Jump to content

Infected with Advanced Virus Remover infection HELP NEEDED


Recommended Posts

  • Replies 119
  • Created
  • Last Reply

Top Posters In This Topic

Here it the output:

SteelWerX Extended Configuration Access Control Lists

Written by Bobbi Flekman 2006 ©

*******************************************************************************

File: c:\Program Files\Windows Defender\MsMpEng.exe

Permissions:

*******************************************************************************

Username

Type Permissions Inheritance

*******************************************************************************

FAMILY01\Administrators

Allowed Full Control This Folder/File Only

NT AUTHORITY\SYSTEM

Allowed Full Control This Folder/File Only

FAMILY01\Users

Allowed Read and Execute This Folder/File Only

FAMILY01\Power Users

Allowed Read and Execute This Folder/File Only

NT AUTHORITY\SYSTEM

Allowed Full Control This Folder/File Only (Inherited)

FAMILY01\Administrators

Allowed Full Control This Folder/File Only (Inherited)

No Auditing set

Owner: Administrators (FAMILY01\Administrators)

Link to post
Share on other sites

Hi - I just have the MsMpEng.exe file in the folder.

What happened was, when I had first signs of the virus, I tried to download Microsoft Defender. It seemed to get hung up in completing as the virus must have stopped it. So I never fully had it (functionally) due to the virus taking over.

Hope that helps.

Link to post
Share on other sites

I was able to uninstall Windows Defender (versus trying to update it - which would not complete). I then was installing it and got to a point where it gave me this message: "The installer has insufficient privleges to modify the file C:\Program Files\Windows Defender\MsMpEng.exe" At that point I cannot Continue and must Cancel.

The permissions issued is cleared. Please retry installing it.

Link to post
Share on other sites

Awesome !!! It installed and is actually running. I appreciate it.

Unfortunately I need to go, but will be back at 5:30 pm EST.

I should not run into the "privileges" issue again for anything based on these scripts, corrent? Or might I experience this type of issue in trying to install something else. The scripts seemed to be aimed at what the virus had tried to stop and just was wondering if there are other steps to do regarding anything else that the virus took permissions from.

Thanks to both of you for your help this morning....I'll be back at 5:30 to continue on.

Link to post
Share on other sites

Cheers sUBs :angry:

Right, update check ...How are things running now ?

Also, I have a question about scanning an 1) an external hard drive, and 2) a thumb drive that were both installed at the time of the virus which I immediately removed as soon as I knew I had a virus.

Let's check those external drives ...

Step 1

USBNoRisk

Please download USBNoRisk to your Desktop and run it by double-clicking the program's icon

wait a couple of seconds for initial scan to be done

connect all of the USB storage devices to the PC, one at a time, and keep each one connected at least for 10 seconds

if there are more USB storage devices to scan, please take a note about the order in which these were connected

after all the devices are scanned, choose "Save log" option from right-click menu on Monitor tab. That will open the log in Notepad. Please copy/paste the log to forum

Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC, e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras, memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.

----------------------------------------------------------------------------------------

Step 2

Please ensure that any USB/Flash/External drives are connected during the next scan.

Kaspersky Online Scanner .

Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal

NOTE:- This scan is best done from IE (Internet Explorer)

NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin

Go Here http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html

Read the Requirements and limitations before you click Accept.

Once the database has downloaded, click My Computer in the left pane

Now go and put the kettle on !

When the scan has completed, click Save Report As...

Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)

Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

**Note**

To optimize scanning time and produce a more sensible report for review:

  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Link to post
Share on other sites

Hi - I ran step 1 against 1) a small thumb drive, then 2) a large external hard drive, both of which I think may have been involved when the virus hit. I am breaking the log up:

USBNoRisk 2.5 (26 July 2009) by bobby

Started at 8/31/2009 5:45:18 PM

Searching for connected USB Mass storage...

----------------------------------------

========================================

Searching for other storage...

----------------------------------------

C: {1557c642-6c14-11db-aa54-806d6172696f}

D: {1557c643-6c14-11db-aa54-806d6172696f}

========================================

Scanning fixed storage...

----------------------------------------

No blocked files found on C:

No Autorun.inf files found on C:

No mountpoint found for C:

No mountpoint found for 1557c642-6c14-11db-aa54-806d6172696f

No Desktop.ini files found on C:

----------------------------------------

No blocked files found on D:

No Autorun.inf files found on D:

No mountpoint found for D:

No mountpoint found for 1557c643-6c14-11db-aa54-806d6172696f

----------------------------------------

Desktop.ini found at D:\cmdcons\ contains interesting CLSID string

----------------------------------------

[.ShellClassInfo]

CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}

[shellvRTF]

RTFPath="protect.ed"

----------------------------------------

HKCR\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\WINDOWS\system32\ShellvRTF.dll

HKLM\Software\Classes\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\WINDOWS\system32\ShellvRTF.dll

----------------------------------------

Desktop.ini found at D:\MiniNT\ contains interesting CLSID string

----------------------------------------

[.ShellClassInfo]

CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}

[shellvRTF]

RTFPath="protect.ed"

----------------------------------------

HKCR\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\WINDOWS\system32\ShellvRTF.dll

HKLM\Software\Classes\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\WINDOWS\system32\ShellvRTF.dll

----------------------------------------

Desktop.ini found at D:\PRELOAD\ contains interesting CLSID string

----------------------------------------

[.ShellClassInfo]

CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}

[shellvRTF]

RTFPath="protect.ed"

----------------------------------------

HKCR\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\WINDOWS\system32\ShellvRTF.dll

HKLM\Software\Classes\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\WINDOWS\system32\ShellvRTF.dll

----------------------------------------

Desktop.ini found at D:\I386\ contains interesting CLSID string

----------------------------------------

[.ShellClassInfo]

CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}

[shellvRTF]

RTFPath="protect.ed"

----------------------------------------

HKCR\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\WINDOWS\system32\ShellvRTF.dll

HKLM\Software\Classes\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\WINDOWS\system32\ShellvRTF.dll

----------------------------------------

Desktop.ini found at D:\HP\ contains interesting CLSID string

----------------------------------------

[.ShellClassInfo]

CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}

[shellvRTF]

RTFPath="protect.ed"

----------------------------------------

HKCR\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\WINDOWS\system32\ShellvRTF.dll

HKLM\Software\Classes\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\WINDOWS\system32\ShellvRTF.dll

----------------------------------------

Desktop.ini found at D:\TOOLS\ contains interesting CLSID string

----------------------------------------

[.ShellClassInfo]

CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}

[shellvRTF]

RTFPath="protect.ed"

----------------------------------------

HKCR\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\WINDOWS\system32\ShellvRTF.dll

HKLM\Software\Classes\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\WINDOWS\system32\ShellvRTF.dll

----------------------------------------

Desktop.ini found at D:\RECOVERY\ contains interesting CLSID string

----------------------------------------

[.ShellClassInfo]

CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}

[shellvRTF]

RTFPath="protect.ed"

----------------------------------------

HKCR\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\WINDOWS\system32\ShellvRTF.dll

HKLM\Software\Classes\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\WINDOWS\system32\ShellvRTF.dll

----------------------------------------

Desktop.ini found at D:\Recycled\ contains interesting CLSID string

----------------------------------------

[.ShellClassInfo]

CLSID={645FF040-5081-101B-9F08-00AA002F954E}

----------------------------------------

HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915

HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748

HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964

HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31

HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31

HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32

HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll

HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915

HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748

HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964

HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31

HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31

HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32

HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll

----------------------------------------

Desktop.ini found at D:\ contains interesting CLSID string

----------------------------------------

[.ShellClassInfo]

CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}

[shellvRTF]

RTFPath="protect.ed"

----------------------------------------

HKCR\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\WINDOWS\system32\ShellvRTF.dll

HKLM\Software\Classes\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\WINDOWS\system32\ShellvRTF.dll

----------------------------------------

autorun.inf found in Qoobox

----------------------------------------

Content of C:\QooBox\Quarantine\C\WINDOWS\system32\autorun.inf.vir

----------------------------------------

[autorun]

open=setup.exe

icon=setup.exe,0

[Version]

CDGuid={D64BC2CF-0F12-47d7-B412-B4F3FD684253}

SoftwareGuid=

InfrastructureDatabaseList=hpomdl21.dat

LanguagesInthisCD=enu,ell,plk,rus,trk,chs,cht,csy,dan,deu,esn,fin,fra,hun,ita,jp

n,kor,nld,nob,ptb,sve,heb,ara

DefaultLanguageInThisRelease=enu

DIVISION=hpo

ICE_REV=21

FIRST_IO_REVISION=09

LAST_IO_REVISION=09

VCD_FILEVER=0

Manufacturer=HP

RegistryManufacturer=Hewlett-Packard

ProductSeries=Photosmart All-In-One Series

Pre-Install=%ProgramFilesx86%%Manufacturer%

SilentInstall=No

InvalidPathCharacters=#$&,%

ConnectivityPlugin=%sourcepath%setup\hpzdui%ICE_SUFFIX%.exe

PreloadICEEngineToGUIDFolder=%sourcepath%hpzprl01.dat

PreloadRecoveryMechanism=%sourcepath%hpzprl02.dat

PreloadRestingPad=%sourcepath%hpzprl03.dat

UI_03=No

UI_20=Yes

UI_21=No

UI_25=No

UI_30=Yes

UI_50=No

UI_80=swreinstall&NoDeviceConnected&NoDeviceDiscovery

UI_250=Yes

UI_260=Yes

UI_40=Yes

UI_60=Yes

UI_70=Yes

UI_110=Yes

UI_100=Yes

RegistryRebootLocation=DigitalImaging\Install

autorunid=PS_AIO_02_Network_UOW_DVD

ConnectivityStopAndRestart=%InstallMainBin%hpqtra08.exe

driverver=09/06/2007, 090.000.261.000

first_ca_revision=0

CPENetworkSupport=Yes

IEFIX=NoFix

last_ca_revision=0

log=1

maxinstalldirlength=64

maxinstalltime=35

maxpathforcd=100

mininstalltime=15

networkinstall=%sourcepath%setup\hpznui%ICE_SUFFIX%.exe

preloadiceexes=hpoprl10.dat

preloadlpmsis=hpoprl08.dat

preloadproductcontext=hpoprl09.dat

preloadproductmsis=hpoprl07.dat

preloadreadme=hpoprl06.dat

productfinishevent=somestring

provider=HP

setupfinishevent=somestring

shortcut=Yes

shortcutcheckbox=Yes

startup=Yes

UI_261=TimeoutIfSWFirst

DirectConnectSuccessTimeout=5

usingdevicediscovery=Yes

DeviceDiscoveryBucket=DeviceManagement_AIO

%DeviceManagementGUID%={3D47716D-05A9-4538-982E-5D83873A16FD}

[strings]

_TargetDatFile=autorun,scr

%Preload%=%InstallDirx86%Digital Imaging\%CDGuid%\

%ICETemp%=%ProgramFilesx86%%ICETempInPF%\

%ICETempInPF%=%Manufacturer%\Temp\%CDGuid%

%Recovery%=%ICETemp%

%RecoveryInPF%=%ICETempInPF%

%Preloadx86%=%InstallDirx86%Digital Imaging\%CDGuid%\

%InstallMain%=%InstallDirx86%Digital Imaging\

%ProductScrubberDatfile%=hposcr21.dat

%autorunlocation%=.

