileSize: 0x00002A00
HKLM\SYSTEM\CurrentControlSet\Services\PSched\Performance\WbemAdapStatus: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Performance\WbemAdapFileSignature: DB E2 B6 23 53 66 0E CC A0 D7 5E A3 07 A7 17 E9
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Performance\WbemAdapFileTime: A7 EB 21 F1 9E 4B C9 01
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Performance\WbemAdapFileSize: 0x00009C00
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Performance\WbemAdapStatus: 0x00000000
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\a: 52 00 65 00 67 00 46 00 72 00 6F 00 6D 00 41 00 70 00 70 00 2E 00 65 00 78 00 65 00 00 00 43 00 3A 00 5C 00 44 00 6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 73 00 20 00 61 00 6E 00 64 00 20 00 53 00 65 00 74 00 74 00 69 00 6E 00 67 00 73 00 5C 00 41 00 64 00 6D 00 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 74 00 6F 00 72 00 5C 00 44 00 65 00 73 00 6B 00 74 00 6F 00 70 00 00 00
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\MRUList: "a"
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\a: "C:\Documents and Settings\Administrator\Desktop\001.reg"
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\MRUList: "a"
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\reg\a: "C:\Documents and Settings\Administrator\Desktop\001.reg"
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\reg\MRUList: "a"
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\OpenWithProgids\AVIFile: (NULL!)
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\OpenWithProgids\Paint.Picture: (NULL!)
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.css\OpenWithProgids\CSSfile: (NULL!)
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\OpenWithProgids\Paint.Picture: (NULL!)
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\OpenWithProgids\emffile: (NULL!)
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\OpenWithProgids\giffile: (NULL!)
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids\htmlfile: (NULL!)
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithProgids\htmlfile: (NULL!)
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\OpenWithProgids\icofile: (NULL!)
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\OpenWithProgids\pjpegfile: (NULL!)
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\OpenWithProgids\jpegfile: (NULL!)
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\OpenWithProgids\jpegfile: (NULL!)
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithProgids\jpegfile: (NULL!)
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithProgids\pngfile: (NULL!)
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\OpenWithProgids\TIFImage.Document: (NULL!)
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\OpenWithProgids\TIFImage.Document: (NULL!)
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithProgids\txtfile: (NULL!)
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\OpenWithProgids\wmffile: (NULL!)
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithProgids\CompressedFolder: (NULL!)
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\3: 14 00 1F 48 BA 8F 0D 45 25 AD D0 11 98 A8 08 00 36 1B 11 03 00 00
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\0: 5C 00 31 00 00 00 00 00 7C 49 7A 46 10 00 44 4F 43 55 4D 45 7E 31 00 00 44 00 03 00 04 00 EF BE 75 39 94 33 7C 49 02 4F 14 00 00 00 44 00 6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 73 00 20 00 61 00 6E 00 64 00 20 00 53 00 65 00 74 00 74 00 69 00 6E 00 67 00 73 00 00 00 18 00 00 00
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\0\0: 4A 00 31 00 00 00 00 00 7C 49 7A 46 10 00 41 44 4D 49 4E 49 7E 31 00 00 32 00 03 00 04 00 EF BE 7C 49 7A 46 7C 49 08 4F 14 00 00 00 41 00 64 00 6D 00 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 74 00 6F 00 72 00 00 00 18 00 00 00
