SystemLook 30.07.11 by jpshortstuff Log created at 01:23 on 26/07/2012 by Admin Administrator - Elevation successful ========== reg ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost] "RPCSS"="RpcEptMapper RpcSs" "defragsvc"="defragsvc" "LocalSystemNetworkRestricted"="UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc IPBusEnum hidserv dot3svc irmon sysmain PcaSvc homegrouplistener WPDBusEnum wlansvc TabletInputService" "LocalService"="nsi WdiServiceHost w32time EventSystem RemoteRegistry WinHttpAutoProxySvc sppuinotify THREADORDER netprofm lltdsvc fdphost SstpSvc WebClient" "netsvcs"="AeLookupSvc CertPropSvc SCPolicySvc lanmanserver gpsvc IKEEXT AudioSrv FastUserSwitchingCompatibility Ias Irmon Nla Ntmssvc NWCWorkstation Nwsapagent Rasauto Rasman Remoteaccess SENS Sharedaccess SRService Tapisrv Wmi WmdmPmSp TermService wuauserv BITS ShellHWDetection LogonHours PCAudit helpsvc uploadmgr iphlpsvc seclogon AppInfo msiscsi MMCSS winmgmt SessionEnv browser EapHost schedule hkmsvc wercplsupport ProfSvc Themes BDESVC" "WerSvcGroup"="wersvc" "LocalServiceNoNetwork"="DPS PLA BFE mpssvc WwanSvc" "termsvcs"="TermService" "swprv"="swprv" "LocalServiceNetworkRestricted"="DHCP eventlog AudioSrv BthHFSrv LmHosts wscsvc homegroupprovider WPCSvc" "LocalServicePeerNet"="PNRPSvc p2pimsvc p2psvc PnrpAutoReg" "NetworkServiceAndNoImpersonation"="KtmRm" "regsvc"="RemoteRegistry" "LocalServiceAndNoImpersonation"="SSDPSRV upnphost SCardSvr TBS fdrespub FontCache AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc" "DcomLaunch"="Power PlugPlay DcomLaunch" "NetworkServiceNetworkRestricted"="PolicyAgent" "NetworkService"="CryptSvc DHCP TermService DNSCache lanmanworkstation NapAgent nlasvc WinRM WECSVC Tapisrv" "sdrsvc"="sdrsvc" "WbioSvcGroup"="WbioSrvc" "imgsvc"="StiSvc" "wcssvc"="WcsPlugInService" "AxInstSVGroup"="AxInstSV" "secsvcs"="WinDefend" "bthsvcs"="bthserv" "HPZ12"="Pml Driver HPZ12 Net Driver HPZ12" "HPService"="HPSLPSVC" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\AxInstSVGroup] "ImpersonationLevel"= 0x0000000003 (3) "CoInitializeSecurityParam"= 0x0000000000 (0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\defragsvc] "CoInitializeSecurityParam"= 0x0000000000 (0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService] "AuthenticationCapabilities"= 0x0000002000 (8192) "CoInitializeSecurityParam"= 0x0000000001 (1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceAndNoImpersonation] "AuthenticationCapabilities"= 0x0000002000 (8192) "CoInitializeSecurityParam"= 0x0000000001 (1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceNetworkRestricted] "DefaultRpcStackSize"= 0x0000000040 (64) "CoInitializeSecurityParam"= 0x0000000001 (1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceNoNetwork] "CoInitializeSecurityParam"= 0x0000000001 (1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalSystemNetworkRestricted] "CoInitializeSecurityParam"= 0x0000000001 (1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs] "AuthenticationCapabilities"= 0x0000003020 (12320) "CoInitializeSecurityParam"= 0x0000000001 (1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\NetworkService] "CoInitializeSecurityParam"= 0x0000000001 (1) "DefaultRpcStackSize"= 0x000000001c (28) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\NetworkServiceRemoteDesktopHyperVAgent] "CoInitializeSecurityParam"= 0x0000000001 (1) "AuthenticationCapabilities"= 0x0000002000 (8192) "AuthenticationLevel"= 0x0000000006 (6) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\NetworkServiceRemoteDesktopPublishing] "CoInitializeSecurityParam"= 