%setupName%=hpzsetup.exe

%setupStubName%=hpzstub.exe

%MSIRollbackDatFile%=hpzmsirb.dat

%DeviceInstanceRollbackFile%=hpzdirb.dat

%CUEVersion%=9.0

%CUEDivision%=hpq

%WebPrintVersion%=2.0

%DTSSVersion%=8.0

%SoftwareUpdateVersion%=8.0

%PhotosmartEssentialVersion%=2.01

%bounty_id%=D10

%DeviceManagementGUID%={5DD44B11-5236-4e00-BBCC-F30D94AA8741}

%DeviceManagement_ICE_REV%=01

%DeviceManagementDisplayName%=HP Imaging Device Functions

%DeviceManagementUninstallKey%=HP Imaging Device Functions

%eSupportGUID%={EFD54B7D-744F-4730-8F9C-AAF80E6028BA}

%eSupport_ICE_REV%=05

%eSupportDisplayName%=HP Solution Center

%eSupportUninstallKey%=HP Solution Center & Imaging Support Tools

%CustomerExperienceGUID%={BBE9EEF0-BBAC-4871-90DC-4CE0EC02D00B}

%CustomerExperience_ICE_REV%=06

%CustomerExperienceDisplayName%=HP Customer Participation Program

%CustomerExperienceUninstallKey%=HPExtendedCapabilities

%SoftwareUpdate_ICE_REV%=07

%SoftwareUpdateDisplayName%=HP Update

%SoftwareUpdateUninstallKey%={AB40272D-92AB-4F30-B36B-22EDE16F8FE5}

%OCRGUID%={E379D32C-7B7A-48ad-9166-732A48B5A435}

%OCR_ICE_REV%=11

%OCRDisplayName%=HP OCR Software

%OCRUninstallKey%=HPOCR

%WebPrintGUID%={2D1F2124-29E6-460A-B140-E9DF3BC594CE}

%WebPrint_ICE_REV%=15

%WebPrintDisplayName%=HP Smart Web Printing

%WebPrintUninstallKey%={820F9BE6-0998-4187-BE0C-8192BDDC2FEF}

%DTSSGUID%={3D74A00B-BBFC-4834-A728-0633F0D91840}

%DTSS_ICE_REV%=16

%DTSSDisplayName%=Shop for HP Supplies

%DTSSUninstallKey%={7902E313-FF0F-4493-ACB1-A8147B78DCD0}

%DTSSUpgradeCode%={FE9B929E-3BAF-40B1-BFFC-3A078ABAA0C8}

%PhotosmartEssentialGUID%={7FB920E4-5D4E-4e0f-BB7D-C178E5A11A51}

%PhotosmartEssential_ICE_REV%=13

%PhotosmartEssentialDisplayName%=HP Photosmart Essential %PhotosmartEssentialVersion%

%PhotosmartEssentialUninstallKey%=HP Photosmart Essential

%PhotosmartEssentialBASEGUID%={E4E30953-546D-477b-9C50-5B3E07A0A58E}

%PhotosmartEssentialTATTOOGUID%={EAF69D39-7A09-434e-B743-C2CDA5800D75}

%PhotosmartEssentialNOPODGUID%={3C2E7DE1-4FE5-475e-89D7-BA64C1C7B059}

%pcihelp%=%sourcepath%Setup\ps_aio_02_help\

%pcipath%=%InstallDirx86%Digital Imaging\%CDGuid%\Product\

%pcitour%=%sourcepath%Setup\Tour\

%prlhelp%=%InstallDirx86%Digital Imaging\%CDGuid%\Setup\ps_aio_02_help\

%prltour%=%InstallDirx86%Digital Imaging\%CDGuid%\Setup\Tour\

%InstallMainBin%=%InstallDirx86%Digital Imaging\bin\

[MSI]

InstallDir=%ProgramFilesx86%%Manufacturer%\

_TargetDatFile=autorun,scr

Launchbase=msiexec.exe

commandline=ICE_SUFFIX=%ICE_SUFFIX%

[sUI.OPTIN]

Qualifier=%LangQualifier%

LaunchBase=%sourcepath%setup\

1=hpzgat01.exe -on -gate MARS -f %datfile%

[sUI.OPTOUT]

Qualifier=%LangQualifier%

LaunchBase=%sourcepath%setup\

1=hpzgat01.exe -off -gate MARS -f %datfile%

[sUI]

Opt-In_Default=ON

[LanguageMap]

_TargetDatFile=autorun,scr

0x0409=enu

0x0404=cht

0x0804=chs

0x0405=csy

0x0406=dan

0x0407=deu

0x0408=ell

0x040a=esn

0x040b=fin

0x040c=fra

0x040e=hun

0x0410=ita

0x0411=jpn

0x0412=kor

0x0413=nld

0x0414=nob

0x0415=plk

0x0416=ptb

0x0419=rus

0x041d=sve

0x041f=trk

0x0c04=cht

0x1004=chs

0x1404=cht

0x0813=nld

0x0809=enu

0x0c09=enu

0x1009=enu

0x1409=enu

0x1809=enu

0x1c09=enu

0x2009=enu

0x2409=enu

0x2809=enu

0x2c09=enu

0x080c=fra

0x0c0c=fra

0x100c=fra

0x140c=fra

0x180c=fra

0x0456=esn

0x0807=deu

0x0c07=deu

0x1007=deu

0x1407=deu

0x0810=ita

0x0812=kor

0x0c0a=esn

0x080a=esn

0x100a=esn

0x140a=esn

0x180a=esn

0x1c0a=esn

0x200a=esn

0x240a=esn

0x280a=esn

0x2c0a=esn

0x300a=esn

0x340a=esn

0x380a=esn

0x3c0a=esn

0x400a=esn

0x440a=esn

0x480a=esn

0x4c0a=esn

0x500a=esn

0x042d=esn

0x0403=esn

0x081d=sve

0x0422=rus

0x0816=ptb

0x040d=heb

0x041e=xxx

0x0401=ara

0x0801=ara

0x0c01=ara

0x1001=ara

0x1401=ara

0x1801=ara

0x1c01=ara

0x2001=ara

0x2401=ara

0x2801=ara

0x2c01=ara

0x3001=ara

0x3401=ara

0x3801=ara

0x3c01=ara

0x4001=ara

[TwoLetterLanguageMap]

_TargetDatFile=autorun,scr

ara=ar

cht=zh

chs=zh

csy=cs

dan=da

deu=de

ell=el

enu=en

esn=es

fin=fi

fra=fr

heb=he

hun=hu

ita=it

jpn=ja

kor=ko

nld=nl

nob=no

plk=pl

ptb=pt

rus=ru

sve=sv

trk=tr

[PreInstalls]

1=Kahuna1

2=Kahuna2

3=Kahuna3

4=Kahuna4

5=Kahuna5

6=Kahuna6

7=Kahuna7

[PreInstalls.Kahuna1]

CDGUID={5D22B85D-6503-4c4d-8BE1-D5CD9E0F5181}

1={7AB63E68-A8E2-49EF-A575-CCEC39F66312}

2={45B6180B-DCAB-4093-8EE8-6164457517F0}

[PreInstalls.Kahuna2]

CDGUID={5D32B85D-6503-4c4d-8BE1-D5CD9E0F5181}

1={45B6180B-DCAB-4093-8EE8-6164457517F0}

2={19E1E220-E757-43bd-AC1A-EC095CB8A667}

3={F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}

[PreInstalls.Kahuna3]

CDGUID={C6C44651-7C66-4b11-92E8-17565D3D22DD}

1={45B6180B-DCAB-4093-8EE8-6164457517F0}

2={15B9DC72-73F9-4d99-9E28-848D66DA8D99}

3={F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}

4={0FABD3D7-3036-4e78-B29D-58957ADB0A12}

[PreInstalls.Kahuna4]

CDGUID={5E1494D4-3562-4FFB-B35C-600F80F6934C}

1={45B6180B-DCAB-4093-8EE8-6164457517F0}

2={15B9DC72-73F9-4d99-9E28-848D66DA8D99}

3={A1062847-0846-427A-92A1-BB8251A91E91}

[PreInstalls.Kahuna5]

CDGUID={0D182A5E-AEE0-42ca-BD1D-4EEB2FFA256D}

1={A1062847-0846-427A-92A1-BB8251A91E91}

2={4C04DF1B-6A39-4299-9DD1-1FA60000266E}

3={AAC4FC36-8F89-4587-8DD3-EBC57C83374D}

[PreInstalls.Kahuna6]

CDGUID={D0420D64-8D33-4374-A2B2-9225C7925CA6}

1={A1062847-0846-427A-92A1-BB8251A91E91}

2={4C04DF1B-6A39-4299-9DD1-1FA60000266E}

3={AAC4FC36-8F89-4587-8DD3-EBC57C83374D}

[PreInstalls.Kahuna7]

CDGUID={32498B7B-E1F3-4ad5-A23B-F26414E94BE0}

1={342C7C88-D335-4bc2-8CF1-281857629CE2}

2={ABA2B37F-AB88-486e-870A-52454A23FEE0}

3={BA2D9411-DBB4-43e4-9421-780413650A67}

[systemRequirements]

AdminRightRequired=1

RunIfFailureAsynch=

RunIfFailureSynch=

RunIfFailureSynchTimeout=

RunIfWarningAsynch=

RunIfWarningSynch=

RunIfWarningSynchTimeout=

checkspooler=No

installspace=916

maxos=

mincolors=16

mincputext=Pentium II, K6, Transmeta 5400

mindisk=372

mindisplay=800x600

minie=6.00.2600.0000

minmhz=233

minram=56

minsysdisk=250

oslist=500,501,501_64,600,600_64

reccolors=16

reccputext=Pentium II, K6, Transmeta 5400

recdisk=372

recdisplay=800x600

recie=6.00.2600.0000

recmhz=233

recram=56

recsysdisk=250

sectionlist=Buckets

warnproducttypelist=3

blockproducttypelist=3

[systemRequirements.600]

MinBuildNumber=6000

RecBuildNumber=6000

checkspooler=No

installspace=916

maxos=

mincolors=16

mincputext=Pentium II, K6, Transmeta 5400

mindisk=930

mindisplay=800x600

minie=6.00.2600.0000

minmhz=233

minram=56

minsysdisk=160

oslist=500,501,501_64,600,600_64

reccolors=16

reccputext=Pentium II, K6, Transmeta 5400

recdisk=930

recdisplay=800x600

recie=6.00.2600.0000

recmhz=233

recram=56

recsysdisk=160

sectionlist=Buckets

warnproducttypelist=3

blockproducttypelist=3

[systemRequirements.Min]

SysReqPlugIn=%sourcepath%setup\hpzchk01.exe

[OSBlock.400]

launchbase=Setup\

1=hpzchk01.exe

[OSBlock.410]

launchbase=Setup\

1=hpzchk01.exe

[OSBlock.490]

launchbase=Setup\

1=hpzchk01.exe

[RunAs]

launchbase=Setup\

Qualifier=%OS%

[RunAs.500]

launchbase=Setup\

1=hpzchk01.exe

[RunAs.501]

launchbase=Setup\

1=hpzchk01.exe

[RunAs.501_64]

launchbase=Setup\

1=hpzchk01.exe

[Run1]

launchbase=%sourcepath%setup\

1=hpzpnp%ICE_SUFFIX%.exe

2=hpzpsc01.exe -OSUP

3=hpzrein01.exe

4=hpzwup01.exe

5=hpzshl%ICE_SUFFIX%.exe -m WebPrintShield

6=hpzshl%ICE_SUFFIX%.exe -m DelayedReboot

qualifier=%os%

[Run2]

launchbase=%sourcepath%setup\

1=hpzopt01.exe

2=hpqbhp01.exe

3=hpzpsc01.exe -list ProductReleases -CPE

4=hpzsui01.exe

5=hpzshl%ICE_SUFFIX%.exe -m Printer,ICEPreShield,HPSecurity,CompositeDev,MassStorage,CloseManagerofTrayApp

6=[Run.SetRecovery]

qualifier=%os%

[Run3]

launchbase=%sourcepath%Setup\

1=[PatchesAvailable]

2=hpzprl%ICE_SUFFIX%.exe -m PreloadICEEngineToGUIDFolder

3=hpzprl%ICE_SUFFIX%.exe -m PreloadICEExes

4=[DPInstRunXML]

5=[dot4wrp]

6=[Run.stepbystep]

7=hpznop01.exe -PostRegisteredMessage WM_START_BITMAP_TIMER

8=hpzcdl01.exe -storesourcepath

9=[bucketsAvailable]

10=[Run.easyinstall]

11=hpzfwx01.exe -m postinstallfirewallexceptionlist

12=[Run.CommitFull]

qualifier=%os%

[Run.StepByStep]

1=hpzpnp%ICE_SUFFIX%.exe -clean -gateoncmdline easyinstall -runifoff

2=hpzdui%ICE_SUFFIX%.exe -gateoncmdline easyinstall -runifoff

3=hpzpnp%ICE_SUFFIX%.exe -clean -gateoncmdline easyinstall

Link to post
Share on other sites

part 2:

Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}

Value=UpperFilter

Data=hpusbfd

Type=MULTI_SZ

ReplaceWith=*

BlockIfFail=Yes

[shield.Roxio.500]

IssueType=File

Manufacturer=Roxio

MaxVersion=0x0002000000000046

MinVersion=0x0002000000000046

Action=STOP

Condition=EXIST

DisplayName=Easy CD Creator 5

BlockIfFail=Yes

FileName=%system%drivers\PrtSeqRd.sys

SpecialText=Shield.Roxio.Text

[shield.Roxio.501]

IssueType=File

Manufacturer=Roxio

MaxVersion=0x0002000000000046

MinVersion=0x0002000000000046

Action=STOP

Condition=EXIST

DisplayName=Easy CD Creator 5

FileName=%system%drivers\PrtSeqRd.sys

BlockIfFail=Yes

SpecialText=Shield.Roxio.Text

[shield.Roxio.501_64]

IssueType=File

Manufacturer=Roxio

MaxVersion=0x0002000000000046

MinVersion=0x0002000000000046

Action=STOP

Condition=EXIST

DisplayName=Easy CD Creator 5

FileName=%system%drivers\PrtSeqRd.sys

BlockIfFail=Yes

SpecialText=Shield.Roxio.Text

[shield.Roxio.600]