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\0\MRUListEx: 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\0\0\0: 3C 00 31 00 00 00 00 00 7C 49 22 4F 10 00 44 65 73 6B 74 6F 70 00 26 00 03 00 04 00 EF BE 7C 49 7A 46 7C 49 22 4F 14 00 00 00 44 00 65 00 73 00 6B 00 74 00 6F 00 70 00 00 00 16 00 00 00
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\0\0\MRUListEx: 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\0\0\0\0: 44 00 31 00 00 00 00 00 7C 49 29 50 10 00 52 45 47 46 52 4F 7E 31 00 00 2C 00 03 00 04 00 EF BE 7C 49 22 4F 7C 49 44 50 14 00 00 00 72 00 65 00 67 00 66 00 72 00 6F 00 6D 00 61 00 70 00 70 00 00 00 18 00 00 00
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\0\0\0\MRUListEx: 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\0\0\0\NodeSlot: 0x00000009
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\0\0\0\0\NodeSlot: 0x00000008
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\0\0\0\0\MRUListEx: FF FF FF FF
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\3\NodeSlot: 0x00000007
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\3\MRUListEx: FF FF FF FF
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\Bags\7\Shell\FolderType: "MyDocuments"
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\Bags\8\Shell\FolderType: "Documents"
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\Bags\9\Shell\FolderType: "Documents"
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-21779: "My Pictures"
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-21790: "My Music"
----------------------------------
Values modified: 15
----------------------------------
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: B3 DB AA 5E A0 41 F7 23 62 F1 79 14 49 5E 6D 74 2F B4 9D F9 59 AE 0E 4A EA 7C EA B4 54 DA F2 E4 7D 1E 42 B2 EC FF 27 24 3C 0B E1 67 AA A8 7C AB 84 C7 89 AB FC E2 9E 36 B0 DC 9D 38 CA F3 E9 53 54 11 92 98 62 7E 18 04 20 C3 2F 58 05 77 F4 CF
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: A8 11 D4 71 6A 59 54 13 A2 7F 75 70 64 14 B5 26 FB AA E4 22 62 EB C3 DA 64 38 99 7F 39 CD 80 DE 26 A5 F2 18 96 00 92 D9 4A 59 87 A4 6E F5 75 AB 06 47 97 8A D3 1F DA 72 3D CC D3 24 AB C5 D3 CB 3A 55 90 76 E8 3A 48 14 A3 E3 DA DD F2 BB B1 56
HKLM\SYSTEM\ControlSet001\Services\RemoteAccess\Performance\WbemAdapFileSignature: ED 7A 5F 76 40 F1 F2 26 E1 E4 FD 6D 47 34 F4 B3
HKLM\SYSTEM\ControlSet001\Services\RemoteAccess\Performance\WbemAdapFileSignature: B0 B0 D7 90 5A C7 1B C2 78 F1 7F 45 5E 18 26 11
HKLM\SYSTEM\ControlSet001\Services\RemoteAccess\Performance\WbemAdapFileTime: 2B BB 94 70 50 E5 C0 01
HKLM\SYSTEM\ControlSet001\Services\RemoteAccess\Performance\WbemAdapFileTime: 1D 6E 97 D8 9E 4B C9 01
HKLM\SYSTEM\ControlSet001\Services\Spooler\Performance\WbemAdapFileTime: 15 C5 AC D0 B1 F9 C0 01
HKLM\SYSTEM\ControlSet001\Services\Spooler\Performance\WbemAdapFileTime: 17 B0 F4 F8 9E 4B C9 01
HKLM\SYSTEM\ControlSet001\Services\Spooler\Performance\WbemAdapFileSize: 0x0001FC00
HKLM\SYSTEM\ControlSet001\Services\Spooler\Performance\WbemAdapFileSize: 0x00023C00
HKLM\SYSTEM\ControlSet001\Services\Spooler\Performance\WbemAdapFileSignature: 83 E0 65 DB 6B 07 E4 BC B2 B1 38 98 83 6C 2A 27
HKLM\SYSTEM\ControlSet001\Services\Spooler\Performance\WbemAdapFileSignature: BD 83 AB A6 1E 8A CC C8 D9 FF B8 69 F2 94 18 CE
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Performance\WbemAdapFileSignature: ED 7A 5F 76 40 F1 F2 26 E1 E4 FD 6D 47 34 F4 B3
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Performance\WbemAdapFileSignature: B0 B0 D7 90 5A C7 1B C2 78 F1 7F 45 5E 18 26 11
