Removed: C:\Program Files\Hotspot_Shield\tbHots.dll (adware HotSpotShield)

October 27, 2010 by NightWatcher
Filed under: Adware 
: Solved!

You should Download Removal Tool here...

Malware: HSS-1.52-install-anchorfree-76-conduit.exe

Removed: C:\Program Files\Hotspot_Shield\tbHots.dll

—————————————————————————————————————————-
Detected by UnHackMe:

Item Name: {c95a4e8e-816d-4655-8c79-d736da1adb6d}
Author: Conduit Ltd.
Related File: C:\PROGRAM FILES\HOTSPOT_SHIELD\TBHOTS.DLL
Type: Browser Helper Objects

Removal Results: Success
Number of reboot: 1

—————————————————————————————————————————-
How to quickly detect malware presence?

Registry: HKLM\Software\Classes\CLSID\{7EBD33D8-42BF-4F4B-AB3C-C2006B4593E2}\InprocServer32\
Value: “C:\Program Files\Hotspot_Shield\tbHots.dll”

Registry: HKLM\Software\Classes\CLSID\{B7B22493-6C6A-43F8-B409-E8F1CBC7764C}\InprocServer32\
Value: “C:\Program Files\Hotspot_Shield\tbHots.dll”

Registry: HKLM\Software\Classes\CLSID\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}\InprocServer32\
Value: “C:\Program Files\Hotspot_Shield\tbHots.dll”

Folders:
C:\Program Files\Hotspot Shield\
Files:
C:\Program Files\Conduit\Community Alerts\Alert.dll
C:\Program Files\Hotspot Shield\bin\curl-ca-bundle.crt
C:\Program Files\Hotspot Shield\bin\hssinst.dll
C:\Program Files\Hotspot Shield\bin\HssInstaller.exe
C:\Program Files\Hotspot Shield\bin\HssTrayService.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Hotspot Shield\bin\lang\gui-ara.dll
C:\Program Files\Hotspot Shield\bin\lang\gui-bur.dll
C:\Program Files\Hotspot Shield\bin\lang\gui-chi.dll
C:\Program Files\Hotspot Shield\bin\lang\gui-eng.dll
C:\Program Files\Hotspot Shield\bin\lang\gui-fre.dll
C:\Program Files\Hotspot Shield\bin\lang\gui-ger.dll
C:\Program Files\Hotspot Shield\bin\lang\gui-per.dll
C:\Program Files\Hotspot Shield\bin\lang\gui-rus.dll
C:\Program Files\Hotspot Shield\bin\lang\gui-spa.dll
C:\Program Files\Hotspot Shield\bin\lang\gui-vie.dll
C:\Program Files\Hotspot Shield\bin\libcurl.dll
C:\Program Files\Hotspot Shield\bin\libeay32.dll
C:\Program Files\Hotspot Shield\bin\libidn-11.dll
C:\Program Files\Hotspot Shield\bin\libpkcs11-helper-1.dll
C:\Program Files\Hotspot Shield\bin\libssl32.dll
C:\Program Files\Hotspot Shield\bin\openvpn.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\Program Files\Hotspot Shield\bin\tapinstall.exe
C:\Program Files\Hotspot Shield\driver\taphss.cat
C:\Program Files\Hotspot Shield\driver\taphss.sys
C:\Program Files\Hotspot Shield\HssIE\HssIE.dll
C:\Program Files\Hotspot Shield\HssWPR\hssdrv.sys
C:\Program Files\Hotspot Shield\HssWPR\hssinst.dll
C:\Program Files\Hotspot Shield\HssWPR\HssInstaller.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\Uninstall.exe
C:\Program Files\Hotspot_Shield\Hotspot_ShieldToolbarHelper.exe
C:\Program Files\Hotspot_Shield\tbHots.dll
C:\WINDOWS\system32\drivers\HssDrv.sys
C:\WINDOWS\system32\drivers\taphss.sys

—————————————————————————————————————————-
Classification:

Antivirus Version Last Update Result
Kaspersky 7.0.0.125 2010.10.26 -
Microsoft 1.6301 2010.10.26 -
NOD32 5564 2010.10.26 a variant of Win32/HotSpotShield

—————————————————————————————————————————-

MD5 513719e7fc339f9e7e5f124722c5d8be

SHA1 2e3e8b0f66cf0a10354ff4c0560748b62ab590d1

SHA256 83c2cfaa6cbcd289a1c23f452a3957c8b9031e77492b60b275cb16950845b577

—————————————————————————————————————————-


Installation
When the program is executed, it creates the following registry subkeys and values:

———————————-
Keys added:170
———————————-
HKLM\Software\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}
HKLM\Software\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32
HKLM\Software\Classes\CLSID\{7EBD33D8-42BF-4F4B-AB3C-C2006B4593E2}
HKLM\Software\Classes\CLSID\{7EBD33D8-42BF-4F4B-AB3C-C2006B4593E2}\InprocServer32
HKLM\Software\Classes\CLSID\{7EBD33D8-42BF-4F4B-AB3C-C2006B4593E2}\ProgID
HKLM\Software\Classes\CLSID\{7EBD33D8-42BF-4F4B-AB3C-C2006B4593E2}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{B7B22493-6C6A-43F8-B409-E8F1CBC7764C}
HKLM\Software\Classes\CLSID\{B7B22493-6C6A-43F8-B409-E8F1CBC7764C}\Implemented Categories
HKLM\Software\Classes\CLSID\{B7B22493-6C6A-43F8-B409-E8F1CBC7764C}\Implemented Categories\{00021494-0000-0000-C000-000000000046}
HKLM\Software\Classes\CLSID\{B7B22493-6C6A-43F8-B409-E8F1CBC7764C}\InprocServer32
HKLM\Software\Classes\CLSID\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}
HKLM\Software\Classes\CLSID\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}\InprocServer32
HKLM\Software\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
HKLM\Software\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\InprocServer32
HKLM\Software\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ProgID
HKLM\Software\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\Programmable
HKLM\Software\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\TypeLib
HKLM\Software\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\VersionIndependentProgID
HKLM\Software\Classes\Interface\{307A31DF-F8B5-426C-9594-FBC1E819AED2}
HKLM\Software\Classes\Interface\{307A31DF-F8B5-426C-9594-FBC1E819AED2}\ProxyStubClsid
HKLM\Software\Classes\Interface\{307A31DF-F8B5-426C-9594-FBC1E819AED2}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{307A31DF-F8B5-426C-9594-FBC1E819AED2}\TypeLib
HKLM\Software\Classes\Interface\{4F6AFF86-4D81-45B8-8CAD-22ABA529C091}
HKLM\Software\Classes\Interface\{4F6AFF86-4D81-45B8-8CAD-22ABA529C091}\ProxyStubClsid
HKLM\Software\Classes\Interface\{4F6AFF86-4D81-45B8-8CAD-22ABA529C091}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{4F6AFF86-4D81-45B8-8CAD-22ABA529C091}\TypeLib
HKLM\Software\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
HKLM\Software\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}\1.0
HKLM\Software\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}\1.0\0
HKLM\Software\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}\1.0\0\win32
HKLM\Software\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}\1.0\FLAGS
HKLM\Software\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}\1.0\HELPDIR
HKLM\Software\Classes\HssIE.HssIEApp
HKLM\Software\Classes\HssIE.HssIEApp\CLSID
HKLM\Software\Classes\HssIE.HssIEApp\CurVer
HKLM\Software\Classes\HssIE.HssIEApp.1
HKLM\Software\Classes\HssIE.HssIEApp.1\CLSID
HKLM\Software\Classes\Toolbar.CT1561552
HKLM\Software\Classes\Toolbar.CT1561552\CLSID
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\96a06e19-696b-4d8d-b3ad-16be085a2828
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7ebd33d8-42bf-4f4b-ab3c-c2006b4593e2}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\HotspotShield
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Hotspot_Shield Toolbar
HKLM\Software\Conduit
HKLM\Software\Conduit\Community Alerts
HKLM\Software\Conduit\Toolbars
HKLM\Software\HotspotShield
HKLM\Software\Hotspot_Shield
HKLM\Software\Hotspot_Shield\toolbar
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0010
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0010\Linkage
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0011
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0011\Linkage
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Linkage
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Ndi
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Ndi\Interfaces
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Ndi\params
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Ndi\params\AllowNonAdmin
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Ndi\params\AllowNonAdmin\enum
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Ndi\params\MAC
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Ndi\params\MediaStatus
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Ndi\params\MediaStatus\enum
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Ndi\params\MTU
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013\Linkage
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014\Linkage
HKLM\System\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_HSSDRVMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}
HKLM\System\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_HSSDRVMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{623118F1-8268-4167-AB5E-E46C86D96E19}
HKLM\System\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_HSSDRVMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}
HKLM\System\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_HSSDRVMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{B029DA1F-113C-447A-8E6E-B8B1EF4A44C8}
HKLM\System\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_HSSDRVMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}
HKLM\System\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_HSSDRVMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{BB0CA844-4B4F-4B73-AFA1-BF3570F79916}
HKLM\System\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}
HKLM\System\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{F8CD4C93-ECC6-4F9F-BF89-16BE29E887CA}
HKLM\System\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#NET#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}
HKLM\System\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#NET#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{DFF11E9D-C054-40D0-9D9E-83E48A43C788}
HKLM\System\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{CCCAFEAD-C5B7-47B9-A6C6-AE1FA7ABD9F6}
HKLM\System\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{CCCAFEAD-C5B7-47B9-A6C6-AE1FA7ABD9F6}\Ndi
HKLM\System\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{CCCAFEAD-C5B7-47B9-A6C6-AE1FA7ABD9F6}\Ndi\Interfaces
HKLM\System\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{CCCAFEAD-C5B7-47B9-A6C6-AE1FA7ABD9F6}\Parameters
HKLM\System\CurrentControlSet\Enum\Root\MS_PSCHEDMP\0002
HKLM\System\CurrentControlSet\Enum\Root\MS_PSCHEDMP\0002\Device Parameters
HKLM\System\CurrentControlSet\Enum\Root\MS_PSCHEDMP\0002\LogConf
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_HOTSPOTSHIELDSERVICE
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_HOTSPOTSHIELDSERVICE\0000
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_HSSSRV
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_HSSSRV\0000
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_HSSTRAYSERVICE
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_HSSTRAYSERVICE\0000
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_HSSWD
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_HSSWD\0000
HKLM\System\CurrentControlSet\Enum\Root\MS_HSSDRVMP
HKLM\System\CurrentControlSet\Enum\Root\MS_HSSDRVMP\0000
HKLM\System\CurrentControlSet\Enum\Root\MS_HSSDRVMP\0000\Device Parameters
HKLM\System\CurrentControlSet\Enum\Root\MS_HSSDRVMP\0000\LogConf
HKLM\System\CurrentControlSet\Enum\Root\MS_HSSDRVMP\0001
HKLM\System\CurrentControlSet\Enum\Root\MS_HSSDRVMP\0001\Device Parameters
HKLM\System\CurrentControlSet\Enum\Root\MS_HSSDRVMP\0001\LogConf
HKLM\System\CurrentControlSet\Enum\Root\MS_HSSDRVMP\0002
HKLM\System\CurrentControlSet\Enum\Root\MS_HSSDRVMP\0002\Device Parameters
HKLM\System\CurrentControlSet\Enum\Root\MS_HSSDRVMP\0002\LogConf
HKLM\System\CurrentControlSet\Enum\Root\NET
HKLM\System\CurrentControlSet\Enum\Root\NET\0000
HKLM\System\CurrentControlSet\Enum\Root\NET\0000\Device Parameters
HKLM\System\CurrentControlSet\Enum\Root\NET\0000\LogConf
HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\ROOT\MS_PSCHEDMP\0002
HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\ROOT\MS_HSSDRVMP
HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\ROOT\MS_HSSDRVMP\0000
HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\ROOT\MS_HSSDRVMP\0001
HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\ROOT\MS_HSSDRVMP\0002
HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\ROOT\NET
HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\ROOT\NET\0000
HKLM\System\CurrentControlSet\Services\Eventlog\Application\HssSrv
HKLM\System\CurrentControlSet\Services\Eventlog\Application\HssWd
HKLM\System\CurrentControlSet\Services\PSched\Parameters\Adapters\{DFF11E9D-C054-40D0-9D9E-83E48A43C788}
HKLM\System\CurrentControlSet\Services\RemoteAccess\Interfaces\3
HKLM\System\CurrentControlSet\Services\RemoteAccess\Interfaces\3\Ip
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{DFF11E9D-C054-40D0-9D9E-83E48A43C788}
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DFF11E9D-C054-40D0-9D9E-83E48A43C788}
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015
HKLM\System\CurrentControlSet\Services\HotspotShieldService
HKLM\System\CurrentControlSet\Services\HotspotShieldService\Security
HKLM\System\CurrentControlSet\Services\HssDrv
HKLM\System\CurrentControlSet\Services\HssDrv\Parameters
HKLM\System\CurrentControlSet\Services\HssDrv\Parameters\Adapters
HKLM\System\CurrentControlSet\Services\HssDrv\Parameters\Adapters\NdisWanIp
HKLM\System\CurrentControlSet\Services\HssDrv\Parameters\Adapters\{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}
HKLM\System\CurrentControlSet\Services\HssDrv\Parameters\Adapters\{DFF11E9D-C054-40D0-9D9E-83E48A43C788}
HKLM\System\CurrentControlSet\Services\HssDrv\Security
HKLM\System\CurrentControlSet\Services\HssSrv
HKLM\System\CurrentControlSet\Services\HssSrv\Security
HKLM\System\CurrentControlSet\Services\HssTrayService
HKLM\System\CurrentControlSet\Services\HssTrayService\Security
HKLM\System\CurrentControlSet\Services\HssWd
HKLM\System\CurrentControlSet\Services\HssWd\Security
HKLM\System\CurrentControlSet\Services\taphss
HKLM\System\CurrentControlSet\Services\taphss\Security
HKLM\System\CurrentControlSet\Services\{DFF11E9D-C054-40D0-9D9E-83E48A43C788}
HKLM\System\CurrentControlSet\Services\{DFF11E9D-C054-40D0-9D9E-83E48A43C788}\Parameters
HKLM\System\CurrentControlSet\Services\{DFF11E9D-C054-40D0-9D9E-83E48A43C788}\Parameters\Tcpip
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}\iexplore
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\iexplore
HKCU\Software\Conduit
HKCU\Software\Conduit\Community Alerts
HKCU\Software\Conduit\Community Alerts\Data
HKCU\Software\Conduit\Community Alerts\Data\Sources
HKCU\Software\Conduit\Community Alerts\Data\Sources\FF_TB_CT1561552
HKCU\Software\Conduit\Community Alerts\RegisteredSources
HKCU\Software\Conduit\Community Alerts\Settings
HKCU\Software\HotspotShield
HKCU\Software\HotspotShield\HssIE
HKCU\Software\Hotspot_Shield
HKCU\Software\Hotspot_Shield\toolbar
HKCU\Software\Hotspot_Shield\toolbar\IE5
HKCU\Software\Hotspot_Shield\toolbar\Monitored
HKCU\Software\Hotspot_Shield\toolbar\settings
HKCU\Software\Hotspot_Shield\toolbar\settings\LanguagePack
HKCU\Software\Monitored
HKCU\Software\settings
HKCU\Toolbar
HKCU\Toolbar\RegisteredSources