IssueType=File

Manufacturer=Roxio

MaxVersion=0x0002000000000046

MinVersion=0x0002000000000046

Action=STOP

Condition=EXIST

DisplayName=Easy CD Creator 5

FileName=%system%drivers\PrtSeqRd.sys

BlockIfFail=Yes

SpecialText=Shield.Roxio.Text

[shield.Roxio.600_64]

IssueType=File

Manufacturer=Roxio

MaxVersion=0x0002000000000046

MinVersion=0x0002000000000046

Action=STOP

Condition=EXIST

DisplayName=Easy CD Creator 5

FileName=%system%drivers\PrtSeqRd.sys

BlockIfFail=Yes

SpecialText=Shield.Roxio.Text

[shield.Firewalls]

1=Smc

2=Zapro

3=Ccapp

4=BlackIce

5=MpfAgent

6=Ca

7=ccEvtMgr

8=SndSrvc

9=ccProxy

10=ccPwdSvc

11=ccSetMgr

12=Zlclient

13=Pavfires

[shield.Smc.500]

IssueType=Service

ServiceName=SmcService

DisplayName=Sygate Security Agent: Firewall

Manufacturer=Sygate Technologies

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.Smc.501]

IssueType=Service

ServiceName=SmcService

DisplayName=Sygate Security Agent: Firewall

Manufacturer=Sygate Technologies

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.Smc.501_64]

IssueType=Service

ServiceName=SmcService

DisplayName=Sygate Security Agent: Firewall

Manufacturer=Sygate Technologies

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.Smc.600]

IssueType=Service

ServiceName=SmcService

DisplayName=Sygate Security Agent: Firewall

Manufacturer=Sygate Technologies

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.Smc.600_64]

IssueType=Service

ServiceName=SmcService

DisplayName=Sygate Security Agent: Firewall

Manufacturer=Sygate Technologies

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.Zapro.500]

IssueType=Service

ServiceName=vsmon

DisplayName=Zone Alarm TrueVector Internet Monitor

Manufacturer=Broderbund/Zone Labs,LLC

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.Zapro.501]

IssueType=Service

ServiceName=vsmon

DisplayName=Zone Alarm TrueVector Internet Monitor

Manufacturer=Broderbund/Zone Labs,LLC

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.Zapro.501_64]

IssueType=Service

ServiceName=vsmon

DisplayName=Zone Alarm TrueVector Internet Monitor

Manufacturer=Broderbund/Zone Labs,LLC

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.Zapro.600]

IssueType=Service

ServiceName=vsmon

DisplayName=Zone Alarm TrueVector Internet Monitor

Manufacturer=Broderbund/Zone Labs,LLC

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.Zapro.600_64]

IssueType=Service

ServiceName=vsmon

DisplayName=Zone Alarm TrueVector Internet Monitor

Manufacturer=Broderbund/Zone Labs,LLC

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.Ccapp.500]

IssueType=Service

ServiceName=Symantec Core LC

DisplayName=Symantec Core LC: Firewall

Manufacturer=Symantec

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.Ccapp.501]

IssueType=Service

ServiceName=Symantec Core LC

DisplayName=Symantec Core LC: Firewall

Manufacturer=Symantec

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.Ccapp.501_64]

IssueType=Service

ServiceName=Symantec Core LC

DisplayName=Symantec Core LC: Firewall

Manufacturer=Symantec

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.Ccapp.600]

IssueType=Service

ServiceName=Symantec Core LC

DisplayName=Symantec Core LC: Firewall

Manufacturer=Symantec

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.Ccapp.600_64]

IssueType=Service

ServiceName=Symantec Core LC

DisplayName=Symantec Core LC: Firewall

Manufacturer=Symantec

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.BlackIce.500]

IssueType=Service

ServiceName=BlackICE

DisplayName=BlackICE: Firewall

Manufacturer=Internet Security Systems

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.BlackIce.501]

IssueType=Service

ServiceName=BlackICE

DisplayName=BlackICE: Firewall

Manufacturer=Internet Security Systems

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.BlackIce.501_64]

IssueType=Service

ServiceName=BlackICE

DisplayName=BlackICE: Firewall

Manufacturer=Internet Security Systems

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.BlackIce.600]

IssueType=Service

ServiceName=BlackICE

DisplayName=BlackICE: Firewall

Manufacturer=Internet Security Systems

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.BlackIce.600_64]

IssueType=Service

ServiceName=BlackICE

DisplayName=BlackICE: Firewall

Manufacturer=Internet Security Systems

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.MpfAgent.500]

IssueType=Service

ServiceName=MpfService

DisplayName=McAfee Personal Firewall Service

Manufacturer=McAfee Security

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.MpfAgent.501]

IssueType=Service

ServiceName=MpfService

DisplayName=McAfee Personal Firewall Service

Manufacturer=McAfee Security

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.MpfAgent.501_64]

IssueType=Service

ServiceName=MpfService

DisplayName=McAfee Personal Firewall Service

Manufacturer=McAfee Security

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.MpfAgent.600]

IssueType=Service

ServiceName=MpfService

DisplayName=McAfee Personal Firewall Service

Manufacturer=McAfee Security

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.MpfAgent.600_64]

IssueType=Service

ServiceName=MpfService

DisplayName=McAfee Personal Firewall Service

Manufacturer=McAfee Security

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.ccEvtMgr.500]

IssueType=Service

ServiceName=ccEvtMgr

DisplayName=Symantec Event Manager: Firewall

Manufacturer=Symantec

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.ccEvtMgr.501]

IssueType=Service

ServiceName=ccEvtMgr

DisplayName=Symantec Event Manager: Firewall

Manufacturer=Symantec

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.ccEvtMgr.501_64]

IssueType=Service

ServiceName=ccEvtMgr

DisplayName=Symantec Event Manager: Firewall

Manufacturer=Symantec

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.ccEvtMgr.600]

IssueType=Service

ServiceName=ccEvtMgr

DisplayName=Symantec Event Manager: Firewall

Manufacturer=Symantec

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.ccEvtMgr.600_64]

IssueType=Service

ServiceName=ccEvtMgr

DisplayName=Symantec Event Manager: Firewall

Manufacturer=Symantec

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.SndSrvc.500]

IssueType=Service

ServiceName=SndSrvc

DisplayName=Symantec Network Drivers Service : Firewall

Manufacturer=Symantec

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.SndSrvc.501]

IssueType=Service

ServiceName=SndSrvc

DisplayName=Symantec Network Drivers Service : Firewall

Manufacturer=Symantec

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.SndSrvc.501_64]

IssueType=Service

ServiceName=SndSrvc

DisplayName=Symantec Network Drivers Service : Firewall

Manufacturer=Symantec

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.SndSrvc.600]

IssueType=Service

ServiceName=SndSrvc

DisplayName=Symantec Network Drivers Service : Firewall

Manufacturer=Symantec

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.SndSrvc.600_64]

IssueType=Service

ServiceName=SndSrvc

DisplayName=Symantec Network Drivers Service : Firewall

Manufacturer=Symantec

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.ccProxy.500]

IssueType=Service

ServiceName=ccProxy

DisplayName=Symantec Network Proxy: Firewall

Manufacturer=Symantec

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.ccProxy.501]

IssueType=Service

ServiceName=ccProxy

DisplayName=Symantec Network Proxy: Firewall

Manufacturer=Symantec

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.ccProxy.501_64]

IssueType=Service

ServiceName=ccProxy

DisplayName=Symantec Network Proxy: Firewall

Manufacturer=Symantec

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.ccProxy.600]

IssueType=Service

ServiceName=ccProxy

DisplayName=Symantec Network Proxy: Firewall

Manufacturer=Symantec

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.ccProxy.600_64]

IssueType=Service

ServiceName=ccProxy

DisplayName=Symantec Network Proxy: Firewall

Manufacturer=Symantec

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.ccPwdSvc.500]

IssueType=Service

ServiceName=ccPwdSvc

DisplayName=Symantec Password Validation: Firewall

Manufacturer=Symantec

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.ccPwdSvc.501]

IssueType=Service

ServiceName=ccPwdSvc

DisplayName=Symantec Password Validation: Firewall

Manufacturer=Symantec

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.ccPwdSvc.501_64]

IssueType=Service

ServiceName=ccPwdSvc

DisplayName=Symantec Password Validation: Firewall

Manufacturer=Symantec

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.ccPwdSvc.600]

IssueType=Service

ServiceName=ccPwdSvc

DisplayName=Symantec Password Validation: Firewall

Manufacturer=Symantec

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.ccPwdSvc.600_64]

IssueType=Service

ServiceName=ccPwdSvc

DisplayName=Symantec Password Validation: Firewall

Manufacturer=Symantec

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.ccSetMgr.500]

IssueType=Service

ServiceName=ccSetMgr

DisplayName=Symantec Settings Manager: Firewall

Manufacturer=Symantec

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.ccSetMgr.501]

IssueType=Service

ServiceName=ccSetMgr

DisplayName=Symantec Settings Manager: Firewall

Manufacturer=Symantec

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.ccSetMgr.501_64]

IssueType=Service

ServiceName=ccSetMgr

DisplayName=Symantec Settings Manager: Firewall

Manufacturer=Symantec

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.ccSetMgr.600]

IssueType=Service

ServiceName=ccSetMgr

DisplayName=Symantec Settings Manager: Firewall

Manufacturer=Symantec

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.ccSetMgr.600_64]

IssueType=Service

ServiceName=ccSetMgr

DisplayName=Symantec Settings Manager: Firewall

Manufacturer=Symantec

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.Pavfires.500]

IssueType=Service

ServiceName=PAVFIRES

DisplayName=Panda Firewall Service

Manufacturer=TruPrevent Technologies

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.Pavfires.501]

IssueType=Service

ServiceName=PAVFIRES

DisplayName=Panda Firewall Service

Manufacturer=TruPrevent Technologies

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.Pavfires.600]

IssueType=Service

ServiceName=PAVFIRES

DisplayName=Panda Firewall Service

Manufacturer=TruPrevent Technologies

Action=NoFix

Condition=Running

SpecialText=Shield.Firewalls.Text

[shield.HPSecurity]

1=HP RegKey

2=Hewlett-Packard RegKey

3=Hewlett Packard RegKey

4=LEAD Technologies RegKey

5=WoW64 HP RegKey

6=WoW64 Hewlett-Packard RegKey

7=WoW64 Hewlett Packard RegKey

8=WoW64 LEAD Technologies RegKey

[shield.HP RegKey.500]

IssueType=RegKey

Manufacturer=HP

DisplayName=HP

Key=HKEY_LOCAL_MACHINE\SOFTWARE\HP

Condition=NotWriteable

Action=AutoFix

BlockIfFail=Yes

Recurse=Yes

OverwriteDacl=Yes

CheckAccess=CommonSidList

SetAccess=CommonSidList

Timeout=10

[shield.HP RegKey.501]

IssueType=RegKey

Manufacturer=HP

DisplayName=HP

Key=HKEY_LOCAL_MACHINE\SOFTWARE\HP

Condition=NotWriteable

Action=AutoFix

BlockIfFail=Yes

Recurse=Yes

OverwriteDacl=Yes

CheckAccess=CommonSidList

SetAccess=CommonSidList

Timeout=10

[shield.HP RegKey.501_64]

IssueType=RegKey

Manufacturer=HP

DisplayName=HP

Key=HKEY_LOCAL_MACHINE\SOFTWARE\HP

Condition=NotWriteable

Action=AutoFix

BlockIfFail=Yes

Recurse=Yes

OverwriteDacl=Yes

CheckAccess=CommonSidList

SetAccess=CommonSidList

Timeout=10

[shield.HP RegKey.600]

IssueType=RegKey

Manufacturer=HP

DisplayName=HP

Key=HKEY_LOCAL_MACHINE\SOFTWARE\HP

Condition=NotWriteable

Action=AutoFix

BlockIfFail=Yes

Recurse=Yes

OverwriteDacl=Yes

CheckAccess=CommonSidList

SetAccess=CommonSidList

Timeout=10

[shield.HP RegKey.600_64]

IssueType=RegKey

Manufacturer=HP

DisplayName=HP

Key=HKEY_LOCAL_MACHINE\SOFTWARE\HP

Condition=NotWriteable

Action=AutoFix

BlockIfFail=Yes

Recurse=Yes

OverwriteDacl=Yes

CheckAccess=CommonSidList

SetAccess=CommonSidList

Timeout=10

[shield.Hewlett-Packard RegKey.500]

IssueType=RegKey

Manufacturer=HP

DisplayName=Hewlett-Packard

Key=HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard

Condition=NotWriteable

Action=AutoFix

BlockIfFail=Yes

Recurse=Yes

OverwriteDacl=Yes

CheckAccess=CommonSidList

SetAccess=CommonSidList

Timeout=10

[shield.Hewlett-Packard RegKey.501]