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Performance\WbemAdapFileTime: 2B BB 94 70 50 E5 C0 01
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Performance\WbemAdapFileTime: 1D 6E 97 D8 9E 4B C9 01
HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Performance\WbemAdapFileTime: 15 C5 AC D0 B1 F9 C0 01
HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Performance\WbemAdapFileTime: 17 B0 F4 F8 9E 4B C9 01
HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Performance\WbemAdapFileSize: 0x0001FC00
HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Performance\WbemAdapFileSize: 0x00023C00
HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Performance\WbemAdapFileSignature: 83 E0 65 DB 6B 07 E4 BC B2 B1 38 98 83 6C 2A 27
HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Performance\WbemAdapFileSignature: BD 83 AB A6 1E 8A CC C8 D9 FF B8 69 F2 94 18 CE
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} {000214E8-0000-0000-C000-000000000046} 0x401: 00 00 00 00 32 00 30 00 12 C9 DE 5E 5E 49 D2 01
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} {000214E8-0000-0000-C000-000000000046} 0x401: 00 00 00 00 32 00 30 00 B2 6C 54 90 5E 49 D2 01
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\NodeSlots: 02 02 02 02 02 02
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\NodeSlots: 02 02 02 02 02 02 02 02 02
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\MRUListEx: 01 00 00 00 02 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\MRUListEx: 00 00 00 00 03 00 00 00 01 00 00 00 02 00 00 00 FF FF FF FF
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\MRUListEx: FF FF FF FF
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\MRUListEx: 00 00 00 00 FF FF FF FF
----------------------------------
Total changes: 173
----------------------------------
Keys added: 57
----------------------------------
HKLM\SYSTEM\WPA\MediaCenter
HKLM\SYSTEM\WPA\TabletPC
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\reg
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\OpenWithProgids
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\OpenWithProgids
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.css
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.css\OpenWithProgids
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\OpenWithProgids
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\OpenWithProgids
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\OpenWithProgids
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithProgids
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\OpenWithProgids
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\OpenWithProgids
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\OpenWithProgids
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\OpenWithProgids
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithProgids
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithProgids
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\OpenWithProgids
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\OpenWithProgids
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithProgids
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\OpenWithProgids
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithProgids
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\0
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\0\0
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\0\0\0
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\0\0\0\0
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\3
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\Bags\7
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\Bags\7\Shell
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\Bags\8