———————————-
Values added:455
———————————-
HKLM\Software\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32\: “C:\Program Files\Conduit\Community Alerts\Alert.dll”
HKLM\Software\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32\ThreadingModel: “Apartment”
HKLM\Software\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\: “Conduit Community Alerts”
HKLM\Software\Classes\CLSID\{7EBD33D8-42BF-4F4B-AB3C-C2006B4593E2}\VersionIndependentProgID\: “Toolbar.CT1561552″
HKLM\Software\Classes\CLSID\{7EBD33D8-42BF-4F4B-AB3C-C2006B4593E2}\ProgID\: “Toolbar.CT1561552″
HKLM\Software\Classes\CLSID\{7EBD33D8-42BF-4F4B-AB3C-C2006B4593E2}\InprocServer32\: “C:\Program Files\Hotspot_Shield\tbHots.dll”
HKLM\Software\Classes\CLSID\{7EBD33D8-42BF-4F4B-AB3C-C2006B4593E2}\InprocServer32\ThreadingModel: “Apartment”
HKLM\Software\Classes\CLSID\{7EBD33D8-42BF-4F4B-AB3C-C2006B4593E2}\: “Conduit API Server”
HKLM\Software\Classes\CLSID\{B7B22493-6C6A-43F8-B409-E8F1CBC7764C}\InprocServer32\: “C:\Program Files\Hotspot_Shield\tbHots.dll”
HKLM\Software\Classes\CLSID\{B7B22493-6C6A-43F8-B409-E8F1CBC7764C}\InprocServer32\ThreadingModel: “Apartment”
HKLM\Software\Classes\CLSID\{B7B22493-6C6A-43F8-B409-E8F1CBC7764C}\: “Hotspot Shield Findbar”
HKLM\Software\Classes\CLSID\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}\InprocServer32\: “C:\Program Files\Hotspot_Shield\tbHots.dll”
HKLM\Software\Classes\CLSID\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}\InprocServer32\ThreadingModel: “Apartment”
HKLM\Software\Classes\CLSID\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}\: “Hotspot Shield Toolbar”
HKLM\Software\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\VersionIndependentProgID\: “HssIE.HssIEApp”
HKLM\Software\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\TypeLib\: “{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}”
HKLM\Software\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ProgID\: “HssIE.HssIEApp.1″
HKLM\Software\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\InprocServer32\: “C:\Program Files\Hotspot Shield\HssIE\HssIE.dll”
HKLM\Software\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\InprocServer32\ThreadingModel: “Apartment”
HKLM\Software\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\: “Hotspot Shield Class”
HKLM\Software\Classes\Interface\{307A31DF-F8B5-426C-9594-FBC1E819AED2}\TypeLib\: “{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}”
HKLM\Software\Classes\Interface\{307A31DF-F8B5-426C-9594-FBC1E819AED2}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{307A31DF-F8B5-426C-9594-FBC1E819AED2}\ProxyStubClsid32\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{307A31DF-F8B5-426C-9594-FBC1E819AED2}\ProxyStubClsid\: “{00020424-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{307A31DF-F8B5-426C-9594-FBC1E819AED2}\: “IHssIEApp”
HKLM\Software\Classes\Interface\{4F6AFF86-4D81-45B8-8CAD-22ABA529C091}\TypeLib\: “{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}”
HKLM\Software\Classes\Interface\{4F6AFF86-4D81-45B8-8CAD-22ABA529C091}\TypeLib\Version: “1.0″
HKLM\Software\Classes\Interface\{4F6AFF86-4D81-45B8-8CAD-22ABA529C091}\ProxyStubClsid32\: “{00020420-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{4F6AFF86-4D81-45B8-8CAD-22ABA529C091}\ProxyStubClsid\: “{00020420-0000-0000-C000-000000000046}”
HKLM\Software\Classes\Interface\{4F6AFF86-4D81-45B8-8CAD-22ABA529C091}\: “_IHssIEAppEvents”
HKLM\Software\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}\1.0\0\win32\: “C:\Program Files\Hotspot Shield\HssIE\HssIE.dll”
HKLM\Software\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}\1.0\HELPDIR\: “C:\Program Files\Hotspot Shield\HssIE”
HKLM\Software\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}\1.0\FLAGS\: “0″
HKLM\Software\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}\1.0\: “Hotspot Shield Class 1.0 Type Library”
HKLM\Software\Classes\HssIE.HssIEApp\CurVer\: “HssIE.HssIEApp.1″
HKLM\Software\Classes\HssIE.HssIEApp\CLSID\: “{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}”
HKLM\Software\Classes\HssIE.HssIEApp\: “Hotspot Shield Class”
HKLM\Software\Classes\HssIE.HssIEApp.1\CLSID\: “{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}”
HKLM\Software\Classes\HssIE.HssIEApp.1\: “Hotspot Shield Class”
HKLM\Software\Classes\Toolbar.CT1561552\CLSID\: “{7ebd33d8-42bf-4f4b-ab3c-c2006b4593e2}”
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\96a06e19-696b-4d8d-b3ad-16be085a2828\AppPath: “C:\Program Files\Hotspot_Shield”
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\96a06e19-696b-4d8d-b3ad-16be085a2828\AppName: “Hotspot_ShieldToolbarHelper.exe”
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\96a06e19-696b-4d8d-b3ad-16be085a2828\Policy: 0×00000003
HKLM\Software\Microsoft\Internet Explorer\Toolbar\{c95a4e8e-816d-4655-8c79-d736da1adb6d}: “Hotspot Shield Toolbar”
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\: “”
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\: “”
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\NoExplorer: 0×00000001
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\HotspotShield\DisplayName: “Hotspot Shield 1.52″
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\HotspotShield\UninstallString: “C:\Program Files\Hotspot Shield\Uninstall.exe”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\HotspotShield\DisplayIcon: “C:\Program Files\Hotspot Shield\hss.ico”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\HotspotShield\DisplayVersion: “1.52″
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\HotspotShield\InstallLocation: “C:\Program Files\Hotspot Shield”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\HotspotShield\Publisher: “AnchorFree”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\HotspotShield\VersionMajor: 0×00000001
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\HotspotShield\VersionMinor: 0×00000034
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Hotspot_Shield Toolbar\DisplayName: “Hotspot_Shield Toolbar”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Hotspot_Shield Toolbar\UninstallString: “C:\PROGRA~1\HOTSPO~2\UNWISE.EXE /U C:\PROGRA~1\HOTSPO~2\INSTALL.LOG ”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Hotspot_Shield Toolbar\DisplayVersion: “”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Hotspot_Shield Toolbar\HelpLink: ” ”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Hotspot_Shield Toolbar\Publisher: “”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Hotspot_Shield Toolbar\URLInfoAbout: “”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Hotspot_Shield Toolbar\Contact: “”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Hotspot_Shield Toolbar\Comments: “”
HKLM\Software\Conduit\Toolbars\Hotspot Shield Toolbar: “{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}”
HKLM\Software\Conduit\Community Alerts\Path: “C:\Program Files\Conduit\Community Alerts\Alert.dll”
HKLM\Software\HotspotShield\: “C:\Program Files\Hotspot Shield”
HKLM\Software\HotspotShield\installer: “HSS-1.52-install-anchorfree-76-conduit.exe”
HKLM\Software\HotspotShield\config_dir: “C:\Program Files\Hotspot Shield\config”
HKLM\Software\HotspotShield\htdocs_dir: “C:\Program Files\Hotspot Shield\htdocs”
HKLM\Software\HotspotShield\verify_dir: “C:\Program Files\Hotspot Shield\log\verify”
HKLM\Software\HotspotShield\config_ext: “hvpn”
HKLM\Software\HotspotShield\exe_path: “C:\Program Files\Hotspot Shield\bin\openvpn.exe”
HKLM\Software\HotspotShield\priority: “NORMAL_PRIORITY_CLASS”
HKLM\Software\HotspotShield\log_dir: “C:\Program Files\Hotspot Shield\log”
HKLM\Software\HotspotShield\log_path: “C:\Program Files\Hotspot Shield\log\oas.log”
HKLM\Software\HotspotShield\log_append: “0″
HKLM\Software\HotspotShield\dport_start: “56700″
HKLM\Software\HotspotShield\dport_end: “56999″
HKLM\Software\HotspotShield\local_addr: “127.0.0.1″
HKLM\Software\HotspotShield\http_port: “895″
HKLM\Software\HotspotShield\hssie_dir: “C:\Program Files\Hotspot Shield\HssIE”
HKLM\Software\HotspotShield\hssie_config: “config”
HKLM\Software\HotspotShield\client_tag: “anchorfree-76-conduit”
HKLM\Software\HotspotShield\page_not_found: 0×00000001
HKLM\Software\HotspotShield\privacy_alert: 0×00000001
HKLM\Software\HotspotShield\search_default: 0×00000001
HKLM\Software\HotspotShield\search_home: 0×00000001
HKLM\Software\HotspotShield\hsswd_flags: 0×00000000
HKLM\Software\HotspotShield\install_time: “1288174198″
HKLM\Software\Hotspot_Shield\toolbar\Path: “C:\Program Files\Hotspot_Shield”
HKLM\Software\Hotspot_Shield\toolbar\ComId: “{c95a4e8e-816d-4655-8c79-d736da1adb6d}”
HKLM\Software\Hotspot_Shield\toolbar\Server: “users.conduit.com”
HKLM\Software\Hotspot_Shield\toolbar\SponsorId: “CT1561552″
HKLM\Software\Hotspot_Shield\toolbar\DisplayTitle: “Hotspot_Shield Toolbar”
HKLM\Software\Hotspot_Shield\toolbar\DisplayName: “Hotspot Shield”
HKLM\Software\Hotspot_Shield\toolbar\MultiCommunityEnabled: “FALSE”
HKLM\Software\Hotspot_Shield\toolbar\GroupingEnabled: “FALSE”
HKLM\Software\Hotspot_Shield\toolbar\ToolbarHelperFileName: “C:\Program Files\Hotspot_Shield\Hotspot_ShieldToolbarHelper.exe”
HKLM\Software\Hotspot_Shield\toolbar\ShouldShowPersonalComponentDlg: “TRUE”
HKLM\Software\Hotspot_Shield\toolbar\ShouldSendToolbarAge: “TRUE”
HKLM\Software\Hotspot_Shield\toolbar\version: “5.3.4.2″
HKLM\Software\Hotspot_Shield\toolbar\ToolbarAPIComId: “{7ebd33d8-42bf-4f4b-ab3c-c2006b4593e2}”
HKLM\Software\Hotspot_Shield\toolbar\UserID: “UN23802018528945281″
HKLM\Software\Hotspot_Shield\toolbar\FindBarComId: “{b7b22493-6c6a-43f8-b409-e8f1cbc7764c}”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0010\Linkage\Export: ‘\Device\{623118F1-8268-4167-AB5E-E46C86D96E19}’
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0010\Linkage\RootDevice: ‘{623118F1-8268-4167-AB5E-E46C86D96E19} {0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}’
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0010\Linkage\UpperBind: ‘PSched’
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0010\Characteristics: 0×00000029
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0010\ComponentId: “ms_hssdrvmp”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0010\InfPath: “oem9.inf”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0010\InfSection: “HssDrvMP.ndi”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0010\ProviderName: “Hotspot Shield”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0010\DriverDateData: 00 40 9C E0 11 75 C9 01
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0010\DriverDate: “1-13-2009″
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0010\DriverVersion: “1.0.0.1″
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0010\MatchingDeviceId: “ms_hssdrvmp”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0010\DriverDesc: “Hotspot Shield Helper Miniport”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0010\NetCfgInstanceId: “{623118F1-8268-4167-AB5E-E46C86D96E19}”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0010\FilterInfId: “ms_hssdrv”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0011\Linkage\Export: ‘\Device\{B029DA1F-113C-447A-8E6E-B8B1EF4A44C8}’