IssueType=RegKey

Manufacturer=HP

DisplayName=Hewlett-Packard

Key=HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard

Condition=NotWriteable

Action=AutoFix

BlockIfFail=Yes

Recurse=Yes

OverwriteDacl=Yes

CheckAccess=CommonSidList

SetAccess=CommonSidList

Timeout=10

[shield.Hewlett-Packard RegKey.501_64]

IssueType=RegKey

Manufacturer=HP

DisplayName=Hewlett-Packard

Key=HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard

Condition=NotWriteable

Action=AutoFix

BlockIfFail=Yes

Recurse=Yes

OverwriteDacl=Yes

CheckAccess=CommonSidList

SetAccess=CommonSidList

Timeout=10

[shield.Hewlett-Packard RegKey.600]

IssueType=RegKey

Manufacturer=HP

DisplayName=Hewlett-Packard

Key=HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard

Condition=NotWriteable

Action=AutoFix

BlockIfFail=Yes

Recurse=Yes

OverwriteDacl=Yes

CheckAccess=CommonSidList

SetAccess=CommonSidList

Timeout=10

[shield.Hewlett-Packard RegKey.600_64]

IssueType=RegKey

Manufacturer=HP

DisplayName=Hewlett-Packard

Key=HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard

Condition=NotWriteable

Action=AutoFix

BlockIfFail=Yes

Recurse=Yes

OverwriteDacl=Yes

CheckAccess=CommonSidList

SetAccess=CommonSidList

Timeout=10

[shield.Hewlett Packard RegKey.500]

IssueType=RegKey

Manufacturer=HP

DisplayName=Hewlett Packard

Key=HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett Packard

Condition=NotWriteable

Action=AutoFix

BlockIfFail=Yes

Recurse=Yes

OverwriteDacl=Yes

CheckAccess=CommonSidList

SetAccess=CommonSidList

Timeout=10

[shield.Hewlett Packard RegKey.501]

IssueType=RegKey

Manufacturer=HP

DisplayName=Hewlett Packard

Key=HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett Packard

Condition=NotWriteable

Action=AutoFix

BlockIfFail=Yes

Recurse=Yes

OverwriteDacl=Yes

CheckAccess=CommonSidList

SetAccess=CommonSidList

Timeout=10

[shield.Hewlett Packard RegKey.501_64]

IssueType=RegKey

Manufacturer=HP

DisplayName=Hewlett Packard

Key=HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett Packard

Condition=NotWriteable

Action=AutoFix

BlockIfFail=Yes

Recurse=Yes

OverwriteDacl=Yes

CheckAccess=CommonSidList

SetAccess=CommonSidList

Timeout=10

[shield.Hewlett Packard RegKey.600]

IssueType=RegKey

Manufacturer=HP

DisplayName=Hewlett Packard

Key=HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett Packard

Condition=NotWriteable

Action=AutoFix

BlockIfFail=Yes

Recurse=Yes

OverwriteDacl=Yes

CheckAccess=CommonSidList

SetAccess=CommonSidList

Timeout=10

[shield.Hewlett Packard RegKey.600_64]

IssueType=RegKey

Manufacturer=HP

DisplayName=Hewlett Packard

Key=HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett Packard

Condition=NotWriteable

Action=AutoFix

BlockIfFail=Yes

Recurse=Yes

OverwriteDacl=Yes

CheckAccess=CommonSidList

SetAccess=CommonSidList

Timeout=10

[shield.LEAD Technologies RegKey.500]

IssueType=RegKey

Manufacturer=HP

DisplayName=LEAD Technologies, Inc.

Key=HKEY_LOCAL_MACHINE\SOFTWARE\LEAD Technologies, Inc.

Condition=NotWriteable

Action=AutoFix

BlockIfFail=Yes

Recurse=Yes

OverwriteDacl=Yes

CheckAccess=CommonSidList

SetAccess=CommonSidList

Timeout=10

[shield.LEAD Technologies RegKey.501]

IssueType=RegKey

Manufacturer=HP

DisplayName=LEAD Technologies, Inc.

Key=HKEY_LOCAL_MACHINE\SOFTWARE\LEAD Technologies, Inc.

Condition=NotWriteable

Action=AutoFix

BlockIfFail=Yes

Recurse=Yes

OverwriteDacl=Yes

CheckAccess=CommonSidList

SetAccess=CommonSidList

Timeout=10

[shield.LEAD Technologies RegKey.501_64]

IssueType=RegKey

Manufacturer=HP

DisplayName=LEAD Technologies, Inc.

Key=HKEY_LOCAL_MACHINE\SOFTWARE\LEAD Technologies, Inc.

Condition=NotWriteable

Action=AutoFix

BlockIfFail=Yes

Recurse=Yes

OverwriteDacl=Yes

CheckAccess=CommonSidList

SetAccess=CommonSidList

Timeout=10

[shield.LEAD Technologies RegKey.600]

IssueType=RegKey

Manufacturer=HP

DisplayName=LEAD Technologies, Inc.

Key=HKEY_LOCAL_MACHINE\SOFTWARE\LEAD Technologies, Inc.

Condition=NotWriteable

Action=AutoFix

BlockIfFail=Yes

Recurse=Yes

OverwriteDacl=Yes

CheckAccess=CommonSidList

SetAccess=CommonSidList

Timeout=10

[shield.LEAD Technologies RegKey.600_64]

IssueType=RegKey

Manufacturer=HP

DisplayName=LEAD Technologies, Inc.

Key=HKEY_LOCAL_MACHINE\SOFTWARE\LEAD Technologies, Inc.

Condition=NotWriteable

Action=AutoFix

BlockIfFail=Yes

Recurse=Yes

OverwriteDacl=Yes

CheckAccess=CommonSidList

SetAccess=CommonSidList

Timeout=10

[shield.WoW64 HP RegKey.501_64]

IssueType=RegKey

Manufacturer=HP

DisplayName=HP

Key=HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\HP

Condition=NotWriteable

Action=AutoFix

BlockIfFail=Yes

Recurse=Yes

OverwriteDacl=Yes

CheckAccess=CommonSidList

SetAccess=CommonSidList

Timeout=10

[shield.WoW64 HP RegKey.600_64]

IssueType=RegKey

Manufacturer=HP

DisplayName=HP

Key=HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\HP

Condition=NotWriteable

Action=AutoFix

BlockIfFail=Yes

Recurse=Yes

OverwriteDacl=Yes

CheckAccess=CommonSidList

SetAccess=CommonSidList

Timeout=10

[shield.WoW64 Hewlett-Packard RegKey.501_64]

IssueType=RegKey

Manufacturer=HP

DisplayName=Hewlett-Packard

Key=HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Hewlett-Packard

Condition=NotWriteable

Action=AutoFix

BlockIfFail=Yes

Recurse=Yes

OverwriteDacl=Yes

CheckAccess=CommonSidList

SetAccess=CommonSidList

Timeout=10

[shield.WoW64 Hewlett-Packard RegKey.600_64]

IssueType=RegKey

Manufacturer=HP

DisplayName=Hewlett-Packard

Key=HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Hewlett-Packard

Condition=NotWriteable

Action=AutoFix

BlockIfFail=Yes

Recurse=Yes

OverwriteDacl=Yes

CheckAccess=CommonSidList

SetAccess=CommonSidList

Timeout=10

[shield.WoW64 Hewlett Packard RegKey.501_64]

IssueType=RegKey

Manufacturer=HP

DisplayName=Hewlett Packard

Key=HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Hewlett Packard

Condition=NotWriteable

Action=AutoFix

BlockIfFail=Yes

Recurse=Yes

OverwriteDacl=Yes

CheckAccess=CommonSidList

SetAccess=CommonSidList

Timeout=10

[shield.WoW64 Hewlett Packard RegKey.600_64]

IssueType=RegKey

Manufacturer=HP

DisplayName=Hewlett Packard

Key=HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Hewlett Packard

Condition=NotWriteable

Action=AutoFix

BlockIfFail=Yes

Recurse=Yes

OverwriteDacl=Yes

CheckAccess=CommonSidList

SetAccess=CommonSidList

Timeout=10

[shield.WoW64 LEAD Technologies RegKey.501_64]

IssueType=RegKey

Manufacturer=HP

DisplayName=LEAD Technologies, Inc.

Key=HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LEAD Technologies, Inc.

Condition=NotWriteable

Action=AutoFix

BlockIfFail=Yes

Recurse=Yes

OverwriteDacl=Yes

CheckAccess=CommonSidList

SetAccess=CommonSidList

Timeout=10

[shield.WoW64 LEAD Technologies RegKey.600_64]

IssueType=RegKey

Manufacturer=HP

DisplayName=LEAD Technologies, Inc.

Key=HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LEAD Technologies, Inc.

Condition=NotWriteable

Action=AutoFix

BlockIfFail=Yes

Recurse=Yes

OverwriteDacl=Yes

CheckAccess=CommonSidList

SetAccess=CommonSidList

Timeout=10

[shield.CommonSidList]

S-1-5-32-544=0x000f003f

S-1-5-18=0x000f003f

S-1-5-32-545=0x00020019

[shield.SystemAccess]

S-1-1-0=0x00020019

S-1-5-18=0x000f003f

[shield.ReadOnlyPNFs.500]

IssueType=File

launchbase=%sourcepath%setup\

Manufacturer=Microsoft

DisplayName=Read Only PNF files

Action=Autofix

FileName=%system%attrib.exe

Condition=Exists

1=hpzwrp01.exe -m SetPnfAttrib

[shield.ReadOnlyPNFs.501]

IssueType=File

launchbase=%sourcepath%setup\

Manufacturer=Microsoft

DisplayName=Read Only PNF files

Action=Autofix

FileName=%system%attrib.exe

Condition=Exists

1=hpzwrp01.exe -m SetPnfAttrib

[shield.ReadOnlyPNFs.501_64]

IssueType=File

launchbase=%sourcepath%setup\

Manufacturer=Microsoft

DisplayName=Read Only PNF files

Action=Autofix

FileName=%system%attrib.exe

Condition=Exists

1=hpzwrp01.exe -m SetPnfAttrib

[shield.ReadOnlyPNFs.600]

IssueType=File

launchbase=%sourcepath%setup\

Manufacturer=Microsoft

DisplayName=Read Only PNF files

Action=Autofix

FileName=%system%attrib.exe

Condition=Exists

1=hpzwrp01.exe -m SetPnfAttrib

[shield.ReadOnlyPNFs.600_64]

IssueType=File

launchbase=%sourcepath%setup\

Manufacturer=Microsoft

DisplayName=Read Only PNF files

Action=Autofix

FileName=%system%attrib.exe

Condition=Exists

1=hpzwrp01.exe -m SetPnfAttrib

[setPnfAttrib]

Open=%system%attrib -r %windows%inf\oem*.pnf

[shield.DelayedReboot]

1=CheckForFiles

[shield.CheckForFiles]

IssueType=RebootFile

Manufacturer=HP

Action=Autofix

1=Digital Imaging

2=%division%

3=system32\hpz

4=system\hpz

5=hpf

6=twain_32\hpsj

Return=Reboot

BlockIfFail=No

result=Reboot

[shield.DelayedRebootCUE]

1=CUECheckForFiles

[shield.CUECheckForFiles]

IssueType=RebootFile

Manufacturer=HP

Action=Autofix

1=Digital Imaging

Return=Reboot

BlockIfFail=No

result=Reboot

[shield.CryptSvc.501]

IssueType=Service

ServiceName=Cryptsvc

Manufacturer=Microsoft

Action=AUTOFIX

Condition=STOPPED

DisplayName=Windows Cryptographic Service

BlockIfFail=Yes

[shield.CryptSvc.501_64]

IssueType=Service

ServiceName=Cryptsvc

Manufacturer=Microsoft

Action=AUTOFIX

Condition=STOPPED

DisplayName=Windows Cryptographic Service

BlockIfFail=Yes

[shield.CryptSvc.600]

IssueType=Service

ServiceName=Cryptsvc

Manufacturer=Microsoft

Action=AUTOFIX

Condition=STOPPED

DisplayName=Windows Cryptographic Service

BlockIfFail=Yes

[shield.CryptSvc.600_64]

IssueType=Service

ServiceName=Cryptsvc

Manufacturer=Microsoft

Action=AUTOFIX

Condition=STOPPED

DisplayName=Windows Cryptographic Service

BlockIfFail=Yes

[shield.softpubDll.500]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Initialization\{64B9D180-8DA2-11CF-8736-00AA00A485EB}

DisplayName=softpub.dll

BlockIfFail=Yes

1=regsvr32 /s softpub.dll

[shield.softpubDll.501]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Initialization\{64B9D180-8DA2-11CF-8736-00AA00A485EB}

DisplayName=softpub.dll

BlockIfFail=Yes

1=regsvr32 /s softpub.dll

[shield.softpubDll.501_64]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Initialization\{64B9D180-8DA2-11CF-8736-00AA00A485EB}