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\Bags\8\Shell
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\Bags\9
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\Bags\9\Shell
----------------------------------
Values added: 101
----------------------------------
HKLM\SYSTEM\ControlSet001\Services\MSDTC\Performance\WbemAdapFileSignature: 80 1B A8 73 02 E1 62 1B 77 52 ED E6 03 C6 6E 17
HKLM\SYSTEM\ControlSet001\Services\MSDTC\Performance\WbemAdapFileTime: 93 87 DA DD 9E 4B C9 01
HKLM\SYSTEM\ControlSet001\Services\MSDTC\Performance\WbemAdapFileSize: 0x00027800
HKLM\SYSTEM\ControlSet001\Services\MSDTC\Performance\WbemAdapStatus: 0x00000000
HKLM\SYSTEM\ControlSet001\Services\PerfDisk\Performance\WbemAdapFileSignature: AB FB 67 3B 24 A9 B3 28 77 61 D4 97 52 9F B5 B9
HKLM\SYSTEM\ControlSet001\Services\PerfDisk\Performance\WbemAdapFileTime: 75 D9 8B DD 9E 4B C9 01
HKLM\SYSTEM\ControlSet001\Services\PerfDisk\Performance\WbemAdapFileSize: 0x00006800
HKLM\SYSTEM\ControlSet001\Services\PerfDisk\Performance\WbemAdapStatus: 0x00000000
HKLM\SYSTEM\ControlSet001\Services\PerfNet\Performance\WbemAdapFileSignature: 91 3A F8 8B 02 91 D7 D3 A0 FD C9 2F 5E 1C C7 D7
HKLM\SYSTEM\ControlSet001\Services\PerfNet\Performance\WbemAdapFileTime: 63 B0 26 F1 9E 4B C9 01
HKLM\SYSTEM\ControlSet001\Services\PerfNet\Performance\WbemAdapFileSize: 0x00004600
HKLM\SYSTEM\ControlSet001\Services\PerfNet\Performance\WbemAdapStatus: 0x00000000
HKLM\SYSTEM\ControlSet001\Services\PerfOS\Performance\WbemAdapFileSignature: AC DA FC D1 4E C0 EC E8 91 98 50 37 46 A5 C1 47
HKLM\SYSTEM\ControlSet001\Services\PerfOS\Performance\WbemAdapFileTime: 8D 5C 7E D4 9E 4B C9 01
HKLM\SYSTEM\ControlSet001\Services\PerfOS\Performance\WbemAdapFileSize: 0x00006200
HKLM\SYSTEM\ControlSet001\Services\PerfOS\Performance\WbemAdapStatus: 0x00000000
HKLM\SYSTEM\ControlSet001\Services\PerfProc\Performance\WbemAdapFileSignature: 17 93 CC 66 06 05 F6 3B 14 FB 96 C7 70 7F 75 BA
HKLM\SYSTEM\ControlSet001\Services\PerfProc\Performance\WbemAdapFileTime: EB BE 80 D4 9E 4B C9 01
HKLM\SYSTEM\ControlSet001\Services\PerfProc\Performance\WbemAdapFileSize: 0x00008800
HKLM\SYSTEM\ControlSet001\Services\PerfProc\Performance\WbemAdapStatus: 0x00000000
HKLM\SYSTEM\ControlSet001\Services\PSched\Performance\WbemAdapFileSignature: B4 45 9D 13 47 3D 07 FC B4 33 65 C0 27 32 DE 16
HKLM\SYSTEM\ControlSet001\Services\PSched\Performance\WbemAdapFileTime: EB 6F 75 F9 9E 4B C9 01
HKLM\SYSTEM\ControlSet001\Services\PSched\Performance\WbemAdapFileSize: 0x00002A00
HKLM\SYSTEM\ControlSet001\Services\PSched\Performance\WbemAdapStatus: 0x00000000
HKLM\SYSTEM\ControlSet001\Services\Tcpip\Performance\WbemAdapFileSignature: DB E2 B6 23 53 66 0E CC A0 D7 5E A3 07 A7 17 E9
HKLM\SYSTEM\ControlSet001\Services\Tcpip\Performance\WbemAdapFileTime: A7 EB 21 F1 9E 4B C9 01
HKLM\SYSTEM\ControlSet001\Services\Tcpip\Performance\WbemAdapFileSize: 0x00009C00
HKLM\SYSTEM\ControlSet001\Services\Tcpip\Performance\WbemAdapStatus: 0x00000000
HKLM\SYSTEM\WPA\MediaCenter\Installed: 0x00000000
HKLM\SYSTEM\WPA\TabletPC\Installed: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\MSDTC\Performance\WbemAdapFileSignature: 80 1B A8 73 02 E1 62 1B 77 52 ED E6 03 C6 6E 17
HKLM\SYSTEM\CurrentControlSet\Services\MSDTC\Performance\WbemAdapFileTime: 93 87 DA DD 9E 4B C9 01
HKLM\SYSTEM\CurrentControlSet\Services\MSDTC\Performance\WbemAdapFileSize: 0x00027800
HKLM\SYSTEM\CurrentControlSet\Services\MSDTC\Performance\WbemAdapStatus: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\PerfDisk\Performance\WbemAdapFileSignature: AB FB 67 3B 24 A9 B3 28 77 61 D4 97 52 9F B5 B9
HKLM\SYSTEM\CurrentControlSet\Services\PerfDisk\Performance\WbemAdapFileTime: 75 D9 8B DD 9E 4B C9 01