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0011\Linkage\RootDevice: ‘{B029DA1F-113C-447A-8E6E-B8B1EF4A44C8} NdisWanIp’
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0011\Linkage\UpperBind: ‘PSched’
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0011\Characteristics: 0×00000029
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0011\ComponentId: “ms_hssdrvmp”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0011\InfPath: “oem9.inf”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0011\InfSection: “HssDrvMP.ndi”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0011\ProviderName: “Hotspot Shield”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0011\DriverDateData: 00 40 9C E0 11 75 C9 01
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0011\DriverDate: “1-13-2009″
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0011\DriverVersion: “1.0.0.1″
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0011\MatchingDeviceId: “ms_hssdrvmp”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0011\DriverDesc: “Hotspot Shield Helper Miniport”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0011\NetCfgInstanceId: “{B029DA1F-113C-447A-8E6E-B8B1EF4A44C8}”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0011\FilterInfId: “ms_hssdrv”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Ndi\params\AllowNonAdmin\enum\0: “Not Allowed”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Ndi\params\AllowNonAdmin\enum\1: “Allowed”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Ndi\params\MediaStatus\enum\0: “Application Controlled”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Ndi\params\MediaStatus\enum\1: “Always Connected”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Ndi\params\MTU\ParamDesc: “MTU”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Ndi\params\MTU\Type: “int”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Ndi\params\MTU\Default: “1500″
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Ndi\params\MTU\Optional: “0″
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Ndi\params\MTU\Min: “100″
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Ndi\params\MTU\Max: “1500″
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Ndi\params\MTU\Step: “1″
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Ndi\params\MediaStatus\ParamDesc: “Media Status”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Ndi\params\MediaStatus\Type: “enum”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Ndi\params\MediaStatus\Default: “0″
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Ndi\params\MediaStatus\Optional: “0″
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Ndi\params\MAC\ParamDesc: “MAC Address”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Ndi\params\MAC\Type: “edit”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Ndi\params\MAC\Optional: “1″
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Ndi\params\AllowNonAdmin\ParamDesc: “Non-Admin Access”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Ndi\params\AllowNonAdmin\Type: “enum”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Ndi\params\AllowNonAdmin\Default: “1″
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Ndi\params\AllowNonAdmin\Optional: “0″
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Ndi\Interfaces\UpperRange: “ndis5″
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Ndi\Interfaces\LowerRange: “ethernet”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Ndi\Service: “taphss”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Linkage\RootDevice: ‘{DFF11E9D-C054-40D0-9D9E-83E48A43C788}’
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Linkage\UpperBind: ‘HssDrv’
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Linkage\Export: ‘\Device\{DFF11E9D-C054-40D0-9D9E-83E48A43C788}’
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Manufacturer: “Anchorfree HSS Adapter”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\ProductName: “Anchorfree HSS Adapter”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Characteristics: 0×00000089
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\ComponentId: “taphss”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\AllowNonAdmin: “1″
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\MediaStatus: “0″
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\MTU: “1500″
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\InfPath: “oem10.inf”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\InfSection: “taphss.ndi”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\ProviderName: “Anchorfree HSS Adapter”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\DriverDateData: 00 80 56 79 E0 30 CA 01
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\DriverDate: “9-9-2009″
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\DriverVersion: “16.0.0.4″
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\MatchingDeviceId: “taphss”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\DriverDesc: “Anchorfree HSS Adapter”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\NetCfgInstanceId: “{DFF11E9D-C054-40D0-9D9E-83E48A43C788}”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013\Linkage\Export: ‘\Device\{BB0CA844-4B4F-4B73-AFA1-BF3570F79916}’
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013\Linkage\RootDevice: ‘{BB0CA844-4B4F-4B73-AFA1-BF3570F79916} {DFF11E9D-C054-40D0-9D9E-83E48A43C788}’
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013\Linkage\UpperBind: ‘PSched’
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013\Characteristics: 0×00000029
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013\ComponentId: “ms_hssdrvmp”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013\InfPath: “oem9.inf”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013\InfSection: “HssDrvMP.ndi”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013\ProviderName: “Hotspot Shield”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013\DriverDateData: 00 40 9C E0 11 75 C9 01
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013\DriverDate: “1-13-2009″
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013\DriverVersion: “1.0.0.1″
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013\MatchingDeviceId: “ms_hssdrvmp”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013\DriverDesc: “Hotspot Shield Helper Miniport”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013\NetCfgInstanceId: “{BB0CA844-4B4F-4B73-AFA1-BF3570F79916}”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013\FilterInfId: “ms_hssdrv”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014\Linkage\Export: ‘\Device\{F8CD4C93-ECC6-4F9F-BF89-16BE29E887CA}’
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014\Linkage\RootDevice: ‘{F8CD4C93-ECC6-4F9F-BF89-16BE29E887CA} {BB0CA844-4B4F-4B73-AFA1-BF3570F79916} {DFF11E9D-C054-40D0-9D9E-83E48A43C788}’
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014\Linkage\UpperBind: ‘Ndisuio RasPppoe Tcpip’
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014\Characteristics: 0×00000029
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014\ComponentId: “ms_pschedmp”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014\InfPath: “netpsa.inf”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014\InfSection: “PSchedMP.ndi”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014\ProviderName: “Microsoft”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014\DriverDateData: 00 80 62 C5 C0 01 C1 01
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014\DriverDate: “7-1-2001″
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014\DriverVersion: “5.1.2535.0″
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014\MatchingDeviceId: “ms_pschedmp”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014\DriverDesc: “Packet Scheduler Miniport”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014\NetCfgInstanceId: “{F8CD4C93-ECC6-4F9F-BF89-16BE29E887CA}”
HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014\FilterInfId: “ms_psched”
HKLM\System\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_HSSDRVMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{623118F1-8268-4167-AB5E-E46C86D96E19}\SymbolicLink: “\\?\Root#MS_HSSDRVMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{623118F1-8268-4167-AB5E-E46C86D96E19}”
HKLM\System\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_HSSDRVMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance: “Root\MS_HSSDRVMP\0000″
HKLM\System\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_HSSDRVMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{B029DA1F-113C-447A-8E6E-B8B1EF4A44C8}\SymbolicLink: “\\?\Root#MS_HSSDRVMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{B029DA1F-113C-447A-8E6E-B8B1EF4A44C8}”
HKLM\System\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_HSSDRVMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance: “Root\MS_HSSDRVMP\0001″
HKLM\System\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_HSSDRVMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{BB0CA844-4B4F-4B73-AFA1-BF3570F79916}\SymbolicLink: “\\?\Root#MS_HSSDRVMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{BB0CA844-4B4F-4B73-AFA1-BF3570F79916}”
HKLM\System\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_HSSDRVMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance: “Root\MS_HSSDRVMP\0002″
HKLM\System\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{F8CD4C93-ECC6-4F9F-BF89-16BE29E887CA}\SymbolicLink: “\\?\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{F8CD4C93-ECC6-4F9F-BF89-16BE29E887CA}”
HKLM\System\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance: “Root\MS_PSCHEDMP\0002″
HKLM\System\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#NET#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{DFF11E9D-C054-40D0-9D9E-83E48A43C788}\SymbolicLink: “\\?\Root#NET#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{DFF11E9D-C054-40D0-9D9E-83E48A43C788}”
HKLM\System\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#NET#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance: “Root\NET\0000″
HKLM\System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions\Hotspot Shield Helper Miniport: ’1 2 3′
HKLM\System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions\Anchorfree HSS Adapter: ’1′
HKLM\System\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{CCCAFEAD-C5B7-47B9-A6C6-AE1FA7ABD9F6}\Ndi\Interfaces\UpperRange: “noupper”
HKLM\System\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{CCCAFEAD-C5B7-47B9-A6C6-AE1FA7ABD9F6}\Ndi\Interfaces\LowerRange: “nolower”
HKLM\System\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{CCCAFEAD-C5B7-47B9-A6C6-AE1FA7ABD9F6}\Ndi\Interfaces\FilterMediaTypes: “ethernet, tokenring, fddi, wan”