DisplayName=softpub.dll

BlockIfFail=Yes

1=regsvr32 /s softpub.dll

[shield.softpubDll.600]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Initialization\{64B9D180-8DA2-11CF-8736-00AA00A485EB}

DisplayName=softpub.dll

BlockIfFail=Yes

1=regsvr32 /s softpub.dll

[shield.softpubDll.600_64]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Initialization\{64B9D180-8DA2-11CF-8736-00AA00A485EB}

DisplayName=softpub.dll

BlockIfFail=Yes

1=regsvr32 /s softpub.dll

[shield.Wow64softpubDll.501_64]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{64B9D180-8DA2-11CF-8736-00AA00A485EB}

DisplayName=softpub.dll

BlockIfFail=Yes

1=%SYSWOW64%regsvr32 /s softpub.dll

[shield.Wow64softpubDll.600_64]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{64B9D180-8DA2-11CF-8736-00AA00A485EB}

DisplayName=softpub.dll

BlockIfFail=Yes

1=%SYSWOW64%regsvr32 /s softpub.dll

[shield.wintrustDll.500]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.15

DisplayName=wintrust.dll

BlockIfFail=Yes

1=regsvr32 /s wintrust.dll

[shield.wintrustDll.501]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.15

DisplayName=wintrust.dll

BlockIfFail=Yes

1=regsvr32 /s wintrust.dll

[shield.wintrustDll.501_64]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.15

DisplayName=wintrust.dll

BlockIfFail=Yes

1=regsvr32 /s wintrust.dll

[shield.wintrustDll.600]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.15

DisplayName=wintrust.dll

BlockIfFail=Yes

1=regsvr32 /s wintrust.dll

[shield.wintrustDll.600_64]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.15

DisplayName=wintrust.dll

BlockIfFail=Yes

1=regsvr32 /s wintrust.dll

[shield.Wow64wintrustDll.501_64]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.15

DisplayName=wintrust.dll

BlockIfFail=Yes

1=%SYSWOW64%regsvr32 /s wintrust.dll

[shield.Wow64wintrustDll.600_64]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.15

DisplayName=wintrust.dll

BlockIfFail=Yes

1=%SYSWOW64%regsvr32 /s wintrust.dll

[shield.initpkiDll.500]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_CLASSES_ROOT\CLSID\{7444C717-39BF-11D1-8CD9-00C04FC29D45}\ProgID

DisplayName=initpki.dll

BlockIfFail=Yes

1=regsvr32 /s initpki.dll

[shield.initpkiDll.501]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_CLASSES_ROOT\CLSID\{7444C717-39BF-11D1-8CD9-00C04FC29D45}\ProgID

DisplayName=initpki.dll

BlockIfFail=Yes

1=regsvr32 /s initpki.dll

[shield.initpkiDll.501_64]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_CLASSES_ROOT\CLSID\{7444C717-39BF-11D1-8CD9-00C04FC29D45}\ProgID

DisplayName=initpki.dll

BlockIfFail=Yes

1=regsvr32 /s initpki.dll

[shield.cryptextDll.600]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_CLASSES_ROOT\CLSID\{7444C717-39BF-11D1-8CD9-00C04FC29D45}\ProgID

DisplayName=cryptext.dll

BlockIfFail=Yes

1=regsvr32 /s cryptext.dll

[shield.cryptextDll.600_64]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_CLASSES_ROOT\CLSID\{7444C717-39BF-11D1-8CD9-00C04FC29D45}\ProgID

DisplayName=cryptext.dll

BlockIfFail=Yes

1=regsvr32 /s cryptext.dll

[shield.dssenhDll.500]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base DSS Cryptographic Provider

BlockIfFail=Yes

DisplayName=dssbase.dll

1=regsvr32 /s dssbase.dll

[shield.dssenhDll.501]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base DSS Cryptographic Provider

BlockIfFail=Yes

DisplayName=dssenh.dll

1=regsvr32 /s dssenh.dll

[shield.dssenhDll.501_64]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base DSS Cryptographic Provider

BlockIfFail=Yes

DisplayName=dssenh.dll

1=regsvr32 /s dssenh.dll

[shield.dssenhDll.600]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base DSS Cryptographic Provider

BlockIfFail=Yes

DisplayName=dssenh.dll

1=regsvr32 /s dssenh.dll

[shield.dssenhDll.600_64]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base DSS Cryptographic Provider

BlockIfFail=Yes

DisplayName=dssenh.dll

1=regsvr32 /s dssenh.dll

[shield.Wow64dssenhDll.501_64]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Base DSS Cryptographic Provider

BlockIfFail=Yes

DisplayName=dssenh.dll

1=%SYSWOW64%regsvr32 /s dssenh.dll

[shield.Wow64dssenhDll.600_64]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Base DSS Cryptographic Provider

BlockIfFail=Yes

DisplayName=dssenh.dll

1=%SYSWOW64%regsvr32 /s dssenh.dll

[shield.rsaenhDll.500]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Cryptographic Provider v1.0

BlockIfFail=Yes

DisplayName=rsabase.dll

1=regsvr32 /s rsabase.dll

[shield.rsaenhDll.501]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Cryptographic Provider v1.0

BlockIfFail=Yes

DisplayName=rsaenh.dll

1=regsvr32 /s rsaenh.dll

[shield.rsaenhDll.501_64]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Cryptographic Provider v1.0

BlockIfFail=Yes

DisplayName=rsaenh.dll

1=regsvr32 /s rsaenh.dll

[shield.rsaenhDll.600]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Cryptographic Provider v1.0

BlockIfFail=Yes

DisplayName=rsaenh.dll

1=regsvr32 /s rsaenh.dll

[shield.rsaenhDll.600_64]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Cryptographic Provider v1.0

BlockIfFail=Yes

DisplayName=rsaenh.dll

1=regsvr32 /s rsaenh.dll

[shield.Wow64rsaenhDll.501_64]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Cryptographic Provider v1.0

BlockIfFail=Yes

DisplayName=rsaenh.dll

1=%SYSWOW64%regsvr32 /s rsaenh.dll

[shield.Wow64rsaenhDll.600_64]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Cryptographic Provider v1.0

BlockIfFail=Yes

DisplayName=rsaenh.dll

1=%SYSWOW64%regsvr32 /s rsaenh.dll

[shield.gpkcspDll.500]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Gemplus GemSAFE Card CSP v1.0

DisplayName=gpkcsp.dll

BlockIfFail=Yes

1=regsvr32 /s gpkcsp.dll

[shield.gpkcspDll.501]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Gemplus GemSAFE Card CSP v1.0

DisplayName=gpkcsp.dll

BlockIfFail=Yes

1=regsvr32 /s gpkcsp.dll

[shield.gpkcspDll.501_64]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Gemplus GemSAFE Card CSP v1.0

DisplayName=gpkcsp.dll

BlockIfFail=Yes

1=regsvr32 /s gpkcsp.dll

[shield.Wow64gpkcspDll.501_64]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\Gemplus GemSAFE Card CSP v1.0

DisplayName=gpkcsp.dll

BlockIfFail=Yes

1=%SYSWOW64%regsvr32 /s gpkcsp.dll

[shield.sccbaseDll.501]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Infineon SICRYPT Base Smart Card CSP

DisplayName=sccbase.dll

BlockIfFail=Yes

1=regsvr32 /s sccbase.dll

[shield.sccbaseDll.501_64]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Infineon SICRYPT Base Smart Card CSP

DisplayName=sccbase.dll

BlockIfFail=Yes

1=regsvr32 /s sccbase.dll

[shield.Wow64sccbaseDll.501_64]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\Infineon SICRYPT Base Smart Card CSP

DisplayName=sccbase.dll

BlockIfFail=Yes

1=%SYSWOW64%regsvr32 /s sccbase.dll

[shield.slbcspDll.500]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Schlumberger Cryptographic Service Provider

DisplayName=slbcsp.dll

BlockIfFail=Yes

1=regsvr32 /s slbcsp.dll

[shield.slbcspDll.501]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Schlumberger Cryptographic Service Provider

DisplayName=slbcsp.dll

BlockIfFail=Yes

1=regsvr32 /s slbcsp.dll

[shield.slbcspDll.501_64]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Schlumberger Cryptographic Service Provider

DisplayName=slbcsp.dll

BlockIfFail=Yes

1=regsvr32 /s slbcsp.dll

[shield.Wow64slbcspDll.501_64]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\Schlumberger Cryptographic Service Provider

DisplayName=slbcsp.dll

BlockIfFail=Yes

1=%SYSWOW64%regsvr32 /s slbcsp.dll

[shield.cryptdlgDll.500]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.1.1

DisplayName=cryptdlg.dll

BlockIfFail=Yes

1=regsvr32 /s cryptdlg.dll

[shield.cryptdlgDll.501]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.1.1

DisplayName=cryptdlg.dll

BlockIfFail=Yes

1=regsvr32 /s cryptdlg.dll

[shield.cryptdlgDll.501_64]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.1.1

DisplayName=cryptdlg.dll

BlockIfFail=Yes

1=regsvr32 /s cryptdlg.dll

[shield.cryptdlgDll.600]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.1.1

DisplayName=cryptdlg.dll

BlockIfFail=Yes

1=regsvr32 /s cryptdlg.dll

[shield.cryptdlgDll.600_64]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.1.1

DisplayName=cryptdlg.dll

BlockIfFail=Yes

1=regsvr32 /s cryptdlg.dll

[shield.Wow64cryptdlgDll.501_64]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.1.1

DisplayName=cryptdlg.dll

BlockIfFail=Yes

1=%SYSWOW64%regsvr32 /s cryptdlg.dll

[shield.Wow64cryptdlgDll.600_64]

Manufacturer=Microsoft

IssueType=RegKey

Action=Autofix

Condition=~Exist

Key=HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.1.1

DisplayName=cryptdlg.dll

BlockIfFail=Yes

1=%SYSWOW64%regsvr32 /s cryptdlg.dll

[shield.SLPService]

1=hpslpsvc

[shield.hpslpsvc]

IssueType=Service

ServiceName=HPSLPSVC32

Manufacturer=Hewlett-Packard

DisplayName=HP Network Devices Support

BlockIfFail=Yes

[shield.hpslpsvc.501_64]

IssueType=Service

ServiceName=HPSLPSVC64

Manufacturer=Hewlett-Packard

DisplayName=HP Network Devices Support

BlockIfFail=Yes

[shield.hpslpsvc.600_64]

IssueType=Service

ServiceName=HPSLPSVC64

Manufacturer=Hewlett-Packard

DisplayName=HP Network Devices Support

BlockIfFail=Yes

[shield.CloseManagerOfTrayApp]

1=StopCtxManService

2=StopDDService

[shield.StopCtxManService]

IssueType=Service

ServiceName=hpqcxs08

Manufacturer=HP

Action=AutoFix

Condition=Running

DisplayName=HP Context Manager Service

BlockIfFail=Yes

[shield.StopDDService]

IssueType=Service

ServiceName=hpqddsvc

Manufacturer=HP

Action=AutoFix

Condition=Running

DisplayName=HP CUE DeviceDiscovery Service

BlockIfFail=Yes

[shield.Roxio.Text.0x1]

1=

Link to post
Share on other sites

part 4:

1=%windows%regedit.exe -e %logspath%sw_hp.reg HKEY_LOCAL_MACHINE\Software\Hewlett-Packard

2=%windows%regedit.exe -e %logspath%sw_unins.reg HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall

3=%windows%regedit.exe -e %logspath%enum9X.reg HKEY_LOCAL_MACHINE\Enum

4=%windows%regedit.exe -e %logspath%enumNT.reg HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum

5=%windows%regedit.exe -e %logspath%Print.reg HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print

6=%windows%regedit.exe -e %logspath%ClassNT.reg HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class

7=%windows%regedit.exe -e %logspath%Class9X.reg HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Class

[LGC.Launch.501_64]

8=%windows%regedit.exe -e %logspath%sw_hp_wow64.reg HKEY_LOCAL_MACHINE\Software\Wow6432Node\Hewlett-Packard

9=%windows%regedit.exe -e %logspath%sw_unins_wow64.reg HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall

[LGC.Launch.502_64]

8=%windows%regedit.exe -e %logspath%sw_hp_wow64.reg HKEY_LOCAL_MACHINE\Software\Wow6432Node\Hewlett-Packard

9=%windows%regedit.exe -e %logspath%sw_unins_wow64.reg HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall

[LGC.DirCapture]

GetSize=Yes

GetVersion=Yes

GetLastModifiedDate=Yes

Log=%logspath%hp_files.log

1=%windows%INF\*

2=%installdir%

[LGC.Files]