0x0000000001 (1) "AuthenticationCapabilities"= 0x0000002000 (8192) "AuthenticationLevel"= 0x0000000006 (6) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\SDRSVC] "CoInitializeSecurityParam"= 0x0000000000 (0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\swprv] "CoInitializeSecurityParam"= 0x0000000000 (0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\termsvcs] "CoInitializeSecurityParam"= 0x0000000001 (1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\wcssvc] "CoInitializeSecurityParam"= 0x0000000001 (1) "CoInitializeSecurityAppID"="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\wercplsupport] "AuthenticationCapabilities"= 0x0000003020 (12320) "CoInitializeSecurityParam"= 0x0000000001 (1) [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost] "netsvcs"="AeLookupSvc CertPropSvc SCPolicySvc lanmanserver gpsvc AudioSrv FastUserSwitchingCompatibility Ias Irmon Nla Ntmssvc NWCWorkstation Nwsapagent Rasauto Rasman Remoteaccess SENS Sharedaccess SRService Tapisrv Wmi WmdmPmSp TermService wuauserv BITS ShellHWDetection LogonHours PCAudit helpsvc uploadmgr iphlpsvc msiscsi schedule SessionEnv winmgmt" "LocalService"="RemoteRegistry WinHttpAutoProxySvc sppuinotify netprofm WebClient" "LocalSystemNetworkRestricted"="Netman AudioEndpointBuilder dot3svc WPDBusEnum wlansvc" "LocalServiceNoNetwork"="PLA" "rpcss"="RpcSs" "LocalServiceNetworkRestricted"="AudioSrv BthHFSrv LmHosts wscsvc WPCSvc" "LocalServiceAndNoImpersonation"="SSDPSRV upnphost SCardSvr TBS QWAVE wcncsvc" "DcomLaunch"="Power PlugPlay DcomLaunch" "NetworkService"="CryptSvc DHCP TermService DNSCache NapAgent nlasvc WinRM WECSVC Tapisrv" "imgsvc"="StiSvc" "wcssvc"="WcsPlugInService" "hpdevmgmt"="hpqcxs08 hpqddsvc" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService] "AuthenticationCapabilities"= 0x0000002000 (8192) "CoInitializeSecurityParam"= 0x0000000001 (1) [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceAndNoImpersonation] "AuthenticationCapabilities"= 0x0000002000 (8192) "CoInitializeSecurityParam"= 0x0000000001 (1) [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceNetworkRestricted] "CoInitializeSecurityParam"= 0x0000000001 (1) [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceNoNetwork] "CoInitializeSecurityParam"= 0x0000000001 (1) [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost\LocalSystemNetworkRestricted] "CoInitializeSecurityParam"= 0x0000000001 (1) [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs] "AuthenticationCapabilities"= 0x0000003020 (12320) "CoInitializeSecurityParam"= 0x0000000001 (1) [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost\NetworkService] "CoInitializeSecurityParam"= 0x0000000001 (1) "DefaultRpcStackSize"= 0x000000001c (28) [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost\NetworkServiceRemoteDesktopHyperVAgent] "CoInitializeSecurityParam"= 0x0000000001 (1) "AuthenticationCapabilities"= 0x0000002000 (8192) "AuthenticationLevel"= 0x0000000006 (6) [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost\NetworkServiceRemoteDesktopPublishing] "CoInitializeSecurityParam"= 0x0000000001 (1) "AuthenticationCapabilities"= 0x0000002000 (8192) "AuthenticationLevel"= 0x0000000006 (6) [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost\termsvcs] "CoInitializeSecurityParam"= 0x0000000001 (1) [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost\wcssvc] "CoInitializeSecurityParam"= 0x0000000001 (1) "CoInitializeSecurityAppID"="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" -= EOF =-