HKLM\System\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{CCCAFEAD-C5B7-47B9-A6C6-AE1FA7ABD9F6}\Parameters\Param1: “4″
HKLM\System\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{CCCAFEAD-C5B7-47B9-A6C6-AE1FA7ABD9F6}\Ndi\HelpText: “Hotspot Shield Helper Driver”
HKLM\System\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{CCCAFEAD-C5B7-47B9-A6C6-AE1FA7ABD9F6}\Ndi\ClsID: “{fce02f7c-b394-4ef7-83a6-c74069c08ff9}”
HKLM\System\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{CCCAFEAD-C5B7-47B9-A6C6-AE1FA7ABD9F6}\Ndi\FilterClass: “failover”
HKLM\System\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{CCCAFEAD-C5B7-47B9-A6C6-AE1FA7ABD9F6}\Ndi\FilterDeviceInfId: “ms_HssDrvmp”
HKLM\System\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{CCCAFEAD-C5B7-47B9-A6C6-AE1FA7ABD9F6}\Ndi\Service: “HssDrv”
HKLM\System\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{CCCAFEAD-C5B7-47B9-A6C6-AE1FA7ABD9F6}\Characteristics: 0×00004490
HKLM\System\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{CCCAFEAD-C5B7-47B9-A6C6-AE1FA7ABD9F6}\InfPath: “oem8.inf”
HKLM\System\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{CCCAFEAD-C5B7-47B9-A6C6-AE1FA7ABD9F6}\InfSection: “HssDrv.ndi”
HKLM\System\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{CCCAFEAD-C5B7-47B9-A6C6-AE1FA7ABD9F6}\Description: “Hotspot Shield Helper Driver”
HKLM\System\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{CCCAFEAD-C5B7-47B9-A6C6-AE1FA7ABD9F6}\ComponentId: “ms_HssDrv”
HKLM\System\CurrentControlSet\Enum\Root\MS_PSCHEDMP\0002\Device Parameters\InstanceIndex: 0×00000003
HKLM\System\CurrentControlSet\Enum\Root\MS_PSCHEDMP\0002\ClassGUID: “{4D36E972-E325-11CE-BFC1-08002BE10318}”
HKLM\System\CurrentControlSet\Enum\Root\MS_PSCHEDMP\0002\Class: “Net”
HKLM\System\CurrentControlSet\Enum\Root\MS_PSCHEDMP\0002\HardwareID: ‘ms_pschedmp’
HKLM\System\CurrentControlSet\Enum\Root\MS_PSCHEDMP\0002\Driver: “{4D36E972-E325-11CE-BFC1-08002BE10318}\0014″
HKLM\System\CurrentControlSet\Enum\Root\MS_PSCHEDMP\0002\FriendlyName: “Anchorfree HSS Adapter – Packet Scheduler Miniport”
HKLM\System\CurrentControlSet\Enum\Root\MS_PSCHEDMP\0002\Mfg: “Microsoft”
HKLM\System\CurrentControlSet\Enum\Root\MS_PSCHEDMP\0002\Service: “PSched”
HKLM\System\CurrentControlSet\Enum\Root\MS_PSCHEDMP\0002\DeviceDesc: “Packet Scheduler Miniport”
HKLM\System\CurrentControlSet\Enum\Root\MS_PSCHEDMP\0002\ConfigFlags: 0×00000000
HKLM\System\CurrentControlSet\Enum\Root\MS_PSCHEDMP\0002\Capabilities: 0×00000000
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_HOTSPOTSHIELDSERVICE\0000\Service: “HotspotShieldService”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_HOTSPOTSHIELDSERVICE\0000\Legacy: 0×00000001
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_HOTSPOTSHIELDSERVICE\0000\ConfigFlags: 0×00000000
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_HOTSPOTSHIELDSERVICE\0000\Class: “LegacyDriver”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_HOTSPOTSHIELDSERVICE\0000\ClassGUID: “{8ECC055D-047F-11D1-A537-0000F8753ED1}”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_HOTSPOTSHIELDSERVICE\0000\DeviceDesc: “Hotspot Shield Service”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_HOTSPOTSHIELDSERVICE\NextInstance: 0×00000001
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_HSSSRV\0000\Service: “HssSrv”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_HSSSRV\0000\Legacy: 0×00000001
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_HSSSRV\0000\ConfigFlags: 0×00000000
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_HSSSRV\0000\Class: “LegacyDriver”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_HSSSRV\0000\ClassGUID: “{8ECC055D-047F-11D1-A537-0000F8753ED1}”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_HSSSRV\0000\DeviceDesc: “Hotspot Shield Routing Service”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_HSSSRV\NextInstance: 0×00000001
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_HSSTRAYSERVICE\0000\Service: “HssTrayService”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_HSSTRAYSERVICE\0000\Legacy: 0×00000001
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_HSSTRAYSERVICE\0000\ConfigFlags: 0×00000000
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_HSSTRAYSERVICE\0000\Class: “LegacyDriver”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_HSSTRAYSERVICE\0000\ClassGUID: “{8ECC055D-047F-11D1-A537-0000F8753ED1}”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_HSSTRAYSERVICE\0000\DeviceDesc: “Hotspot Shield Tray Service”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_HSSTRAYSERVICE\NextInstance: 0×00000001
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_HSSWD\0000\Service: “HssWd”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_HSSWD\0000\Legacy: 0×00000001
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_HSSWD\0000\ConfigFlags: 0×00000000
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_HSSWD\0000\Class: “LegacyDriver”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_HSSWD\0000\ClassGUID: “{8ECC055D-047F-11D1-A537-0000F8753ED1}”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_HSSWD\0000\DeviceDesc: “Hotspot Shield Monitoring Service”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_HSSWD\NextInstance: 0×00000001
HKLM\System\CurrentControlSet\Enum\Root\MS_HSSDRVMP\0000\Device Parameters\InstanceIndex: 0×00000001
HKLM\System\CurrentControlSet\Enum\Root\MS_HSSDRVMP\0001\Device Parameters\InstanceIndex: 0×00000002
HKLM\System\CurrentControlSet\Enum\Root\MS_HSSDRVMP\0002\Device Parameters\InstanceIndex: 0×00000003
HKLM\System\CurrentControlSet\Enum\Root\MS_HSSDRVMP\0002\ClassGUID: “{4D36E972-E325-11CE-BFC1-08002BE10318}”
HKLM\System\CurrentControlSet\Enum\Root\MS_HSSDRVMP\0002\Class: “Net”
HKLM\System\CurrentControlSet\Enum\Root\MS_HSSDRVMP\0002\HardwareID: ‘ms_HssDrvmp’
HKLM\System\CurrentControlSet\Enum\Root\MS_HSSDRVMP\0002\Driver: “{4D36E972-E325-11CE-BFC1-08002BE10318}\0013″
HKLM\System\CurrentControlSet\Enum\Root\MS_HSSDRVMP\0002\FriendlyName: “Anchorfree HSS Adapter – Hotspot Shield Helper Miniport”
HKLM\System\CurrentControlSet\Enum\Root\MS_HSSDRVMP\0002\Mfg: “Hotspot Shield”
HKLM\System\CurrentControlSet\Enum\Root\MS_HSSDRVMP\0002\Service: “HssDrv”
HKLM\System\CurrentControlSet\Enum\Root\MS_HSSDRVMP\0002\DeviceDesc: “Hotspot Shield Helper Miniport”
HKLM\System\CurrentControlSet\Enum\Root\MS_HSSDRVMP\0002\ConfigFlags: 0×00000000
HKLM\System\CurrentControlSet\Enum\Root\MS_HSSDRVMP\0002\Capabilities: 0×00000000
HKLM\System\CurrentControlSet\Enum\Root\MS_HSSDRVMP\0001\ClassGUID: “{4D36E972-E325-11CE-BFC1-08002BE10318}”
HKLM\System\CurrentControlSet\Enum\Root\MS_HSSDRVMP\0001\Class: “Net”
HKLM\System\CurrentControlSet\Enum\Root\MS_HSSDRVMP\0001\HardwareID: ‘ms_HssDrvmp’
HKLM\System\CurrentControlSet\Enum\Root\MS_HSSDRVMP\0001\Driver: “{4D36E972-E325-11CE-BFC1-08002BE10318}\0011″
HKLM\System\CurrentControlSet\Enum\Root\MS_HSSDRVMP\0001\FriendlyName: “WAN Miniport (IP) – Hotspot Shield Helper Miniport”
HKLM\System\CurrentControlSet\Enum\Root\MS_HSSDRVMP\0001\Mfg: “Hotspot Shield”
HKLM\System\CurrentControlSet\Enum\Root\MS_HSSDRVMP\0001\Service: “HssDrv”
HKLM\System\CurrentControlSet\Enum\Root\MS_HSSDRVMP\0001\DeviceDesc: “Hotspot Shield Helper Miniport”
HKLM\System\CurrentControlSet\Enum\Root\MS_HSSDRVMP\0001\ConfigFlags: 0×00000000
HKLM\System\CurrentControlSet\Enum\Root\MS_HSSDRVMP\0001\Capabilities: 0×00000000
HKLM\System\CurrentControlSet\Enum\Root\MS_HSSDRVMP\0000\ClassGUID: “{4D36E972-E325-11CE-BFC1-08002BE10318}”
HKLM\System\CurrentControlSet\Enum\Root\MS_HSSDRVMP\0000\Class: “Net”
HKLM\System\CurrentControlSet\Enum\Root\MS_HSSDRVMP\0000\HardwareID: ‘ms_HssDrvmp’
HKLM\System\CurrentControlSet\Enum\Root\MS_HSSDRVMP\0000\Driver: “{4D36E972-E325-11CE-BFC1-08002BE10318}\0010″
HKLM\System\CurrentControlSet\Enum\Root\MS_HSSDRVMP\0000\Mfg: “Hotspot Shield”
HKLM\System\CurrentControlSet\Enum\Root\MS_HSSDRVMP\0000\Service: “HssDrv”
HKLM\System\CurrentControlSet\Enum\Root\MS_HSSDRVMP\0000\DeviceDesc: “Hotspot Shield Helper Miniport”
HKLM\System\CurrentControlSet\Enum\Root\MS_HSSDRVMP\0000\ConfigFlags: 0×00000000
HKLM\System\CurrentControlSet\Enum\Root\MS_HSSDRVMP\0000\FriendlyName: “VMware Accelerated AMD PCNet Adapter – Hotspot Shield Helper Miniport”
HKLM\System\CurrentControlSet\Enum\Root\MS_HSSDRVMP\0000\Capabilities: 0×00000000
HKLM\System\CurrentControlSet\Enum\Root\NET\0000\Device Parameters\InstanceIndex: 0×00000001
HKLM\System\CurrentControlSet\Enum\Root\NET\0000\ClassGUID: “{4D36E972-E325-11CE-BFC1-08002BE10318}”
HKLM\System\CurrentControlSet\Enum\Root\NET\0000\Class: “Net”
HKLM\System\CurrentControlSet\Enum\Root\NET\0000\HardwareID: ‘taphss’
HKLM\System\CurrentControlSet\Enum\Root\NET\0000\Driver: “{4D36E972-E325-11CE-BFC1-08002BE10318}\0012″
HKLM\System\CurrentControlSet\Enum\Root\NET\0000\Mfg: “Anchorfree HSS Adapter”
HKLM\System\CurrentControlSet\Enum\Root\NET\0000\Service: “taphss”
HKLM\System\CurrentControlSet\Enum\Root\NET\0000\DeviceDesc: “Anchorfree HSS Adapter”
HKLM\System\CurrentControlSet\Enum\Root\NET\0000\ConfigFlags: 0×00000000
HKLM\System\CurrentControlSet\Enum\Root\NET\0000\Capabilities: 0×00000000
HKLM\System\CurrentControlSet\Services\Eventlog\Application\HssSrv\EventMessageFile: “C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe”
HKLM\System\CurrentControlSet\Services\Eventlog\Application\HssSrv\TypesSupported: 0×00000007
HKLM\System\CurrentControlSet\Services\Eventlog\Application\HssWd\EventMessageFile: “C:\Program Files\Hotspot Shield\bin\hsswd.exe”
HKLM\System\CurrentControlSet\Services\Eventlog\Application\HssWd\TypesSupported: 0×00000007
HKLM\System\CurrentControlSet\Services\PSched\Parameters\Adapters\{DFF11E9D-C054-40D0-9D9E-83E48A43C788}\UpperBindings: “\Device\{F8CD4C93-ECC6-4F9F-BF89-16BE29E887CA}”
HKLM\System\CurrentControlSet\Services\RemoteAccess\Interfaces\3\Ip\ProtocolId: 0×00000021
HKLM\System\CurrentControlSet\Services\RemoteAccess\Interfaces\3\Ip\InterfaceInfo: 01 00 00 /…/ 00 00 00
HKLM\System\CurrentControlSet\Services\RemoteAccess\Interfaces\3\InterfaceName: “{DFF11E9D-C054-40D0-9D9E-83E48A43C788}”
HKLM\System\CurrentControlSet\Services\RemoteAccess\Interfaces\3\Type: 0×00000003
HKLM\System\CurrentControlSet\Services\RemoteAccess\Interfaces\3\Enabled: 0×00000001
HKLM\System\CurrentControlSet\Services\RemoteAccess\Interfaces\3\Stamp: 0×00000000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{DFF11E9D-C054-40D0-9D9E-83E48A43C788}\LLInterface: “”
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{DFF11E9D-C054-40D0-9D9E-83E48A43C788}\IpConfig: ‘Tcpip\Parameters\Interfaces\{DFF11E9D-C054-40D0-9D9E-83E48A43C788}’
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DFF11E9D-C054-40D0-9D9E-83E48A43C788}\UseZeroBroadcast: 0×00000000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DFF11E9D-C054-40D0-9D9E-83E48A43C788}\EnableDeadGWDetect: 0×00000001
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DFF11E9D-C054-40D0-9D9E-83E48A43C788}\EnableDHCP: 0×00000001