1=%windows%setupapi.log

2=%windows%hp?ins??.dat

3=%logspath%hp*.log

4=%logspath%hp*.txt

5=%windows%temp\hp*.log

6=%logspath%sw_*.reg

7=%logspath%enum*.reg

8=%logspath%msievent.log

9=%logspath%msinfo.nfo

10=%logspath%E.S.C*.log

11=%windows%temp\hp*.txt

12=%system%$winnt$.inf

13=%logspath%print.reg

14=%logspath%class*.reg

15=%logspath%windows_inf_files.log

16=%windows%hp?mdl??.dat

17=%logspath%BoiseNetWiz*.*

18=%WindowsDrive%Temp\BoiseNetWiz*.*

19=%logspath%hp*.htm

20=%logspath%setup*.log

21=%windows%DPInst.log

22=%windows%inf\setupapi.app.log

23=%windows%inf\setupapi.dev.log

24=%windows%temp\ProductContext*.log

25=%usertemp%hp*.log

26=%usertemp%hp*.txt

[LGC.Files.35]

1=hpzinstall.log

[Option]

FullTimeMB=

MinExpressTimeMB=

[CDL.AddADevice]

commandline=-AddADevice

filename=%setupStubName%

PromptFileName=%setupStubName%

LocateFile=autorun.inf

LocateSection=Version

LocateValue=CDGuid

LocateData=%CDGuid%

[CDL.ReconnectADevice]

commandline=-run "%sourcepath%setup\hpzrcn01.exe"

filename=%setupStubName%

PromptFileName=%setupStubName%

LocateFile=autorun.inf

LocateSection=Version

LocateValue=CDGuid

LocateData=%CDGuid%

[CDL.ConfigureUSBDevice]

commandline=-AddADevice -usbSetup

filename=%setupStubName%

PromptFileName=%setupStubName%

LocateFile=autorun.inf

LocateSection=Version

LocateValue=CDGuid

LocateData=%CDGuid%

[DPInstRun]

qualifier=%OS%

1=hpzwrp01.exe -m DPInst

[DPInstRun.501_64]

1=hpzwrp01.exe -m DPInst64

[DPInstRun.600_64]

1=hpzwrp01.exe -m DPInst64

[DPInst]

open=setup\DPInst_x32\DPInst /D /SW /SA /A /PATH ..\..\

SkipOnReinstall=SW

ErrorBits=0xFFFF0000

RequiresRebootBits=0x40000000

ReturnError=1603

ReturnExitCode=yes

[DPInst64]

open=setup\DPInst_x64\DPInst /D /SW /SA /A /PATH ..\..\

SkipOnReinstall=SW

ErrorBits=0xFFFF0000

RequiresRebootBits=0x40000000

ReturnError=1603

ReturnExitCode=yes

[DPInstRunXML]

qualifier=%OS%

[DPInstRunXML.500]

1=hpzwrp01.exe -m DPInstXML

[DPInstRunXML.501]

1=hpzwrp01.exe -m DPInstXML

[DPInstRunXML.600]

1=hpzwrp01.exe -m DPInstXML_VISTA

[DPInstRunXML.501_64]

1=hpzwrp01.exe -m DPInst64XML

[DPInstRunXML.600_64]

1=hpzwrp01.exe -m DPInst64XML_VISTA

[DPInstXML]

open=setup\DPInst_x32\DPInst /D /SW /SA /A

SkipOnReinstall=SW

ErrorBits=0xFFFF0000

RequiresRebootBits=0x40000000

ReturnError=1603

ReturnExitCode=yes

[DPInstXML_VISTA]

open=setup\DPInst_x32_VISTA\DPInst /D /SW /SA /A

SkipOnReinstall=SW

ErrorBits=0xFFFF0000

RequiresRebootBits=0x40000000

ReturnError=1603

ReturnExitCode=yes

[DPInst64XML]

open=setup\DPInst_x64\DPInst /D /SW /SA /A

SkipOnReinstall=SW

ErrorBits=0xFFFF0000

RequiresRebootBits=0x40000000

ReturnError=1603

ReturnExitCode=yes

[DPInst64XML_VISTA]

open=setup\DPInst_x64_VISTA\DPInst /D /SW /SA /A

SkipOnReinstall=SW

ErrorBits=0xFFFF0000

RequiresRebootBits=0x40000000

ReturnError=1603

ReturnExitCode=yes

[Network]

launchbase=%sourcepath%setup\

networkinstall=hpznui01.exe

[Network.Flintstone]

faq=NetworkTutorial\enu\TutorFAQhome.htm

ssid=NetworkTutorial\enu\FAQ_withanchors.htm#FAQ1

key=NetworkTutorial\enu\FAQ_withanchors.htm#FAQ7

Wired=Yes

Wireless=Yes

usbSetup=Yes

TypicalWirelessSetup=usbSetup

OtherWirelessOptions=No

EthernetSetup=Yes

SmartKey=Yes

SES=Yes

FrontPanel=Yes

SacabodLocation=NetworkX86

[Network.Flintstone.0x1]

faq=NetworkTutorial\ara\TutorFAQhome.htm

ssid=NetworkTutorial\ara\FAQ_withanchors.htm#FAQ1

key=NetworkTutorial\ara\FAQ_withanchors.htm#FAQ7

[Network.Flintstone.0x804]

faq=NetworkTutorial\chs\TutorFAQhome.htm

ssid=NetworkTutorial\chs\FAQ_withanchors.htm#FAQ1

key=NetworkTutorial\chs\FAQ_withanchors.htm#FAQ7

[Network.Flintstone.0x404]

faq=NetworkTutorial\cht\TutorFAQhome.htm

ssid=NetworkTutorial\cht\FAQ_withanchors.htm#FAQ1

key=NetworkTutorial\cht\FAQ_withanchors.htm#FAQ7

[Network.Flintstone.0x5]

faq=NetworkTutorial\csy\TutorFAQhome.htm

ssid=NetworkTutorial\csy\FAQ_withanchors.htm#FAQ1

key=NetworkTutorial\csy\FAQ_withanchors.htm#FAQ7

[Network.Flintstone.0x6]

faq=NetworkTutorial\dan\TutorFAQhome.htm

ssid=NetworkTutorial\dan\FAQ_withanchors.htm#FAQ1

key=NetworkTutorial\dan\FAQ_withanchors.htm#FAQ7

[Network.Flintstone.0x7]

faq=NetworkTutorial\deu\TutorFAQhome.htm

ssid=NetworkTutorial\deu\FAQ_withanchors.htm#FAQ1

key=NetworkTutorial\deu\FAQ_withanchors.htm#FAQ7

[Network.Flintstone.0x8]

faq=NetworkTutorial\ell\TutorFAQhome.htm

ssid=NetworkTutorial\ell\FAQ_withanchors.htm#FAQ1

key=NetworkTutorial\ell\FAQ_withanchors.htm#FAQ7

[Network.Flintstone.0x9]

faq=NetworkTutorial\enu\TutorFAQhome.htm

ssid=NetworkTutorial\enu\FAQ_withanchors.htm#FAQ1

key=NetworkTutorial\enu\FAQ_withanchors.htm#FAQ7

[Network.Flintstone.0xa]

faq=NetworkTutorial\esn\TutorFAQhome.htm

ssid=NetworkTutorial\esn\FAQ_withanchors.htm#FAQ1

key=NetworkTutorial\esn\FAQ_withanchors.htm#FAQ7

[Network.Flintstone.0xb]

faq=NetworkTutorial\fin\TutorFAQhome.htm

ssid=NetworkTutorial\fin\FAQ_withanchors.htm#FAQ1

key=NetworkTutorial\fin\FAQ_withanchors.htm#FAQ7

[Network.Flintstone.0xc]

faq=NetworkTutorial\fra\TutorFAQhome.htm

ssid=NetworkTutorial\fra\FAQ_withanchors.htm#FAQ1

key=NetworkTutorial\fra\FAQ_withanchors.htm#FAQ7

[Network.Flintstone.0xd]

faq=NetworkTutorial\heb\TutorFAQhome.htm

ssid=NetworkTutorial\heb\FAQ_withanchors.htm#FAQ1

key=NetworkTutorial\heb\FAQ_withanchors.htm#FAQ7

[Network.Flintstone.0xe]

faq=NetworkTutorial\hun\TutorFAQhome.htm

ssid=NetworkTutorial\hun\FAQ_withanchors.htm#FAQ1

key=NetworkTutorial\hun\FAQ_withanchors.htm#FAQ7

[Network.Flintstone.0x10]

faq=NetworkTutorial\ita\TutorFAQhome.htm

ssid=NetworkTutorial\ita\FAQ_withanchors.htm#FAQ1

key=NetworkTutorial\ita\FAQ_withanchors.htm#FAQ7

[Network.Flintstone.0x11]

faq=NetworkTutorial\jpn\TutorFAQhome.htm

ssid=NetworkTutorial\jpn\FAQ_withanchors.htm#FAQ1

key=NetworkTutorial\jpn\FAQ_withanchors.htm#FAQ7

[Network.Flintstone.0x12]

faq=NetworkTutorial\kor\TutorFAQhome.htm

ssid=NetworkTutorial\kor\FAQ_withanchors.htm#FAQ1

key=NetworkTutorial\kor\FAQ_withanchors.htm#FAQ7

[Network.Flintstone.0x13]

faq=NetworkTutorial\nld\TutorFAQhome.htm

ssid=NetworkTutorial\nld\FAQ_withanchors.htm#FAQ1

key=NetworkTutorial\nld\FAQ_withanchors.htm#FAQ7

[Network.Flintstone.0x14]

faq=NetworkTutorial\nob\TutorFAQhome.htm

ssid=NetworkTutorial\nob\FAQ_withanchors.htm#FAQ1

key=NetworkTutorial\nob\FAQ_withanchors.htm#FAQ7

[Network.Flintstone.0x15]

faq=NetworkTutorial\plk\TutorFAQhome.htm

ssid=NetworkTutorial\plk\FAQ_withanchors.htm#FAQ1

key=NetworkTutorial\plk\FAQ_withanchors.htm#FAQ7

[Network.Flintstone.0x16]

faq=NetworkTutorial\ptb\TutorFAQhome.htm

ssid=NetworkTutorial\ptb\FAQ_withanchors.htm#FAQ1

key=NetworkTutorial\ptb\FAQ_withanchors.htm#FAQ7

[Network.Flintstone.0x19]

faq=NetworkTutorial\rus\TutorFAQhome.htm

ssid=NetworkTutorial\rus\FAQ_withanchors.htm#FAQ1

key=NetworkTutorial\rus\FAQ_withanchors.htm#FAQ7

[Network.Flintstone.0x1d]

faq=NetworkTutorial\sve\TutorFAQhome.htm

ssid=NetworkTutorial\sve\FAQ_withanchors.htm#FAQ1

key=NetworkTutorial\sve\FAQ_withanchors.htm#FAQ7

[Network.Flintstone.0x1f]

faq=NetworkTutorial\trk\TutorFAQhome.htm

ssid=NetworkTutorial\trk\FAQ_withanchors.htm#FAQ1

key=NetworkTutorial\trk\FAQ_withanchors.htm#FAQ7

[MSI.DocProc]

Filename=%sourcepath%setup\DocProc\DocProc.msi

RefCount=Yes

UI=No

IgnoreNewerVersion=No

SkipIfSilent=No

Logfilename=%Temp%%DIVISION%MSI_DocProc.log

Type=Bucket

Optional=No

UpgradeCode={00F3791B-7A9F-41E9-92AC-9FE6EA96C48C}

[MSI.Copy]

Filename=%sourcepath%setup\Copy\Copy.msi

RefCount=Yes

UI=No

IgnoreNewerVersion=No

SkipIfSilent=No

Logfilename=%Temp%%DIVISION%MSI_Copy.log

Type=Bucket

Optional=No

UpgradeCode={52A20BF3-71EE-4ca0-ABC5-2F2E0B71F013}

[MSI.TrayApp]

Filename=%sourcepath%setup\TrayApp\TrayApp.msi

RefCount=Yes

UI=No

IgnoreNewerVersion=No

SkipIfSilent=No

Logfilename=%Temp%%DIVISION%MSI_TrayApp.log

Type=Bucket

Optional=No

UpgradeCode={348082C7-A032-4e1d-9B2A-41514C010335}

[MSI.WebReg]

Filename=%sourcepath%setup\WebReg\WebReg.msi

RefCount=Yes

UI=No

IgnoreNewerVersion=No

SkipIfSilent=No

Logfilename=%Temp%%DIVISION%MSI_WebReg.log

Type=Product

Optional=No

UpgradeCode={4A0C2FF7-F844-4a11-8546-613C19AD5A0C}

[MSI.Destinations]

Filename=%sourcepath%setup\Destinations\Destinations.msi

Refcount=Yes

UI=No

IgnoreNewerVersion=No

SkipIfSilent=No

Logfilename=%Temp%%DIVISION%MSI_Destinations.log

Type=Bucket

Optional=No

UpgradeCode={9716D554-3FBD-4DFD-8AE0-424EFD722D74}

[MSI.PanoStandAlone]