HKLM\SYSTEM\CurrentControlSet\Services\PerfDisk\Performance\WbemAdapFileSize: 0x00006800
HKLM\SYSTEM\CurrentControlSet\Services\PerfDisk\Performance\WbemAdapStatus: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\PerfNet\Performance\WbemAdapFileSignature: 91 3A F8 8B 02 91 D7 D3 A0 FD C9 2F 5E 1C C7 D7
HKLM\SYSTEM\CurrentControlSet\Services\PerfNet\Performance\WbemAdapFileTime: 63 B0 26 F1 9E 4B C9 01
HKLM\SYSTEM\CurrentControlSet\Services\PerfNet\Performance\WbemAdapFileSize: 0x00004600
HKLM\SYSTEM\CurrentControlSet\Services\PerfNet\Performance\WbemAdapStatus: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\PerfOS\Performance\WbemAdapFileSignature: AC DA FC D1 4E C0 EC E8 91 98 50 37 46 A5 C1 47
HKLM\SYSTEM\CurrentControlSet\Services\PerfOS\Performance\WbemAdapFileTime: 8D 5C 7E D4 9E 4B C9 01
HKLM\SYSTEM\CurrentControlSet\Services\PerfOS\Performance\WbemAdapFileSize: 0x00006200
HKLM\SYSTEM\CurrentControlSet\Services\PerfOS\Performance\WbemAdapStatus: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\PerfProc\Performance\WbemAdapFileSignature: 17 93 CC 66 06 05 F6 3B 14 FB 96 C7 70 7F 75 BA
HKLM\SYSTEM\CurrentControlSet\Services\PerfProc\Performance\WbemAdapFileTime: EB BE 80 D4 9E 4B C9 01
HKLM\SYSTEM\CurrentControlSet\Services\PerfProc\Performance\WbemAdapFileSize: 0x00008800
HKLM\SYSTEM\CurrentControlSet\Services\PerfProc\Performance\WbemAdapStatus: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\PSched\Performance\WbemAdapFileSignature: B4 45 9D 13 47 3D 07 FC B4 33 65 C0 27 32 DE 16
HKLM\SYSTEM\CurrentControlSet\Services\PSched\Performance\WbemAdapFileTime: EB 6F 75 F9 9E 4B C9 01
HKLM\SYSTEM\CurrentControlSet\Services\PSched\Performance\WbemAdapFileSize: 0x00002A00
HKLM\SYSTEM\CurrentControlSet\Services\PSched\Performance\WbemAdapStatus: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Performance\WbemAdapFileSignature: DB E2 B6 23 53 66 0E CC A0 D7 5E A3 07 A7 17 E9
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Performance\WbemAdapFileTime: A7 EB 21 F1 9E 4B C9 01
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Performance\WbemAdapFileSize: 0x00009C00
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Performance\WbemAdapStatus: 0x00000000
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\a: 52 00 65 00 67 00 46 00 72 00 6F 00 6D 00 41 00 70 00 70 00 2E 00 65 00 78 00 65 00 00 00 43 00 3A 00 5C 00 44 00 6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 73 00 20 00 61 00 6E 00 64 00 20 00 53 00 65 00 74 00 74 00 69 00 6E 00 67 00 73 00 5C 00 41 00 64 00 6D 00 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 74 00 6F 00 72 00 5C 00 44 00 65 00 73 00 6B 00 74 00 6F 00 70 00 00 00
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\MRUList: "a"
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\a: "C:\Documents and Settings\Administrator\Desktop\001.reg"
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\MRUList: "a"
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\reg\a: "C:\Documents and Settings\Administrator\Desktop\001.reg"
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\reg\MRUList: "a"
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\OpenWithProgids\AVIFile: (NULL!)
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\OpenWithProgids\Paint.Picture: (NULL!)
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.css\OpenWithProgids\CSSfile: (NULL!)
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\OpenWithProgids\Paint.Picture: (NULL!)
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\OpenWithProgids\emffile: (NULL!)
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\OpenWithProgids\giffile: (NULL!)
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids\htmlfile: (NULL!)