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DFF11E9D-C054-40D0-9D9E-83E48A43C788}\IPAddress: ’0.0.0.0′
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DFF11E9D-C054-40D0-9D9E-83E48A43C788}\SubnetMask: ’0.0.0.0′
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DFF11E9D-C054-40D0-9D9E-83E48A43C788}\DefaultGateway: 00
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DFF11E9D-C054-40D0-9D9E-83E48A43C788}\DefaultGatewayMetric: 00
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DFF11E9D-C054-40D0-9D9E-83E48A43C788}\NameServer: “”
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DFF11E9D-C054-40D0-9D9E-83E48A43C788}\Domain: “”
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DFF11E9D-C054-40D0-9D9E-83E48A43C788}\RegistrationEnabled: 0×00000001
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DFF11E9D-C054-40D0-9D9E-83E48A43C788}\RegisterAdapterName: 0×00000000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DFF11E9D-C054-40D0-9D9E-83E48A43C788}\TCPAllowedPorts: ’0′
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DFF11E9D-C054-40D0-9D9E-83E48A43C788}\UDPAllowedPorts: ’0′
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DFF11E9D-C054-40D0-9D9E-83E48A43C788}\RawIPAllowedProtocols: ’0′
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DFF11E9D-C054-40D0-9D9E-83E48A43C788}\NTEContextList: ’0×00000002′
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014\PackedCatalogItem: 25 53 79 /…/ 00 00 00
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015\PackedCatalogItem: 25 53 79 /…/ 00 00 00
HKLM\System\CurrentControlSet\Services\HotspotShieldService\Security\Security: 01 00 14 /…/ 00 00 00
HKLM\System\CurrentControlSet\Services\HotspotShieldService\Type: 0×00000110
HKLM\System\CurrentControlSet\Services\HotspotShieldService\Start: 0×00000002
HKLM\System\CurrentControlSet\Services\HotspotShieldService\ErrorControl: 0×00000001
HKLM\System\CurrentControlSet\Services\HotspotShieldService\ImagePath: “C:\Program Files\Hotspot Shield\bin\openvpnas.exe”
HKLM\System\CurrentControlSet\Services\HotspotShieldService\DisplayName: “Hotspot Shield Service”
HKLM\System\CurrentControlSet\Services\HotspotShieldService\DependOnService: ‘taphss Dhcp’
HKLM\System\CurrentControlSet\Services\HotspotShieldService\DependOnGroup: 00
HKLM\System\CurrentControlSet\Services\HotspotShieldService\ObjectName: “LocalSystem”
HKLM\System\CurrentControlSet\Services\HotspotShieldService\FailureActions: FF FF FF /…/ 00 00 00
HKLM\System\CurrentControlSet\Services\HssDrv\Parameters\Adapters\{DFF11E9D-C054-40D0-9D9E-83E48A43C788}\UpperBindings: “\Device\{BB0CA844-4B4F-4B73-AFA1-BF3570F79916}”
HKLM\System\CurrentControlSet\Services\HssDrv\Parameters\Adapters\{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}\UpperBindings: “\Device\{623118F1-8268-4167-AB5E-E46C86D96E19}”
HKLM\System\CurrentControlSet\Services\HssDrv\Parameters\Adapters\NdisWanIp\UpperBindings: “\Device\{B029DA1F-113C-447A-8E6E-B8B1EF4A44C8}”
HKLM\System\CurrentControlSet\Services\HssDrv\Security\Security: 01 00 14 /…/ 00 00 00
HKLM\System\CurrentControlSet\Services\HssDrv\Type: 0×00000001
HKLM\System\CurrentControlSet\Services\HssDrv\Start: 0×00000003
HKLM\System\CurrentControlSet\Services\HssDrv\ErrorControl: 0×00000001
HKLM\System\CurrentControlSet\Services\HssDrv\Tag: 0×00000008
HKLM\System\CurrentControlSet\Services\HssDrv\ImagePath: “system32\DRIVERS\HssDrv.sys”
HKLM\System\CurrentControlSet\Services\HssDrv\DisplayName: “Hotspot Shield Helper Miniport”
HKLM\System\CurrentControlSet\Services\HssDrv\Group: “PNP_TDI”
HKLM\System\CurrentControlSet\Services\HssSrv\Security\Security: 01 00 14 /…/ 00 00 00
HKLM\System\CurrentControlSet\Services\HssSrv\Type: 0×00000010
HKLM\System\CurrentControlSet\Services\HssSrv\Start: 0×00000002
HKLM\System\CurrentControlSet\Services\HssSrv\ErrorControl: 0×00000001
HKLM\System\CurrentControlSet\Services\HssSrv\ImagePath: “C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe”
HKLM\System\CurrentControlSet\Services\HssSrv\DisplayName: “Hotspot Shield Routing Service”
HKLM\System\CurrentControlSet\Services\HssSrv\ObjectName: “LocalSystem”
HKLM\System\CurrentControlSet\Services\HssSrv\FailureActions: FF FF FF /…/ 00 00 00
HKLM\System\CurrentControlSet\Services\HssTrayService\Security\Security: 01 00 14 /…/ 00 00 00
HKLM\System\CurrentControlSet\Services\HssTrayService\Type: 0×00000010
HKLM\System\CurrentControlSet\Services\HssTrayService\Start: 0×00000003
HKLM\System\CurrentControlSet\Services\HssTrayService\ErrorControl: 0×00000001
HKLM\System\CurrentControlSet\Services\HssTrayService\ImagePath: “C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE”
HKLM\System\CurrentControlSet\Services\HssTrayService\DisplayName: “Hotspot Shield Tray Service”
HKLM\System\CurrentControlSet\Services\HssTrayService\ObjectName: “LocalSystem”
HKLM\System\CurrentControlSet\Services\HssWd\Security\Security: 01 00 14 /…/ 00 00 00
HKLM\System\CurrentControlSet\Services\HssWd\Type: 0×00000010
HKLM\System\CurrentControlSet\Services\HssWd\Start: 0×00000002
HKLM\System\CurrentControlSet\Services\HssWd\ErrorControl: 0×00000001
HKLM\System\CurrentControlSet\Services\HssWd\ImagePath: “C:\Program Files\Hotspot Shield\bin\hsswd.exe -product HSS”
HKLM\System\CurrentControlSet\Services\HssWd\DisplayName: “Hotspot Shield Monitoring Service”
HKLM\System\CurrentControlSet\Services\HssWd\ObjectName: “LocalSystem”
HKLM\System\CurrentControlSet\Services\taphss\Security\Security: 01 00 14 /…/ 00 00 00
HKLM\System\CurrentControlSet\Services\taphss\Type: 0×00000001
HKLM\System\CurrentControlSet\Services\taphss\Start: 0×00000003
HKLM\System\CurrentControlSet\Services\taphss\ErrorControl: 0×00000001
HKLM\System\CurrentControlSet\Services\taphss\Tag: 0x0000000D
HKLM\System\CurrentControlSet\Services\taphss\ImagePath: “system32\DRIVERS\taphss.sys”
HKLM\System\CurrentControlSet\Services\taphss\DisplayName: “Anchorfree HSS Adapter”
HKLM\System\CurrentControlSet\Services\taphss\Group: “NDIS”
HKLM\System\CurrentControlSet\Services\{DFF11E9D-C054-40D0-9D9E-83E48A43C788}\Parameters\Tcpip\EnableDHCP: 0×00000001
HKLM\System\CurrentControlSet\Services\{DFF11E9D-C054-40D0-9D9E-83E48A43C788}\Parameters\Tcpip\IPAddress: ’0.0.0.0′
HKLM\System\CurrentControlSet\Services\{DFF11E9D-C054-40D0-9D9E-83E48A43C788}\Parameters\Tcpip\SubnetMask: ’0.0.0.0′
HKLM\System\CurrentControlSet\Services\{DFF11E9D-C054-40D0-9D9E-83E48A43C788}\Parameters\Tcpip\DefaultGateway: 00
HKCU\Software\Microsoft\Internet Explorer\Main\Use Search Asst: “no”
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\DisplayName: “Hotspot Shield Customized Web Search”
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\URL: “http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552″
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}\DisplayName: “Private Search”
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}\URL: “http://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}”
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}: 8E 4E 5A C9 6D 81 55 46 8C 79 D7 36 DA 1A DB 6D
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\{c95a4e8e-816d-4655-8c79-d736da1adb6d}: “”
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}\iexplore\Type: 0×00000002
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}\iexplore\Flags: 0×00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}\iexplore\Count: 0×00000002
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}\iexplore\Time: DA 07 0A 00 03 00 1B 00 0A 00 0A 00 0D 00 A7 03
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\iexplore\Type: 0×00000003
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\iexplore\Flags: 0×00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\iexplore\Count: 0×00000001
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\iexplore\Time: DA 07 0A 00 03 00 1B 00 0A 00 0A 00 0E 00 01 02
HKCU\Software\Conduit\Community Alerts\Data\Sources\FF_TB_CT1561552\15257: 0×00000000
HKCU\Software\Conduit\Community Alerts\Settings\AutoUpdateEnabled: “TRUE”
HKCU\Software\Conduit\Community Alerts\Settings\ShowAlerts: “TRUE”
HKCU\Software\Conduit\Community Alerts\Settings\ALPClientsServerName: “http://alert.client.conduit.com”
HKCU\Software\Conduit\Community Alerts\Settings\ALPServicesServerName: “http://alert.services.conduit.com”
HKCU\Software\Conduit\Community Alerts\Settings\UserID: “4DACDC68-5201-4EA3-BF74-E337B41876E0″
HKCU\Software\Conduit\Community Alerts\Settings\FirstTimeStamp: 0x4CC7FA7C
HKCU\Software\Conduit\Community Alerts\RegisteredSources\FF_TB_CT1561552: 0×00000000
HKCU\Software\HotspotShield\HssIE\toolbar_id: “14b84c73-f3ac-471f-9ed4-66c8fac5a455″
HKCU\Software\Hotspot_Shield\toolbar\settings\LanguagePack\LanguagePackServerUrl: “http://translation.users.conduit.com/Translation.ashx”
HKCU\Software\Hotspot_Shield\toolbar\settings\EnableSearchFromAddress: “TRUE”
HKCU\Software\Hotspot_Shield\toolbar\settings\SearchFromAddressUrl: “http://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&q=MYSEARCHTERM”
HKCU\Software\Hotspot_Shield\toolbar\settings\AUTOUPDATE: 0×00000001
HKCU\Software\Hotspot_Shield\toolbar\settings\FixPageNotFoundError: 0×00000001
HKCU\Software\Hotspot_Shield\toolbar\settings\MaxThreadPoolSize: 0×00000014
HKCU\Software\Hotspot_Shield\toolbar\settings\CopyDefaultData: “FALSE”
HKCU\Software\Hotspot_Shield\toolbar\settings\SettingsLastCheck: 0x4CC7FA86
HKCU\Software\Hotspot_Shield\toolbar\Monitored\MultiCommunityEnabled: “FALSE”
HKCU\Software\Hotspot_Shield\toolbar\Monitored\GroupingEnabled: “FALSE”
HKCU\Software\Hotspot_Shield\toolbar\Monitored\SponsorId: “CT1561552″
HKCU\Software\Hotspot_Shield\toolbar\Monitored\MultiCommunityID: “CT1561552″
HKCU\Software\Hotspot_Shield\toolbar\Monitored\SHRINK_TOOLBAR: 0×00000000
HKCU\Software\Hotspot_Shield\toolbar\IE5\ExplorerVisible: “FALSE”
HKCU\Software\Hotspot_Shield\toolbar\IE5\FirstTime: “FALSE”
HKCU\Software\Hotspot_Shield\toolbar\IE5\Visible: “TRUE”
HKCU\Software\Hotspot_Shield\toolbar\IE5\CabinetVisible: “FALSE”
HKCU\Software\Hotspot_Shield\toolbar\IE5\ToolbarRunFirstTimeAfterInstall: “TRUE”
HKCU\Software\Hotspot_Shield\toolbar\Write us link: “support@anchorfree.com”
HKCU\Software\Hotspot_Shield\toolbar\Server: “users.conduit.com”
HKCU\Software\Hotspot_Shield\toolbar\WebServerUrl: “http://HotspotShield.OurToolbar.com/”
HKCU\Software\Hotspot_Shield\toolbar\UsageURL: “http://usage.users.conduit.com/UsersWebService.asmx/UsersRequests”
HKCU\Software\Hotspot_Shield\toolbar\GroupingServerURL: “http://services.conduit.com/”
HKCU\Software\Hotspot_Shield\toolbar\MultiCommunityEnabled: “FALSE”
HKCU\Software\Hotspot_Shield\toolbar\GroupingEnabled: “FALSE”
HKCU\Software\Hotspot_Shield\toolbar\DisplayName: “Hotspot Shield”
HKCU\Software\Hotspot_Shield\toolbar\UserID: “UN23802018528945281″
HKCU\Software\Monitored\SHRINK_TOOLBAR: 0×00000000
HKCU\Software\settings\MaxThreadPoolSize: 0×00000014
HKCU\Toolbar\RegisteredSources\CT1561552: 0×00000000