Filename=%sourcepath%setup\PanoStandAlone\PanoStandAlone.msi

RefCount=Yes

UI=No

IgnoreNewerVersion=No

SkipIfSilent=No

Logfilename=%Temp%%DIVISION%MSI_PanoStandAlone.log

Type=Bucket

Optional=No

UpgradeCode={E05AAAB8-A631-4790-8B28-4889FD3CD0BD}

[MSI.Scan]

Filename=%sourcepath%setup\Scan\Scan.msi

RefCount=Yes

UI=No

IgnoreNewerVersion=No

SkipIfSilent=No

Logfilename=%Temp%%DIVISION%MSI_Scan.log

Type=Product

Optional=No

UpgradeCode={105D9372-3CED-4E84-B864-3AFB2245164A}

[MSI.HPSoftwareUpdate]

Filename=%sourcepath%setup\HPUpdate\HP Update.msi

Refcount=No

UI=No

IgnoreNewerVersion=No

SkipIfSilent=No

Logfilename=%Temp%%DIVISION%MSI_HPUpdate.log

TRANSFORMS=HPUpdate\%langid%.mst

CommandLine=DONTLAUNCHSCHD=TRUE

Type=ThirdParty

Optional=No

UpgradeCode={7BB3DC99-71DA-4FCB-B0ED-ACA161DBCA4B}

[MSI.Mars]

Filename=%sourcepath%setup\MarketResearch\MarketResearch.msi

Refcount=Yes

UI=No

IgnoreNewerVersion=No

SkipIfSilent=No

Logfilename=%Temp%%DIVISION%MSI_Mars.log

Type=Product

Optional=No

UpgradeCode={10E65ED7-1CE3-4422-896B-FA5055ABEB5E}

[MSI.Fax]

Filename=%sourcepath%setup\fax\fax.msi

Refcount=Yes

UI=No

IgnoreNewerVersion=No

SkipIfSilent=No

Logfilename=%Temp%%DIVISION%fax.log

Type=Product

Optional=No

UpgradeCode={56EB7E15-6A60-40f6-AB41-7A494D9993F0}

SkipOnReinstall=SW

[MSI.BufferChm]

Filename=%sourcepath%setup\BufferChm\BufferChm.msi

RefCount=Yes

UI=No

IgnoreNewerVersion=No

SkipIfSilent=No

Logfilename=%Temp%%DIVISION%MSI_BufferChm.log

Type=Both

Optional=No

UpgradeCode={68FCE472-CCC6-4113-A478-3D29FC934EA0}

[MSI.ScannerCopy]

Filename=%sourcepath%setup\ScannerCopy\ScannerCopy.msi

RefCount=Yes

UI=No

IgnoreNewerVersion=No

SkipIfSilent=No

Logfilename=%Temp%%DIVISION%MSI_ScannerCopy.log

Type=Bucket

Optional=No

UpgradeCode={37C5AA16-1EFA-4D0C-B703-4573CC509A79}

[MSI.SolutionCenter]

Filename=%sourcepath%setup\SolutionCenter\SolutionCenter.msi

RefCount=Yes

UI=No

IgnoreNewerVersion=No

SkipIfSilent=No

Logfilename=%Temp%%DIVISION%MSI_SolutionCenter.log

Type=Bucket

Optional=No

UpgradeCode={65B97CFB-5CFB-4764-BADC-0B3A756E761C}

[MSI.Status]

Filename=%sourcepath%setup\Status\Status.msi

RefCount=Yes

UI=No

IgnoreNewerVersion=No

SkipIfSilent=No

Logfilename=%Temp%%DIVISION%MSI_Status.log

Type=Bucket

Optional=No

UpgradeCode={3E1BD9D1-80F1-4965-824D-05587BD19FD5}

[MSI.hpproductassistant]

Filename=%sourcepath%setup\hpproductassistant\hpproductassistant.msi

RefCount=Yes

UI=No

IgnoreNewerVersion=No

SkipIfSilent=No

Logfilename=%Temp%%DIVISION%MSI_hpproductassistant.log

Type=Bucket

Optional=No

UpgradeCode={29288FBB-DA46-4AC2-84B9-7A8367FE60DF}

[MSI.Toolbox]

Filename=%sourcepath%setup\Toolbox\Toolbox.msi

RefCount=Yes

UI=No

IgnoreNewerVersion=No

SkipIfSilent=No

Logfilename=%Temp%%DIVISION%MSI_Toolbox.log

Type=Product

Optional=No

UpgradeCode={A8EDADCD-BC6F-48d7-A9F0-CCED80208050}

[MSI.InstantShareDevicesMFC]

Filename=%sourcepath%setup\InstantShareDevicesMFC\InstantShareDevicesMFC.msi

RefCount=Yes

UI=No

IgnoreNewerVersion=No

SkipIfSilent=No

Logfilename=%Temp%%DIVISION%MSI_InstantShareDevicesMFC.log

Type=Bucket

Optional=No

UpgradeCode={64E9255B-51F8-44e7-B373-543FCBBEFBA0}

[MSI.DeviceDiscovery]

Filename=%sourcepath%setup\DeviceDiscovery\DeviceDiscovery.msi

Refcount=Yes

UI=No

IgnoreNewerVersion=No

SkipIfSilent=No

Logfilename=%Temp%%DIVISION%MSI_DeviceDiscovery.log

Type=Product

Optional=Yes

UpgradeCode={2470F2E0-13B4-4318-BA74-5253FFC55DC0}

[MSI.WebPrint]

Filename=%sourcepath%setup\WebPrinting\SmartWebPrinting.msi

RefCount=No

UI=No

IgnoreNewerVersion=No

SkipIfSilent=No

Logfilename=%Temp%%DIVISION%WebPrint.log

Type=ThirdParty

Optional=No

INSTALLDIR=%InstallDirx86%Smart Web Printing

TRANSFORMS=webprinting\%langid%.mst

UpgradeCode={2D1F2124-29E6-460A-B140-E9DF3BC594CE}

[MSI.DTSS]

Filename=%sourcepath%setup\DTSS\HPSSupply.msi

RefCount=No

UI=No

IgnoreNewerVersion=No

SkipIfSilent=No

Logfilename=%Temp%%DIVISION%DTSS.log

TRANSFORMS=DTSS\%langid%.mst

Type=ThirdParty

Optional=No

UpgradeCode={FE9B929E-3BAF-40B1-BFFC-3A078ABAA0C8}

[MSI.UnloadSupport]

Filename=%sourcepath%setup\UnloadSupport\UnloadSupport.msi

RefCount=Yes

UI=No

IgnoreNewerVersion=No

SkipIfSilent=No

Logfilename=%Temp%%DIVISION%UnloadSupport.log

Type=Product

Optional=Yes

UpgradeCode={6B55632E-7730-4CE5-88CA-B9EA4FF9ECF0}

[MSI.BufferChm.0x1]

LANG=1033

[MSI.BufferChm.0xd]

LANG=1033

[MSI.Copy.0x1]

LANG=1033

[MSI.Copy.0xd]

LANG=1033

[MSI.Destinations.0x1]

LANG=1033

[MSI.Destinations.0xd]

LANG=1033

[MSI.DocProc.0x1]

LANG=1033

[MSI.DocProc.0xd]

LANG=1033

[MSI.Fax.0x1]

LANG=1033

[MSI.Fax.0xd]

LANG=1033

[MSI.HPSoftwareUpdate.0x1]

LANG=1033

[MSI.HPSoftwareUpdate.0xd]

LANG=1033

[MSI.Mars.0x1]

LANG=1033

[MSI.Mars.0xd]

LANG=1033

[MSI.PanoStandAlone.0x1]

LANG=1033

[MSI.PanoStandAlone.0xd]

LANG=1033

[MSI.Scan.0x1]

LANG=1033

[MSI.Scan.0xd]

LANG=1033

[MSI.ScannerCopy.0x1]

LANG=1033

[MSI.ScannerCopy.0xd]

LANG=1033

[MSI.SolutionCenter.0x1]

LANG=1033

[MSI.SolutionCenter.0xd]

LANG=1033

[MSI.TrayApp.0x1]

LANG=1033

[MSI.TrayApp.0xd]

LANG=1033

[MSI.Unload.0x1]

LANG=1033

[MSI.Unload.0xd]

LANG=1033

[MSI.WebReg.0x1]

LANG=1033

[MSI.WebReg.0xd]

LANG=1033

[MSI.hpproductassistant.0x1]

LANG=1033

[MSI.hpproductassistant.0xd]

LANG=1033

[MSI.InstantShareDevicesMFC.0x1]

LANG=1033

[MSI.InstantShareDevicesMFC.0xd]

LANG=1033

[Run.BucketRun1]

launchbase=%sourcepath%setup\

1=hpzpnp01.exe

2=hpzrein01.exe

3=hpzwup01.exe

4=hpzshl01.exe -m ICEPreShield,HPSecurity,WebPrintShield

[Run.BucketRun2]

launchbase=%sourcepath%setup\

1=hpzopt01.exe -forcetypical

2=hpzsui01.exe

3=[Run.SetRecovery]

4=hpzwis01.exe

5=%sourcepath%util\ccc\fixerr1714.exe

[DeviceManagement]

Modifiable=Yes

DisplayName=%DeviceManagementDisplayName%

BucketGuid=%DeviceManagementGUID%

oslist=501,501_64,502,600,600_64

minie=5.00.2919.6306

recie=5.00.2919.6306

minram=112

recram=112

MinDisk=65

RecDisk=65

launchbase=%sourcepath%setup\

1=hpzmsi01.exe -list DeviceManagement

2=hpzmsi01.exe -commit

3=hpzprl01.exe -m DeviceManagement

4=hpzarp01.exe -add DeviceManagement

5=..\%SetupName% -CommitGuid %BucketGuid%

[MSI.DeviceManagement]

1=DeviceManagementQfolder

2=Destinations

3=TrayApp

4=Status

5=Bufferchm

6=ScannerCopy

7=PanoStandAlone

8=InstantShareDevicesMFC

9=Copy

10=DeviceDiscovery

RefCountKey=HP Imaging Device Functions

[MSI.DeviceManagementQFolder]

Filename=%sourcepath%setup\QFolder\DeviceManagementQFolder.MSI

Refcount=No

UI=No

IgnoreNewerVersion=Yes

SkipIfSilent=No

Logfilename=%Temp%%DIVISION%MSI_DeviceManagementQFolder.log

[ARP.DeviceManagement]

SWBucket=Yes

UninstallString=%InstallDirX86%Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat

UninstallKey=HP Imaging Device Functions

UpdateInfoURL=http://www.hp.com

HelpLinkURL=http://www.hp.com/support

DisplayVersion=%CUEVersion%

DisplayName=HP Imaging Device Functions %CUEVersion%

DisplayIcon=%InstallDirX86%Digital Imaging\DeviceManagement\hpzscr01.exe,0

[PRL.DeviceManagement]

1=hpqbpl01.dat

[DeviceManagement.0x9]

Description=The basic software that makes your product work and helps you in maintaining it.

[DeviceManagement.0x1]

Description=

Link to post
Share on other sites

part 5:

1=WebPrint

[shield.WebPrint.0x401]

1=hpznop01.exe

[shield.WebPrint.0x40d]

1=hpznop01.exe

[shield.WebPrint.0xd]

1=hpznop01.exe

[shield.WebPrint.0x1]

1=hpznop01.exe

[shield.WebPrint]

qualifier=%Langqualifier%

IssueType=File

Manufacturer=Microsoft

FileName=%programfilesx86%Internet Explorer\iexplore.exe

Condition=Exist

MinVersion=0x6000000000000

MaxVersion=0x7FFFFFFFFFFFF

Action=Autofix

DisplayName=WebPrint IE

BlockIfFail=No

1=hpznop01.exe -m WebPrint -set SkipBucket=No

[DTSS]

Modifiable=NO

DisplayName=%DTSSDisplayName%

BucketRegValue=HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\{FE9B929E-3BAF-40B1-BFFC-3A078ABAA0C8}\\version

BucketRegVersion=2.2.0.0000

minie=5.00.2919.6306

recie=5.00.2919.6306

minram=128

recram=128

MinDisk=2

RecDisk=2

oslist=501,501_64,502,600,600_64

launchbase=%sourcepath%setup\

1=hpzmsi01.exe -list DTSSList

2=hpzmsi01.exe -commit

[MSI.DTSSList]

1=DTSS

[DTSS.0x9]

Description=Provides direct, online access to purchase HP supplies.