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithProgids\htmlfile: (NULL!)
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\OpenWithProgids\icofile: (NULL!)
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\OpenWithProgids\pjpegfile: (NULL!)
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\OpenWithProgids\jpegfile: (NULL!)
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\OpenWithProgids\jpegfile: (NULL!)
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithProgids\jpegfile: (NULL!)
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithProgids\pngfile: (NULL!)
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\OpenWithProgids\TIFImage.Document: (NULL!)
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\OpenWithProgids\TIFImage.Document: (NULL!)
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithProgids\txtfile: (NULL!)
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\OpenWithProgids\wmffile: (NULL!)
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithProgids\CompressedFolder: (NULL!)
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\3: 14 00 1F 48 BA 8F 0D 45 25 AD D0 11 98 A8 08 00 36 1B 11 03 00 00
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\0: 5C 00 31 00 00 00 00 00 7C 49 7A 46 10 00 44 4F 43 55 4D 45 7E 31 00 00 44 00 03 00 04 00 EF BE 75 39 94 33 7C 49 02 4F 14 00 00 00 44 00 6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 73 00 20 00 61 00 6E 00 64 00 20 00 53 00 65 00 74 00 74 00 69 00 6E 00 67 00 73 00 00 00 18 00 00 00
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\0\0: 4A 00 31 00 00 00 00 00 7C 49 7A 46 10 00 41 44 4D 49 4E 49 7E 31 00 00 32 00 03 00 04 00 EF BE 7C 49 7A 46 7C 49 08 4F 14 00 00 00 41 00 64 00 6D 00 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 74 00 6F 00 72 00 00 00 18 00 00 00
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\0\MRUListEx: 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\0\0\0: 3C 00 31 00 00 00 00 00 7C 49 22 4F 10 00 44 65 73 6B 74 6F 70 00 26 00 03 00 04 00 EF BE 7C 49 7A 46 7C 49 22 4F 14 00 00 00 44 00 65 00 73 00 6B 00 74 00 6F 00 70 00 00 00 16 00 00 00
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\0\0\MRUListEx: 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\0\0\0\0: 44 00 31 00 00 00 00 00 7C 49 29 50 10 00 52 45 47 46 52 4F 7E 31 00 00 2C 00 03 00 04 00 EF BE 7C 49 22 4F 7C 49 44 50 14 00 00 00 72 00 65 00 67 00 66 00 72 00 6F 00 6D 00 61 00 70 00 70 00 00 00 18 00 00 00
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\0\0\0\MRUListEx: 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\0\0\0\NodeSlot: 0x00000009
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\0\0\0\0\NodeSlot: 0x00000008
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\0\0\0\0\MRUListEx: FF FF FF FF
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\3\NodeSlot: 0x00000007
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\3\MRUListEx: FF FF FF FF
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\Bags\7\Shell\FolderType: "MyDocuments"
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\Bags\8\Shell\FolderType: "Documents"
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\Bags\9\Shell\FolderType: "Documents"
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-21779: "My Pictures"
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-21790: "My Music"
----------------------------------
Values modified: 15
----------------------------------
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: B3 DB AA 5E A0 41 F7 23 62 F1 79 14 49 5E 6D 74 2F B4 9D F9 59 AE 0E 4A EA 7C EA B4 54 DA F2 E4 7D 1E 42 B2 EC FF 27 24 3C 0B E1 67 AA A8 7C AB 84 C7 89 AB FC E2 9E 36 B0 DC 9D 38 CA F3 E9 53 54 11 92 98 62 7E 18 04 20 C3 2F 58 05 77 F4 CF