———————————-
Values modified:57
———————————-
(-) HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0006\Linkage\UpperBind: ‘PSched’
(+) HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0006\Linkage\UpperBind: ‘HssDrv’
(-) HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0007\Linkage\RootDevice: ‘{4BFD4DAE-64FD-4847-BC2D-618C792B72CA} NdisWanIp’
(+) HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0007\Linkage\RootDevice: ‘{4BFD4DAE-64FD-4847-BC2D-618C792B72CA} {B029DA1F-113C-447A-8E6E-B8B1EF4A44C8} NdisWanIp’
(-) HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0008\Linkage\UpperBind: ‘PSched’
(+) HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0008\Linkage\UpperBind: ‘HssDrv’
(-) HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0009\Linkage\RootDevice: ‘{D0012607-0284-4F54-80D9-B6C31329A859} {0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}’
(+) HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0009\Linkage\RootDevice: ‘{D0012607-0284-4F54-80D9-B6C31329A859} {623118F1-8268-4167-AB5E-E46C86D96E19} {0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}’
(-) HKLM\System\CurrentControlSet\Control\GroupOrderList\Ndis: 0C 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 04 00 00 00 05 00 00 00 06 00 00 00 07 00 00 00 08 00 00 00 09 00 00 00 0A 00 00 00 0B 00 00 00 0C 00 00 00
(+) HKLM\System\CurrentControlSet\Control\GroupOrderList\Ndis: 0D 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 04 00 00 00 05 00 00 00 06 00 00 00 07 00 00 00 08 00 00 00 09 00 00 00 0A 00 00 00 0B 00 00 00 0C 00 00 00 0D 00 00 00
(-) HKLM\System\CurrentControlSet\Control\GroupOrderList\PNP_TDI: 07 00 00 00 04 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 05 00 00 00 06 00 00 00 07 00 00 00
(+) HKLM\System\CurrentControlSet\Control\GroupOrderList\PNP_TDI: 08 00 00 00 04 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 05 00 00 00 06 00 00 00 07 00 00 00 08 00 00 00
(-) HKLM\System\CurrentControlSet\Control\Network\Config: 00 00 00 /…/ 00 00 00
(+) HKLM\System\CurrentControlSet\Control\Network\Config: 00 00 00 /…/ 00 00 00
(-) HKLM\System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions\Packet Scheduler Miniport: ’1 2′
(+) HKLM\System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions\Packet Scheduler Miniport: ’1 2 3′
(-) HKLM\System\CurrentControlSet\Services\Eventlog\Application\Sources: ‘WSH WMIAdapter WmdmPmSN WinMgmt Winlogon Windows Product Activation Windows 3.1 Migration WebClient VSS vmtools VBRuntime Userinit Userenv Tlntsvr SysmonLog Starter SpoolerCtrs Software Restriction Policies Software Installation SecurityCenter SclgNtfy SceSrv SceCli safrslv SAFrdms RPC Remote Assistance PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup MSSQLSERVER/MSDE MSSHA MsiInstaller MSDTC Client MSDTC mnmsrvc Microsoft H.323 Telephony Service Provider Microsoft (R) Visual C# 2005 Compiler LoadPerf HelpSvc Folder Redirection File Deployment EventSystem ESENT DrWatson Dot3Svc DiskQuota crypt32 COM+ COM Ci Chkdsk AutoEnrollment Autochk ASP.NET 2.0.50727.0 Application Management Application Hang Application Error .NET Runtime Optimization Service .NET Runtime 2.0 Error Reporting .NET Runtime Application’
(+) HKLM\System\CurrentControlSet\Services\Eventlog\Application\Sources: ‘WSH WMIAdapter WmdmPmSN WinMgmt Winlogon Windows Product Activation Windows 3.1 Migration WebClient VSS vmtools VBRuntime Userinit Userenv Tlntsvr SysmonLog Starter SpoolerCtrs Software Restriction Policies Software Installation SecurityCenter SclgNtfy SceSrv SceCli safrslv SAFrdms RPC Remote Assistance PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup MSSQLSERVER/MSDE MSSHA MsiInstaller MSDTC Client MSDTC mnmsrvc Microsoft H.323 Telephony Service Provider Microsoft (R) Visual C# 2005 Compiler LoadPerf HssWd HssSrv HelpSvc Folder Redirection File Deployment EventSystem ESENT DrWatson Dot3Svc DiskQuota crypt32 COM+ COM Ci Chkdsk AutoEnrollment Autochk ASP.NET 2.0.50727.0 Application Management Application Hang Application Error .NET Runtime Optimization Service .NET Runtime 2.0 Error Reporting .NET Runtime Application’
(-) HKLM\System\CurrentControlSet\Services\LanmanServer\Linkage\Bind: ‘\Device\NetbiosSmb \Device\NetBT_Tcpip_{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30} \Device\NetBT_Tcpip_{44AC5DA9-58BE-4488-A4B4-8E8034659B7D} \Device\NetBT_Tcpip_{F50A5713-0098-41AE-8B21-6B40361B3440}’
(+) HKLM\System\CurrentControlSet\Services\LanmanServer\Linkage\Bind: ‘\Device\NetbiosSmb \Device\NetBT_Tcpip_{DFF11E9D-C054-40D0-9D9E-83E48A43C788} \Device\NetBT_Tcpip_{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30} \Device\NetBT_Tcpip_{44AC5DA9-58BE-4488-A4B4-8E8034659B7D} \Device\NetBT_Tcpip_{F50A5713-0098-41AE-8B21-6B40361B3440}’
(-) HKLM\System\CurrentControlSet\Services\LanmanServer\Linkage\Route: ‘”NetbiosSmb” “NetBT” “Tcpip” “{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}” “NetBT” “Tcpip” “NdisWanIp”‘
(+) HKLM\System\CurrentControlSet\Services\LanmanServer\Linkage\Route: ‘”NetbiosSmb” “NetBT” “Tcpip” “{DFF11E9D-C054-40D0-9D9E-83E48A43C788}” “NetBT” “Tcpip” “{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}” “NetBT” “Tcpip” “NdisWanIp”‘
(-) HKLM\System\CurrentControlSet\Services\LanmanServer\Linkage\Export: ‘\Device\LanmanServer_NetbiosSmb \Device\LanmanServer_NetBT_Tcpip_{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30} \Device\LanmanServer_NetBT_Tcpip_{44AC5DA9-58BE-4488-A4B4-8E8034659B7D} \Device\LanmanServer_NetBT_Tcpip_{F50A5713-0098-41AE-8B21-6B40361B3440}’
(+) HKLM\System\CurrentControlSet\Services\LanmanServer\Linkage\Export: ‘\Device\LanmanServer_NetbiosSmb \Device\LanmanServer_NetBT_Tcpip_{DFF11E9D-C054-40D0-9D9E-83E48A43C788} \Device\LanmanServer_NetBT_Tcpip_{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30} \Device\LanmanServer_NetBT_Tcpip_{44AC5DA9-58BE-4488-A4B4-8E8034659B7D} \Device\LanmanServer_NetBT_Tcpip_{F50A5713-0098-41AE-8B21-6B40361B3440}’
(-) HKLM\System\CurrentControlSet\Services\lanmanworkstation\Linkage\Bind: ‘\Device\NetbiosSmb \Device\NetBT_Tcpip_{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30} \Device\NetBT_Tcpip_{44AC5DA9-58BE-4488-A4B4-8E8034659B7D} \Device\NetBT_Tcpip_{F50A5713-0098-41AE-8B21-6B40361B3440}’
(+) HKLM\System\CurrentControlSet\Services\lanmanworkstation\Linkage\Bind: ‘\Device\NetbiosSmb \Device\NetBT_Tcpip_{DFF11E9D-C054-40D0-9D9E-83E48A43C788} \Device\NetBT_Tcpip_{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30} \Device\NetBT_Tcpip_{44AC5DA9-58BE-4488-A4B4-8E8034659B7D} \Device\NetBT_Tcpip_{F50A5713-0098-41AE-8B21-6B40361B3440}’
(-) HKLM\System\CurrentControlSet\Services\lanmanworkstation\Linkage\Route: ‘”NetbiosSmb” “NetBT” “Tcpip” “{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}” “NetBT” “Tcpip” “NdisWanIp”‘
(+) HKLM\System\CurrentControlSet\Services\lanmanworkstation\Linkage\Route: ‘”NetbiosSmb” “NetBT” “Tcpip” “{DFF11E9D-C054-40D0-9D9E-83E48A43C788}” “NetBT” “Tcpip” “{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}” “NetBT” “Tcpip” “NdisWanIp”‘
(-) HKLM\System\CurrentControlSet\Services\lanmanworkstation\Linkage\Export: ‘\Device\LanmanWorkstation_NetbiosSmb \Device\LanmanWorkstation_NetBT_Tcpip_{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30} \Device\LanmanWorkstation_NetBT_Tcpip_{44AC5DA9-58BE-4488-A4B4-8E8034659B7D} \Device\LanmanWorkstation_NetBT_Tcpip_{F50A5713-0098-41AE-8B21-6B40361B3440}’
(+) HKLM\System\CurrentControlSet\Services\lanmanworkstation\Linkage\Export: ‘\Device\LanmanWorkstation_NetbiosSmb \Device\LanmanWorkstation_NetBT_Tcpip_{DFF11E9D-C054-40D0-9D9E-83E48A43C788} \Device\LanmanWorkstation_NetBT_Tcpip_{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30} \Device\LanmanWorkstation_NetBT_Tcpip_{44AC5DA9-58BE-4488-A4B4-8E8034659B7D} \Device\LanmanWorkstation_NetBT_Tcpip_{F50A5713-0098-41AE-8B21-6B40361B3440}’
(-) HKLM\System\CurrentControlSet\Services\Ndisuio\Linkage\Bind: ‘\Device\{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}’
(+) HKLM\System\CurrentControlSet\Services\Ndisuio\Linkage\Bind: ‘\Device\{DFF11E9D-C054-40D0-9D9E-83E48A43C788} \Device\{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}’
(-) HKLM\System\CurrentControlSet\Services\Ndisuio\Linkage\Route: ‘”{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}”‘
(+) HKLM\System\CurrentControlSet\Services\Ndisuio\Linkage\Route: ‘”{DFF11E9D-C054-40D0-9D9E-83E48A43C788}” “{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}”‘
(-) HKLM\System\CurrentControlSet\Services\Ndisuio\Linkage\Export: ‘\Device\Ndisuio_{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}’
(+) HKLM\System\CurrentControlSet\Services\Ndisuio\Linkage\Export: ‘\Device\Ndisuio_{DFF11E9D-C054-40D0-9D9E-83E48A43C788} \Device\Ndisuio_{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}’
(-) HKLM\System\CurrentControlSet\Services\NetBIOS\Linkage\LanaMap: 01 00 00 01 00 02
(+) HKLM\System\CurrentControlSet\Services\NetBIOS\Linkage\LanaMap: 01 03 01 00 00 01 00 02
(-) HKLM\System\CurrentControlSet\Services\NetBIOS\Linkage\Bind: ‘\Device\NetBT_Tcpip_{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30} \Device\NetBT_Tcpip_{44AC5DA9-58BE-4488-A4B4-8E8034659B7D} \Device\NetBT_Tcpip_{F50A5713-0098-41AE-8B21-6B40361B3440}’
(+) HKLM\System\CurrentControlSet\Services\NetBIOS\Linkage\Bind: ‘\Device\NetBT_Tcpip_{DFF11E9D-C054-40D0-9D9E-83E48A43C788} \Device\NetBT_Tcpip_{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30} \Device\NetBT_Tcpip_{44AC5DA9-58BE-4488-A4B4-8E8034659B7D} \Device\NetBT_Tcpip_{F50A5713-0098-41AE-8B21-6B40361B3440}’
(-) HKLM\System\CurrentControlSet\Services\NetBIOS\Linkage\Route: ‘”NetBT” “Tcpip” “{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}” “NetBT” “Tcpip” “NdisWanIp”‘
(+) HKLM\System\CurrentControlSet\Services\NetBIOS\Linkage\Route: ‘”NetBT” “Tcpip” “{DFF11E9D-C054-40D0-9D9E-83E48A43C788}” “NetBT” “Tcpip” “{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}” “NetBT” “Tcpip” “NdisWanIp”‘
(-) HKLM\System\CurrentControlSet\Services\NetBIOS\Linkage\Export: ‘\Device\NetBIOS_NetBT_Tcpip_{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30} \Device\NetBIOS_NetBT_Tcpip_{44AC5DA9-58BE-4488-A4B4-8E8034659B7D} \Device\NetBIOS_NetBT_Tcpip_{F50A5713-0098-41AE-8B21-6B40361B3440}’
(+) HKLM\System\CurrentControlSet\Services\NetBIOS\Linkage\Export: ‘\Device\NetBIOS_NetBT_Tcpip_{DFF11E9D-C054-40D0-9D9E-83E48A43C788} \Device\NetBIOS_NetBT_Tcpip_{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30} \Device\NetBIOS_NetBT_Tcpip_{44AC5DA9-58BE-4488-A4B4-8E8034659B7D} \Device\NetBIOS_NetBT_Tcpip_{F50A5713-0098-41AE-8B21-6B40361B3440}’
(-) HKLM\System\CurrentControlSet\Services\NetBIOS\Parameters\MaxLana: 0×00000002
(+) HKLM\System\CurrentControlSet\Services\NetBIOS\Parameters\MaxLana: 0×00000003
(-) HKLM\System\CurrentControlSet\Services\NetBT\Linkage\Bind: ‘\Device\Tcpip_{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30} \Device\Tcpip_{44AC5DA9-58BE-4488-A4B4-8E8034659B7D} \Device\Tcpip_{F50A5713-0098-41AE-8B21-6B40361B3440}’
(+) HKLM\System\CurrentControlSet\Services\NetBT\Linkage\Bind: ‘\Device\Tcpip_{DFF11E9D-C054-40D0-9D9E-83E48A43C788} \Device\Tcpip_{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30} \Device\Tcpip_{44AC5DA9-58BE-4488-A4B4-8E8034659B7D} \Device\Tcpip_{F50A5713-0098-41AE-8B21-6B40361B3440}’
(-) HKLM\System\CurrentControlSet\Services\NetBT\Linkage\Route: ‘”Tcpip” “{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}” “Tcpip” “NdisWanIp”‘
(+) HKLM\System\CurrentControlSet\Services\NetBT\Linkage\Route: ‘”Tcpip” “{DFF11E9D-C054-40D0-9D9E-83E48A43C788}” “Tcpip” “{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}” “Tcpip” “NdisWanIp”‘
(-) HKLM\System\CurrentControlSet\Services\NetBT\Linkage\Export: ‘\Device\NetBT_Tcpip_{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30} \Device\NetBT_Tcpip_{44AC5DA9-58BE-4488-A4B4-8E8034659B7D} \Device\NetBT_Tcpip_{F50A5713-0098-41AE-8B21-6B40361B3440}’
(+) HKLM\System\CurrentControlSet\Services\NetBT\Linkage\Export: ‘\Device\NetBT_Tcpip_{DFF11E9D-C054-40D0-9D9E-83E48A43C788} \Device\NetBT_Tcpip_{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30} \Device\NetBT_Tcpip_{44AC5DA9-58BE-4488-A4B4-8E8034659B7D} \Device\NetBT_Tcpip_{F50A5713-0098-41AE-8B21-6B40361B3440}’
(-) HKLM\System\CurrentControlSet\Services\RasPppoe\Linkage\Bind: ‘\Device\{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}’
(+) HKLM\System\CurrentControlSet\Services\RasPppoe\Linkage\Bind: ‘\Device\{DFF11E9D-C054-40D0-9D9E-83E48A43C788} \Device\{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}’
(-) HKLM\System\CurrentControlSet\Services\RasPppoe\Linkage\Route: ‘”{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}”‘
(+) HKLM\System\CurrentControlSet\Services\RasPppoe\Linkage\Route: ‘”{DFF11E9D-C054-40D0-9D9E-83E48A43C788}” “{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}”‘
(-) HKLM\System\CurrentControlSet\Services\RasPppoe\Linkage\Export: ‘\Device\RasPppoe_{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}’
(+) HKLM\System\CurrentControlSet\Services\RasPppoe\Linkage\Export: ‘\Device\RasPppoe_{DFF11E9D-C054-40D0-9D9E-83E48A43C788} \Device\RasPppoe_{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}’
(-) HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind: ‘\Device\{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30} \Device\NdisWanIp’
(+) HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind: ‘\Device\{DFF11E9D-C054-40D0-9D9E-83E48A43C788} \Device\{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30} \Device\NdisWanIp’
(-) HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Route: ‘”{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}” “NdisWanIp”‘
(+) HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Route: ‘”{DFF11E9D-C054-40D0-9D9E-83E48A43C788}” “{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}” “NdisWanIp”‘
(-) HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Export: ‘\Device\Tcpip_{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30} \Device\Tcpip_{44AC5DA9-58BE-4488-A4B4-8E8034659B7D} \Device\Tcpip_{F50A5713-0098-41AE-8B21-6B40361B3440}’
(+) HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Export: ‘\Device\Tcpip_{DFF11E9D-C054-40D0-9D9E-83E48A43C788} \Device\Tcpip_{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30} \Device\Tcpip_{44AC5DA9-58BE-4488-A4B4-8E8034659B7D} \Device\Tcpip_{F50A5713-0098-41AE-8B21-6B40361B3440}’
/…/
(-) HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries: 0x0000000D
(+) HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries: 0x0000000F
(-) HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID: 0x000003FA
(+) HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID: 0×00000402
(-) HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num: 0×00000007
(+) HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num: 0×00000009
/…/
(-) HKCU\Software\Microsoft\Internet Explorer\Main\Start Page: “about:blank”
(+) HKCU\Software\Microsoft\Internet Explorer\Main\Start Page: “http://search.conduit.com?SearchSource=10&ctid=CT1561552″
(-) HKCU\Software\Microsoft\Internet Explorer\SearchScopes\DefaultScope: “{0633EE93-D776-472f-A0FF-E1416B8B2E3A}”
(+) HKCU\Software\Microsoft\Internet Explorer\SearchScopes\DefaultScope: “{afdbddaa-5d3f-42ee-b79c-185a7020515b}”
/…/
(-) HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{0D6D4F41-2994-4BA0-8FEF-620E43CD2812}\Count\HRZR_PGYFRFFVBA: 04 49 5B 0E 07 00 00 00
(+) HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{0D6D4F41-2994-4BA0-8FEF-620E43CD2812}\Count\HRZR_PGYFRFFVBA: F9 AD 5B 0E 08 00 00 00
(-) HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore\Count: 0×00000009
(+) HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore\Count: 0x0000000A
(-) HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore\Time: DA 07 0A 00 01 00 0B 00 08 00 2B 00 35 00 AC 03
(+) HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore\Time: DA 07 0A 00 03 00 1B 00 0A 00 0A 00 0D 00 DB 02
(-) HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore\Count: 0×00000009
(+) HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore\Count: 0x0000000A
(-) HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore\Time: DA 07 0A 00 01 00 0B 00 08 00 2B 00 36 00 60 00
(+) HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore\Time: DA 07 0A 00 03 00 1B 00 0A 00 0A 00 0E 00 7E 02