[DTSS.0x1]

Description=

Link to post
Share on other sites

last one - part 8:

1=Btn13

2=Btn1

3=Btn2

4=Btn4

5=Btn6

6=Btn7

7=Btn9

8=Btn12

9=Btn14

10=Btn15

[LaunchPad.Relaunch.Btn1.SubMenu.Btn1]

TextID=2000

ToolTipID=2001

PadVisibilityType=If reg value is absent

DisplayRegKey=HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Installed Products\%CustomerExperienceGUID%

TargetType=Exe

TargetPath=.\%setupStubName%

TargetParameter=-f .\hpqbid06.dat

OnePress=Disable while app runs

PadCloseType=Do not close

PadEmphasisType=None

PadOS=501,501_64,600,600_64

[LaunchPad.Relaunch.Btn1.SubMenu.Btn2]

TextID=2075

ToolTipID=2076

PadVisibilityType=If reg value is absent

DisplayRegKey=HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Installed Products\{3D47716D-05A9-4538-982E-5D83873A16FD}

TargetType=Exe

TargetPath=.\%setupStubName%

TargetParameter=-f .\ps_aio_02_bid01.dat

OnePress=Disable while app runs

PadCloseType=Do not close

PadEmphasisType=None

PadOS=501,501_64,600,600_64

[LaunchPad.Relaunch.Btn1.SubMenu.Btn4]

TextID=2063

ToolTipID=2003

PadVisibilityType=If reg value is absent

DisplayRegKey=HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Installed Products\%eSupportGUID%

TargetType=Exe

TargetPath=.\%setupStubName%

TargetParameter=-f .\hpqbid05.dat

OnePress=Disable while app runs

PadCloseType=Do not close

PadEmphasisType=None

PadOS=501,501_64,600,600_64

[LaunchPad.Relaunch.Btn1.SubMenu.Btn5]

TextID=2006

ToolTipID=2007

PadVisibilityType=If reg value is absent

DisplayRegKey=HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Installed Products\%PhotosmartEssentialGUID%

TargetType=Exe

TargetPath=.\%setupStubName%

TargetParameter=-f .\hpqbid13.dat

OnePress=Disable while app runs

PadCloseType=Do not close

PadEmphasisType=None

PadOS=501,501_64,600,600_64

[LaunchPad.Relaunch.Btn1.SubMenu.Btn6]

TextID=2025

ToolTipID=2013

PadVisibilityType=If reg key is absent

DisplayRegKey=HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\%WebPrintGUID%

TargetType=Exe

TargetPath=msiexec.exe

TargetParameter=/i "setup\webprinting\SmartWebPrinting.msi" TRANSFORMS="setup\webprinting\%langid%.mst"

OnePress=Disable while app runs

PadCloseType=Do not close

PadEmphasisType=None

PadOS=501,501_64,600,600_64

[LaunchPad.Relaunch.Btn1.SubMenu.Btn7]

TextID=2004

ToolTipID=2005

PadVisibilityType=If reg value is absent

DisplayRegKey=HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\%DTSSUpgradeCode%\\version

TargetType=Exe

TargetPath=.\setup\hpzmsi01.exe

TargetParameter=-m DTSS -commit

OnePress=Disable while app runs

PadCloseType=Do not close

PadEmphasisType=None

PadOS=501,600,501_64,600_64

[LaunchPad.Relaunch.Btn1.SubMenu.Btn9]

TextID=2008

ToolTipID=2009

PadVisibilityType=If reg key is absent

DisplayRegKey=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\%SoftwareUpdateUninstallKey%

TargetType=Exe

TargetPath=.\setup\hpzmsi01.exe

TargetParameter=-m HPSoftwareUpdate -commit

OnePress=Disable while app runs

PadCloseType=Do not close

PadEmphasisType=None

PadOS=501,600

[LaunchPad.Relaunch.Btn1.SubMenu.Btn12]

TextID=2008

ToolTipID=2009

PadVisibilityType=If reg key is absent

DisplayRegKey=HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\%SoftwareUpdateUninstallKey%

TargetType=Exe

TargetPath=.\setup\hpzmsi01.exe

TargetParameter=-m HPSoftwareUpdate -commit

OnePress=Disable while app runs

PadCloseType=Do not close

PadEmphasisType=None

PadOS=501_64,600_64

[LaunchPad.Relaunch.Btn1.SubMenu.Btn13]

TextID=1018

ToolTipID=1019

PadVisibilityType=Always

DisplayRegKey=

TargetType=Exe

TargetPath=.\%setupStubName%

TargetParameter=

OnePress=Disable while app runs

PadCloseType=Do not close

PadEmphasisType=None

PadOS=501,501_64,600,600_64

[LaunchPad.Relaunch.Btn1.SubMenu.Btn14]

TextID=2083

ToolTipID=2084

PadVisibilityType=If reg value is absent

DisplayRegKey=HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Installed Products\%OCRGUID%

TargetType=Exe

TargetPath=.\%setupStubName%

TargetParameter=-f .\hpqbid11.dat

OnePress=Disable while app runs

PadCloseType=Do not close

PadEmphasisType=None

PadOS=501,501_64,600,600_64

[LaunchPad.Relaunch.Btn1.SubMenu.Btn15]

TextID=2006

ToolTipID=2007

PadVisibilityType=If reg value is absent

DisplayRegKey=HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Installed Products\%PhotosmartEssentialBASEGUID%

TargetType=Exe

TargetPath=.\%setupStubName%

TargetParameter=-f .\hpqbid13a.dat

OnePress=Disable while app runs

PadCloseType=Do not close

PadEmphasisType=None

PadOS=501,501_64,600,600_64

[LaunchPad.Relaunch.Btn1.SubMenu.Btn16]

TextID=2006

ToolTipID=2007

PadVisibilityType=If reg value is absent

DisplayRegKey=HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Installed Products\%PhotosmartEssentialTATTOOGUID%

TargetType=Exe

TargetPath=.\%setupStubName%

TargetParameter=-f .\hpqbid13b.dat

OnePress=Disable while app runs

PadCloseType=Do not close

PadEmphasisType=None

PadOS=501,501_64,600,600_64

[LaunchPad.Relaunch.Btn1.SubMenu.Btn17]

TextID=2006

ToolTipID=2007

PadVisibilityType=If reg value is absent

DisplayRegKey=HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Installed Products\%PhotosmartEssentialNOPODGUID%

TargetType=Exe

TargetPath=.\%setupStubName%

TargetParameter=-f .\hpqbid13c.dat

OnePress=Disable while app runs

PadCloseType=Do not close

PadEmphasisType=None

PadOS=501,501_64,600,600_64

[LaunchPad.Relaunch.Btn2]

TextID=1016

ToolTipID=1017

PadVisibilityType=If reg value exists

DisplayRegKey=HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Installed Products\%CDGuid%

TargetType=Exe

TargetPath=.\setup\hpzscr01.exe

TargetParameter=-datfile hposcr21.dat -onestop

OnePress=Disable while app runs

PadCloseType=When target is ready to use

PadEmphasisType=None

PadOS=500,501,501_64,600,600_64

[LaunchPad.Relaunch.Btn3]

TextID=1006

ToolTipID=1009

PadVisibilityType=Always

TargetType=document

TargetPath=.\setup\ps_aio_02_readme\%lang%\Readme.html

OnePress=Disable while app runs

PadCloseType=Do not close

PadEmphasisType=None

PadOS=500,501,501_64,600,600_64

[LaunchPad.Relaunch.Btn4]

TextID=1014

ToolTipID=1015

PadVisibilityType=If reg value exists

DisplayRegKey=HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Installed Products\%CDGUID%

TargetType=Exe

TargetPath=.\%setupStubName%

TargetParameter=-AddADevice

OnePress=Disable while app runs

PadCloseType=Do not close

PadEmphasisType=None

PadOS=500,501,501_64,600,600_64

[LaunchPad.Relaunch.Btn5]

TextID=1048

ToolTipID=1049

PadVisibilityType=Always

TargetType=RemoteURL

TargetPath=http://redirect.hp.com/svs/rdr?TYPE=4&s=cip&tp=install&pf=%bounty_id%&locale=%OSLangPlusCountryCode%&bd=all&c=74

OnePress=Disable while app runs

PadCloseType=Do not close

PadEmphasisType=None

PadOS=500,501,501_64,600,600_64

[RestingPad.Global]

LogoPath=.\images\hplogo.bmp

DefaultApplicationPath=%setupStubName%

HFInstallCheckPluginPath=.\setup\hpzpnp01.exe

Support9X=No

1=Main

[RestingPad.Main]

TitleID=1032

SubTitleID=1033

BackgroundImagePath=.\images\ColoredHousesHarbor2.bmp

PadCloseType=Do not close

PadMenuVisibilityType=Always

1=Btn1

2=Btn2

3=Btn3

[RestingPad.Main.Btn1]

TextID=1036

ToolTipID=1037

PadVisibilityType=If reg value exists

DisplayRegKey=HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Installed Products\%eSupportGUID%

TargetType=Exe

TargetPath=..\bin\hpqdirec.exe

TargetParameter=/ctxid "%ContextID%"

OnePress=Disable while app runs

PadCloseType=When target is known to exist (not recommended)

PadEmphasisType=None

PadOS=501,501_64,600,600_64

[RestingPad.Main.Btn2]

TextID=1038

ToolTipID=1039

PadVisibilityType=Always

DisplayRegKey=HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\%CDGUID%\OldDevices

TargetType=Exe

TargetPath=..\bin\hpqpprop.exe

TargetParameter=-CtxId "%ContextID%" -Tbx tbx -silent -run "ServicesPage" -cmd "TestPage"

OnePress=Disable while app runs

PadCloseType=Do not close

PadEmphasisType=None

PadOS=410,490,500,501,501_64,600,600_64

[RestingPad.Main.Btn3]

TextID=1048

ToolTipID=1049

PadVisibilityType=Always

TargetType=RemoteURL

TargetPath=http://redirect.hp.com/svs/rdr?TYPE=4&s=cip&tp=install&pf=%bounty_id%&locale=%OSLangPlusCountryCode%&bd=all&c=74

OnePress=Disable while app runs

PadCloseType=Do not close

PadEmphasisType=None

PadOS=500,501,501_64,600,600_64

[LaunchPadStrings.0x401]

4010=&

Link to post
Share on other sites

About 2 and a half hours into running Kaspersky, I went to check on its progress to find that my PC had rebooted. Not sure why.

I had to start over and have restarted it again. It'll take a long time since my external hard drive has more files on it than the PC. I am hoping it can run through the night and produce the output files.

Link to post
Share on other sites

Ok - before giving up for the night, I tried to scan each device individually and was successful. I did not do my PC though (that is where it seemed to get hung up - on the PC).

Here is the first log L Thumb drive (looks like there is something on this):

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Monday, August 31, 2009

Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Tuesday, September 01, 2009 04:07:18

Records in database: 2733618

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - Folder:

L:\

Scan statistics:

Objects scanned: 189

Threats found: 1

Infected objects found: 1

Suspicious objects found: 0

Scan duration: 00:00:32

File name / Threat / Threats count

L:\BOOTEX\thumbcache_131.exe Infected: Trojan.Win32.Buzus.btpt 1

Selected area has been scanned.

==================================

Here is the second one - the external hard drive (seems ok?) :

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Monday, August 31, 2009

Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Tuesday, September 01, 2009 04:07:18

Records in database: 2733618

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - Folder:

G:\

Scan statistics:

Objects scanned: 30193

Threats found: 0

Infected objects found: 0

Suspicious objects found: 0

Scan duration: 00:38:04

No threats found. Scanned area is clean.

Selected area has been scanned.

Link to post
Share on other sites

WOW !!

I've never seen a NoRisk log that big before ???

Anyway, it looks like the external HDD is fine, and just one item on the thumb drive.

it just starts a lot slower than it had in the past.

I've noticed that on several machines now, but I've not tracked down the cause yet :(

Plug the Thumb drive in and do the following

Custom CFScript

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    File::
    L:\BOOTEX\thumbcache_131.exe
    ADS::


  • Save this as CFScript.txt and place it on your desktop.
    CFScriptb.gif
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.

ComboFix SHOULD NOT be used unless requested by a forum helper

  1. Click on Start > All Programs > Accessories > System Tools > Disk Cleanup.
  2. Select C drive and click OK.
  3. Put a "Tick" in all the available boxes
  4. Select the More Options tab.
  5. Under System Restore, click on Clean up....
  6. You will be prompted. Click Yes.
  7. When done, click OK.
  8. You will be prompted again. Press Yes to confirm.
  9. When done, Disk Cleanup will close automatically.

Link to post
Share on other sites

Hi - It seems like ComboFix is gone off my desktop and PC ?? I had two versions, 1) the renamed one from one of the earlier posts and 2) the ComboFix one that we used most recently? I don't see either now ???

Seems wierd - I did not delete them.

I acutally need to go. I will log off and be back at 5:15pm EST today.

Link to post
Share on other sites

I just did a search on my C:drive and all it finds are some of the output text files I had renamed (by adding date and time at the end) after previous ComboFix runs and a book mark to this thread that I created and this "ComboFix-quarantined-files.txt" in the Qoobox folder.

Is the fact that it is missing now a concern?? Should I redownload it.

I do have to go. Thanks and I'll be back at 5:15 EST for continuted and totally appreciative assistance.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.