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: A8 11 D4 71 6A 59 54 13 A2 7F 75 70 64 14 B5 26 FB AA E4 22 62 EB C3 DA 64 38 99 7F 39 CD 80 DE 26 A5 F2 18 96 00 92 D9 4A 59 87 A4 6E F5 75 AB 06 47 97 8A D3 1F DA 72 3D CC D3 24 AB C5 D3 CB 3A 55 90 76 E8 3A 48 14 A3 E3 DA DD F2 BB B1 56
HKLM\SYSTEM\ControlSet001\Services\RemoteAccess\Performance\WbemAdapFileSignature: ED 7A 5F 76 40 F1 F2 26 E1 E4 FD 6D 47 34 F4 B3
HKLM\SYSTEM\ControlSet001\Services\RemoteAccess\Performance\WbemAdapFileSignature: B0 B0 D7 90 5A C7 1B C2 78 F1 7F 45 5E 18 26 11
HKLM\SYSTEM\ControlSet001\Services\RemoteAccess\Performance\WbemAdapFileTime: 2B BB 94 70 50 E5 C0 01
HKLM\SYSTEM\ControlSet001\Services\RemoteAccess\Performance\WbemAdapFileTime: 1D 6E 97 D8 9E 4B C9 01
HKLM\SYSTEM\ControlSet001\Services\Spooler\Performance\WbemAdapFileTime: 15 C5 AC D0 B1 F9 C0 01
HKLM\SYSTEM\ControlSet001\Services\Spooler\Performance\WbemAdapFileTime: 17 B0 F4 F8 9E 4B C9 01
HKLM\SYSTEM\ControlSet001\Services\Spooler\Performance\WbemAdapFileSize: 0x0001FC00
HKLM\SYSTEM\ControlSet001\Services\Spooler\Performance\WbemAdapFileSize: 0x00023C00
HKLM\SYSTEM\ControlSet001\Services\Spooler\Performance\WbemAdapFileSignature: 83 E0 65 DB 6B 07 E4 BC B2 B1 38 98 83 6C 2A 27
HKLM\SYSTEM\ControlSet001\Services\Spooler\Performance\WbemAdapFileSignature: BD 83 AB A6 1E 8A CC C8 D9 FF B8 69 F2 94 18 CE
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Performance\WbemAdapFileSignature: ED 7A 5F 76 40 F1 F2 26 E1 E4 FD 6D 47 34 F4 B3
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Performance\WbemAdapFileSignature: B0 B0 D7 90 5A C7 1B C2 78 F1 7F 45 5E 18 26 11
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Performance\WbemAdapFileTime: 2B BB 94 70 50 E5 C0 01
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Performance\WbemAdapFileTime: 1D 6E 97 D8 9E 4B C9 01
HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Performance\WbemAdapFileTime: 15 C5 AC D0 B1 F9 C0 01
HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Performance\WbemAdapFileTime: 17 B0 F4 F8 9E 4B C9 01
HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Performance\WbemAdapFileSize: 0x0001FC00
HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Performance\WbemAdapFileSize: 0x00023C00
HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Performance\WbemAdapFileSignature: 83 E0 65 DB 6B 07 E4 BC B2 B1 38 98 83 6C 2A 27
HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Performance\WbemAdapFileSignature: BD 83 AB A6 1E 8A CC C8 D9 FF B8 69 F2 94 18 CE
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} {000214E8-0000-0000-C000-000000000046} 0x401: 00 00 00 00 32 00 30 00 12 C9 DE 5E 5E 49 D2 01
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} {000214E8-0000-0000-C000-000000000046} 0x401: 00 00 00 00 32 00 30 00 B2 6C 54 90 5E 49 D2 01
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\NodeSlots: 02 02 02 02 02 02
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\NodeSlots: 02 02 02 02 02 02 02 02 02
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\MRUListEx: 01 00 00 00 02 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\MRUListEx: 00 00 00 00 03 00 00 00 01 00 00 00 02 00 00 00 FF FF FF FF
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\MRUListEx: FF FF FF FF
HKU\S-1-5-21-2000478354-839522115-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\MRUListEx: 00 00 00 00 FF FF FF FF
----------------------------------
Total changes: 173
----------------------------------
So can anyone explain what does it actually do, and can I do it manually without using the TweakNT?
Thanks.
Facebook
Twitter
Instagram