———————————-
Files added:127
———————————-
C:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
C:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
C:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
C:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\bookmarkbackups\bookmarks-2010-10-27.json
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\hotspot_shield.jar
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome.manifest
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\ConduitAutoCompleteSearch.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\ConduitAutoCompleteSearch.xpt
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\ConduitToolbar.idl
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\ConduitToolbar.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\ConduitToolbar.xpt
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\FFExternalAlert.dll
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\FFExternalAlert.xpt
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\RadioWMPCore.dll
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\RadioWMPCore.xpt
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\defaults\default_radio_skin.xml
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\defaults\fbAlert.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\install.rdf
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\lib\xpcom.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\META-INF\manifest.mf
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\META-INF\zigbert.rsa
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\META-INF\zigbert.sf
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\searchplugin\conduit.gif
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\searchplugin\conduit.ico
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\searchplugin\conduit.PNG
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\searchplugin\conduit.src
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\searchplugin\conduit.xml
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\version.txt
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\CT1561552\chat\ChatInfo.xml
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\CT1561552\LanguagePack.xml
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\CT1561552\LocalSettings.txt
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\CT1561552\radio\Skins\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_display_xml.xml
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\CT1561552\ThirdPartyComponents.xml
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\CT1561552\UserAdditionalComponents.xml
C:\Documents and Settings\Administrator\Local Settings\Temp\GLF1F.tmp.tbHots.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\HssInstaller\HssInstaller.txt
C:\Documents and Settings\All Users\Desktop\Hotspot Shield Launch.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Hotspot Shield\Hotspot Shield Control Panel.url
C:\Documents and Settings\All Users\Start Menu\Programs\Hotspot Shield\Hotspot Shield Launch.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Hotspot Shield\Uninstall Hotspot Shield.lnk
C:\Program Files\Conduit\Community Alerts\Alert.dll
C:\Program Files\Hotspot Shield\bin\curl-ca-bundle.crt
C:\Program Files\Hotspot Shield\bin\hssinst.dll
C:\Program Files\Hotspot Shield\bin\HssInstaller.exe
C:\Program Files\Hotspot Shield\bin\HssTrayService.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Hotspot Shield\bin\lang\gui-ara.dll
C:\Program Files\Hotspot Shield\bin\lang\gui-bur.dll
C:\Program Files\Hotspot Shield\bin\lang\gui-chi.dll
C:\Program Files\Hotspot Shield\bin\lang\gui-eng.dll
C:\Program Files\Hotspot Shield\bin\lang\gui-fre.dll
C:\Program Files\Hotspot Shield\bin\lang\gui-ger.dll
C:\Program Files\Hotspot Shield\bin\lang\gui-per.dll
C:\Program Files\Hotspot Shield\bin\lang\gui-rus.dll
C:\Program Files\Hotspot Shield\bin\lang\gui-spa.dll
C:\Program Files\Hotspot Shield\bin\lang\gui-vie.dll
C:\Program Files\Hotspot Shield\bin\libcurl.dll
C:\Program Files\Hotspot Shield\bin\libeay32.dll
C:\Program Files\Hotspot Shield\bin\libidn-11.dll
C:\Program Files\Hotspot Shield\bin\libpkcs11-helper-1.dll
C:\Program Files\Hotspot Shield\bin\libssl32.dll
C:\Program Files\Hotspot Shield\bin\openvpn.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\Program Files\Hotspot Shield\bin\tapinstall.exe
C:\Program Files\Hotspot Shield\config\config.hvpn
C:\Program Files\Hotspot Shield\config\hssst.cfg
C:\Program Files\Hotspot Shield\config\sd-info-direct.cfg
C:\Program Files\Hotspot Shield\config\sd-info-main.cfg
C:\Program Files\Hotspot Shield\config\sdcon.cfg
C:\Program Files\Hotspot Shield\config\upd_dat.cfg
C:\Program Files\Hotspot Shield\driver\OemWin2k.inf
C:\Program Files\Hotspot Shield\driver\taphss.cat
C:\Program Files\Hotspot Shield\driver\taphss.sys
C:\Program Files\Hotspot Shield\hss.ico
C:\Program Files\Hotspot Shield\HssIE\config.txt
C:\Program Files\Hotspot Shield\HssIE\config_srch.txt
C:\Program Files\Hotspot Shield\HssIE\HssIE.dll
C:\Program Files\Hotspot Shield\hsswd\default\default.cfg
C:\Program Files\Hotspot Shield\HssWPR\hssdrv.cat
C:\Program Files\Hotspot Shield\HssWPR\hssdrv.sys
C:\Program Files\Hotspot Shield\HssWPR\hssdrv_m.cat
C:\Program Files\Hotspot Shield\HssWPR\hssinst.dll
C:\Program Files\Hotspot Shield\HssWPR\HssInstaller.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\HssWPR\nethss.inf
C:\Program Files\Hotspot Shield\HssWPR\nethss_m.inf
C:\Program Files\Hotspot Shield\HssWPR\wpr.conf
C:\Program Files\Hotspot Shield\htdocs\check.js
C:\Program Files\Hotspot Shield\htdocs\conect.png
C:\Program Files\Hotspot Shield\htdocs\connect_original.png
C:\Program Files\Hotspot Shield\htdocs\connect_stay.png
C:\Program Files\Hotspot Shield\htdocs\disconnect.html
C:\Program Files\Hotspot Shield\htdocs\disconnect_original.png
C:\Program Files\Hotspot Shield\htdocs\greenico.png
C:\Program Files\Hotspot Shield\htdocs\HSS_logo.png
C:\Program Files\Hotspot Shield\htdocs\lang.js
C:\Program Files\Hotspot Shield\htdocs\logo.png
C:\Program Files\Hotspot Shield\htdocs\message.html
C:\Program Files\Hotspot Shield\htdocs\nsidefs.js
C:\Program Files\Hotspot Shield\htdocs\oac.html
C:\Program Files\Hotspot Shield\htdocs\oac.js
C:\Program Files\Hotspot Shield\htdocs\redico.png
C:\Program Files\Hotspot Shield\htdocs\restart.html
C:\Program Files\Hotspot Shield\htdocs\turnoff.png
C:\Program Files\Hotspot Shield\htdocs\turnon.png
C:\Program Files\Hotspot Shield\license.txt
C:\Program Files\Hotspot Shield\log\config.log
C:\Program Files\Hotspot Shield\log\oas.log
C:\Program Files\Hotspot Shield\Uninstall.exe
C:\Program Files\Hotspot_Shield\Hotspot_ShieldToolbarHelper.exe
C:\Program Files\Hotspot_Shield\INSTALL.LOG
C:\Program Files\Hotspot_Shield\tbHots.dll
C:\Program Files\Hotspot_Shield\toolbar.cfg
C:\Program Files\Hotspot_Shield\UNWISE.EXE
C:\WINDOWS\inf\oem10.inf
C:\WINDOWS\inf\oem10.PNF
C:\WINDOWS\inf\oem8.inf
C:\WINDOWS\inf\oem8.PNF
C:\WINDOWS\inf\oem9.inf
C:\WINDOWS\inf\oem9.PNF
C:\WINDOWS\system32\drivers\HssDrv.sys
C:\WINDOWS\system32\drivers\taphss.sys
C:\Hotspot Shield\hssstate.xml
C:\Hotspot Shield\hsswd\config\saved_ai.cfg
C:\Hotspot Shield\hsswd\hsswd.cfg

———————————-
Files [attributes?] modified:25
———————————-
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\cert8.db
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\compreg.dat
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\cookies.sqlite
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions.cache
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions.ini
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions.rdf
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\key3.db
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\localstore.rdf
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\mimeTypes.rdf
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\places.sqlite
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\pluginreg.dat
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\prefs.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\urlclassifierkey3.txt
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\xpti.dat
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\Cache\_CACHE_001_
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\Cache\_CACHE_002_
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\Cache\_CACHE_MAP_
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\urlclassifier3.sqlite
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\XPC.mfl
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\XUL.mfl
C:\WINDOWS\inf\INFCACHE.1
C:\WINDOWS\setupapi.log
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TimeStamp

———————————-
Folders added:41
———————————-
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\defaults
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\lib
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\META-INF
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\searchplugin
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\CT1561552
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\CT1561552\chat
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\CT1561552\radio
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50icvyvs.default\CT1561552\radio\Skins
C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts
C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\LanguagePacks
C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Log
C:\Documents and Settings\Administrator\Local Settings\Application Data\Hotspot_Shield
C:\Documents and Settings\Administrator\Local Settings\Application Data\Hotspot_Shield\Logs
C:\Documents and Settings\Administrator\Local Settings\Application Data\Hotspot_Shield\MyStuffComponents
C:\Documents and Settings\Administrator\Local Settings\Temp\HssInstaller
C:\Documents and Settings\All Users\Start Menu\Programs\Hotspot Shield
C:\Program Files\Conduit
C:\Program Files\Conduit\Community Alerts
C:\Program Files\Hotspot Shield
C:\Program Files\Hotspot Shield\bin
C:\Program Files\Hotspot Shield\bin\lang
C:\Program Files\Hotspot Shield\config
C:\Program Files\Hotspot Shield\config\hss_data
C:\Program Files\Hotspot Shield\driver
C:\Program Files\Hotspot Shield\HssIE
C:\Program Files\Hotspot Shield\hsswd
C:\Program Files\Hotspot Shield\hsswd\config
C:\Program Files\Hotspot Shield\hsswd\default
C:\Program Files\Hotspot Shield\HssWPR
C:\Program Files\Hotspot Shield\htdocs
C:\Program Files\Hotspot Shield\log
C:\Program Files\Hotspot Shield\log\verify
C:\Program Files\Hotspot Shield\update
C:\Program Files\Hotspot_Shield
C:\Hotspot Shield
C:\Hotspot Shield\hsswd
C:\Hotspot Shield\hsswd\config

———————————-
Total changes:875
———————————-

—————————————————————————————————————————-
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
http://www.regrun.com


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

Written by

Malware Hunter.

Comments

2 Comments on Removed: C:\Program Files\Hotspot_Shield\tbHots.dll (adware HotSpotShield)

  1. bob on Thu, 7th Jun 2012 5:36 am
  2. Is this really a problem??

    The Hotspot program is of course FREE to run so it runs ads to pay for itself.I have used it for awhile and find no problems running it,so what is the worry about here?

  3. NightWatcher on Thu, 7th Jun 2012 10:50 am
  4. This file is probably legitimate, but there is other information: https://www.virustotal.com/file/83c2cfaa6cbcd289a…

Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

You must be logged in to post a comment.