Trend Micro Officescan

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion]
"Application Path"="C:\\Program Files\\Trend Micro\\OfficeScan Client\\"
"Install Completed"=dword:00000001
"EnableClientEventLog"=dword:00000001
"Mode"=dword:00000001
"ProxyPort"=dword:00000000
"UseProxy"=dword:00000000
"ServerPort"=dword:00001f90
"Server"="svrx"
"ProxyServer"=""
"ProxyLogin"=""
"ProxyPwd"="!CRYPT!10378371C283328E8AA4F627A3B"
"VirtualPath"="/officescan/cgi"
"DatabasePath"="\\\\SVRX\\ofcscan\\FileDB"
"GUID"="1abc4e06-4bfe-4442-8288-224bfe1752cf"
"Domain"="Workgroup"
"LocalServerPort"=dword:00003039
"SvcMode"="!CRYPT!104CDD2AE3F9410A50C7C5B4A03"
"SvcUpd"="!CRYPT!106F2753C4B0D1D9C8C7E5B4F0C"
"SvcLog"="!CRYPT!104E26862C81F4BD7577E5B4F0C"
"SvcVisible"="!CRYPT!104E26862C81F4BD7577E5B4F0C"
"SvcCfg"="!CRYPT!104BC9841DA7A34B6927F5B4F0C"
"ChangeSecurity"=dword:00000003
"InstDate"="20060303"
"InstTime"="202326"
"OppFirstTimeReportCheck"=dword:00000000
"IP"="192.168.4.100"
"MAC"="000D3A22A386"
"ClientString"="200603032024270149"
"RefreshAllSetting"=dword:00000000
"ShowSplash"=dword:00000000
"EnableCAV"=dword:00000000
"DomainID"="44a0900e-abe0-47c0-93e9-2362a0bc083c"

[HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Internet Settings]
"Use Anonymous"=dword:00000001
"User name"=""
"Password"=""
"ServerPort"=dword:00001f90
"Server"="svrx"
"UseProxy"=dword:00000001
"ProxyPort"=dword:00000050
"ProxyServer"="officescan-t.activeupdate.trendmicro.com/activeupdate "
"ProxyLogin"=""
"ProxyPwd"="!CRYPT!103F0EE6DFE7A3C433E4F627A3B"

[HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Manual Scan Configuration]
"ScanBoot"=dword:00000001
"ScanCompressed"=dword:00000001
"ScanAllFiles"=dword:00000001
"ExtList"=".ACE,.ARJ,.ASP,.BAT,.BIN,.BOO,.CAB,.CHM,.CLA,.CLASS,.COM,.CSC,.DAT,.DLL,.DOC,.DOT,.DRV,.EML,.EXE,.GZ,.HLP,.HTA,.HTM,.HTML,.HTT,.INI,.JAR,.JS,.JSE,.LNK,.LZH,.MDB,.MPD,.MPP,.MPT,.MSG,.MSO,.NWS,.OCX,.OFT,.OVL,.PDF,.PHP,.PIF,.PL,.POT,.PPS,.PPT,.PRC,.RAR,.REG,.RTF,.SCR,.SHS,.SYS,.TAR,.VBE,.VBS,.VSD,.VSS,.VST,.VXD,.WML,.WSF,.XLA,.XLS,.XLT,.XML,.Z,.ZIP"
"VirusFoundAction"=dword:00000005
"MoveDir"="HTTP://svrx"
"BkUpIfClean"=dword:00000001
"CompressedLayer"=dword:00000002
"CleanFailedAction"=dword:00000003
"CleanFailedMoveDir"="HTTP://svrx"
"Enable"=dword:00000001
"AllowCfg"=dword:00000000
"IntelliScan"=dword:00000001
"ActiveAction"=dword:00000000
"ScanHiddenFolder"=dword:00000001
"ScanSpyware"=dword:00000001
"ScanNetwork"=dword:00000000
"EnableExclusion"=dword:00000001
"CustAction"="Universe-3-2,Joke-2-4,Trojan-2-4,Virus-3-2,Test_Virus-0-0,Spyware-2-4,Packer-2-0,Other-3-2,"
"EnableUniAct"=dword:00000001
"ScanSpeed"=dword:00000000
"ExcludedFile"=""
"ExcludedFolder"=""
"ExcludedExt"=""
"ExcludeTrendProduct"=dword:00000001
"ZipCleanOnOff"=dword:00000000
"OleLayer"=dword:00000003

[HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.]
"IOTBlock"=dword:00000000
"EnableVirusLogThrottle"=dword:00000001
"VLogThrottleCnt"=dword:00000014
"RedundantVirusPeriod"=dword:0000003c
"DirectCheck"=dword:00000000
"EngineMin"="8.00.1001"
"TSC-Ver"="3.98.1012"
"TSCPatternVer"=dword:000002d2
"TSCSpyPatternVer"=dword:000000e0
"EngineZipVer"="8.00.1001"
"ProgramVer"="7.0"
"NoPwdProtect"=dword:00000000
"NoProgramUpgrade"=dword:00000000
"AllowMobile"=dword:00000000
"DiskReserved"=dword:00000014
"InstallCTA"=dword:00000000
"RemoveCTA"=dword:00000000
"AllowStopScheduleScan"=dword:00000000
"AllowUpdateNow"=dword:00000001
"AllowUpdateFromTMAU"=dword:00000001
"Allow Uninstall"=dword:00000000
"MailScanPageOnOff"=dword:00000001
"ToolPageOnOff"=dword:00000001
"Pop3TrapOnOff"=dword:00000001
"RunPop3Trap"=dword:00000001
"OutlookScanOnOff"=dword:00000001
"RunOutlookScan"=dword:00000001
"WirelessProtectionOnOff"=dword:00000001
"RunWirelessProtection"=dword:00000001
"CheckPointSecureClientOnOff"=dword:00000001
"ProxySettingOnOff"=dword:00000001
"Updating"=dword:00000000
"DomainType"=dword:00000002
"DisplayPFWTab"=dword:00000001
"Security"=dword:00000000
"DoSynchronize"=dword:00000000
"DefaultExt"="\"\",ARJ,BAT,BIN,BOO,CAB,CHM,CLA,CLASS,COM,CSC,DLL,DOC,DOT,DRV,EML,EXE,GZ,HLP,HTA,HTM,HTML,HTT,INI,JAR,JPEG,JPG,JS,JSE,LNK,LZH,MDB,MPD,MPP,MPT,MSG,MSO,NWS,OCX,OFT,OVL,PDF,PHP,PIF,PL,POT,PPS,PPT,PRC,RAR,REG,RTF,SCR,SHS,SYS,TAR,VBE,VBS,VSD,VSS,VST,VXD,WML,WSF,XLA,XLS,XLT,XML,Z,ZIP,{*,"
"PatternDate"="20060316"
"VsApiNT-Ver"="8.000-1001"
"TmFilter-Ver"="8.000.0.1001"
"PatternVer"=dword:0000010d
"PatternVer1"=dword:000000f7
"SpyPatternVer"=dword:0000015b
"InternalPatternVer"=dword:0004fcf4
"TotalScanned"=dword:00000986
"LastScannedFileName"="C:\\WINDOWS\\system32\\WMASF.DLL"
"Running"=dword:00000001
"StartUpApplyOpp"=dword:00000000
"Synchronize"=dword:00000001
"HotFix"="20060303214519"
"PatternTooOldWarningOnOff"=dword:00000000
"PatternTooOldDays"=dword:0000000e
"UpdateAgent"=dword:00000001
"RemoteUpdateAgent"=dword:00000001
"AllowUpdateFromOtherAU"=dword:00000001
"IPAddress"="192.168.4.100"
"Reserve"=dword:00000000
"Check IP Change Interval"=dword:000000b4
"ForceMobile"=dword:00000000
"ShellExtensionOnOff"=dword:00000000
"AuCacheOnOff"=dword:00000000
"SendVirusLogForcibly"=dword:00000001
"ScanOrClean"=dword:00000000
"KeepDays"=dword:0000000f
"InfectBootVirus"=dword:00000000
"TotalInfected"=dword:00000005
"LastInfectedFileName"="C:\\Documents and Settings\\spc\\Desktop\\Copy of eicar.com"
"LastInfectedVirusName"="Eicar_test_file"
"LastInfectedDateTime"="3/17/2006 18:58:35"
"LastInfectedAction"="Virus successfully detected, but infected file cannot be cleaned. File was quarantined."
"SynClass"="Afx:400000:23:10027:7a100e2c:0"
"SendVL"=dword:00000000
"CanceledByUser"=dword:00000003
"PrgUpdate"=dword:00000000
"UpdateFrom"="http://officescan-p.activeupdate.trendmicro.com/activeupdate"

[HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\PFW]
"AllowConfigPFW"=dword:00000000
"EnablePFW"=dword:00000001
"EnableIDS"=dword:00000000
"EnablePFWAlert"=dword:00000000
"EnableNetVirusLogReport"=dword:00000000
"LogKeepDay"=dword:00000007

[HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Prescheduled Scan Configuration]
"ScanBoot"=dword:00000001
"ScanCompressed"=dword:00000001
"ScanAllFiles"=dword:00000001
"ExtList"=".ACE,.ARJ,.ASP,.BAT,.BIN,.BOO,.CAB,.CHM,.CLA,.CLASS,.COM,.CSC,.DAT,.DLL,.DOC,.DOT,.DRV,.EML,.EXE,.GZ,.HLP,.HTA,.HTM,.HTML,.HTT,.INI,.JAR,.JS,.JSE,.LNK,.LZH,.MDB,.MPD,.MPP,.MPT,.MSG,.MSO,.NWS,.OCX,.OFT,.OVL,.PDF,.PHP,.PIF,.PL,.POT,.PPS,.PPT,.PRC,.RAR,.REG,.RTF,.SCR,.SHS,.SYS,.TAR,.VBE,.VBS,.VSD,.VSS,.VST,.VXD,.WML,.WSF,.XLA,.XLS,.XLT,.XML,.Z,.ZIP"
"VirusFoundAction"=dword:00000005
"MoveDir"="HTTP://svrx"
"BkUpIfClean"=dword:00000001
"CompressedLayer"=dword:00000002
"CleanFailedAction"=dword:00000004
"CleanFailedMoveDir"="HTTP://svrx"
"Frequency"=dword:00000001
"Hour"=dword:0000000c
"Minute"=dword:00000000
"DayOfMonth"=dword:00000001
"DayOfWeek"=dword:00000007
"AmPm"=dword:00000001
"Enable"=dword:00000000
"AllowCfg"=dword:00000000
"ScanRemoveable"=dword:00000001
"ScanFixedDisk"=dword:00000001
"ScanCDRom"=dword:00000001
"IntelliScan"=dword:00000001
"ActiveAction"=dword:00000000
"ScanSpyware"=dword:00000001
"PopVirusFoundAlert"=dword:00000001
"EnableExclusion"=dword:00000001
"CustAction"="Universe-3-2,Joke-2-4,Trojan-2-4,Virus-3-2,Test_Virus-0-0,Spyware-2-4,Packer-2-0,Other-3-2,"
"EnableUniAct"=dword:00000001
"ScanSpeed"=dword:00000000
"ExcludedFile"=""
"ExcludedFolder"=""
"ExcludedExt"=""
"ExcludeTrendProduct"=dword:00000001
"ZipCleanOnOff"=dword:00000000
"OleLayer"=dword:00000003

[HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Real Time Scan Configuration]
"ScanCompressed"=dword:00000001
"ScanAllFiles"=dword:00000001
"VirusFoundAction"=dword:00000005
"ScanShutDown"=dword:00000000
"ExtList"=".\"\",.ACE,.ARJ,.ASP,.BAT,.BIN,.BOO,.CAB,.CHM,.CLA,.CLASS,.COM,.CSC,.DAT,.DLL,.DOC,.DOT,.DRV,.EML,.EXE,.GZ,.HLP,.HTA,.HTM,.HTML,.HTT,.INI,.JAR,.JS,.JSE,.LNK,.LZH,.MDB,.MPD,.MPP,.MPT,.MSG,.MSO,.NWS,.OCX,.OFT,.OVL,.PDF,.PHP,.PIF,.PL,.POT,.PPS,.PPT,.PRC,.RAR,.REG,.RTF,.SCR,.SHS,.SYS,.TAR,.VBE,.VBS,.VSD,.VSS,.VST,.VXD,.WML,.WSF,.XLA,.XLS,.XLT,.XML,.Z,.ZIP,.{*"
"MoveDir"="HTTP://svrx"
"BkUpIfClean"=dword:00000001
"CompressedLayer"=dword:00000002
"CleanFailedAction"=dword:00000003
"CleanFailedMoveDir"="HTTP://svrx"
"Enable"=dword:00000001
"AllowCfg"=dword:00000000
"IntelliScan"=dword:00000001
"ActiveAction"=dword:00000000
"ScanIncoming"=dword:00000001
"ScanOutgoing"=dword:00000001
"ScanSpyware"=dword:00000001
"ScanNetwork"=dword:00000000
"PopVirusFoundAlert"=dword:00000001
"EnableExclusion"=dword:00000001
"CustAction"="Universe-3-2,Joke-2-4,Trojan-2-4,Virus-3-2,Test_Virus-0-0,Spyware-2-4,Packer-2-0,Other-3-2,"
"EnableUniAct"=dword:00000001
"ExcludedFile"=""
"ExcludedFolder"=""
"ExcludedExt"=""
"ExcludeTrendProduct"=dword:00000001
"VSApiNTHome"="C:\\Program Files\\Trend Micro\\OfficeScan Client\\"
"StartPccNtUpd"=dword:00000000
"GlobalLargeCompressedFileScanSetting"=dword:00000001
"CompressedFileCount"=dword:00000064
"MaximumExtractFileSize"=dword:00000002
"OleLayer"=dword:00000003
"ZipCleanOnOff"=dword:00000000
"WatchDogOnOff"=dword:00000001
"Desktoppath"="C:\\Documents and Settings\\spc\\Desktop"
"UserName"="spc"
"Pop3TrapFlag"=dword:00000000
"LocaleDateFmt"="M/d/yyyy"
"LocaleTimeFmt"="h:mm:ss tt"
"SpyCleanChanged"=dword:00000001
"ExcludeDatabaseFolder"=dword:00000001
"UpdateINI"=dword:00000000
"ReadAlert"=dword:00000000
"LastStatusCode"=dword:00000001
"Home Directory"="C:\\Program Files\\Trend Micro\\OfficeScan Client\\"
"Remote"=dword:00000000
"StopRemote"=dword:00000000
"PreSchedule"=dword:00000000
"StopSchedule"=dword:00000000
"RealTimeHook"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Real Time Scan Configuration\Add PIDs]
"tmlisten"=dword:00000be0

[HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Real Time Scan Configuration\Delete PIDs]

[HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Scan Now Configuration]
"ScanBoot"=dword:00000001
"ScanCompressed"=dword:00000001
"ScanAllFiles"=dword:00000001
"ExtList"=".ACE,.ARJ,.ASP,.BAT,.BIN,.BOO,.CAB,.CHM,.CLA,.CLASS,.COM,.CSC,.DAT,.DLL,.DOC,.DOT,.DRV,.EML,.EXE,.GZ,.HLP,.HTA,.HTM,.HTML,.HTT,.INI,.JAR,.JS,.JSE,.LNK,.LZH,.MDB,.MPD,.MPP,.MPT,.MSG,.MSO,.NWS,.OCX,.OFT,.OVL,.PDF,.PHP,.PIF,.PL,.POT,.PPS,.PPT,.PRC,.RAR,.REG,.RTF,.SCR,.SHS,.SYS,.TAR,.VBE,.VBS,.VSD,.VSS,.VST,.VXD,.WML,.WSF,.XLA,.XLS,.XLT,.XML,.Z,.ZIP"
"VirusFoundAction"=dword:00000005
"MoveDir"="HTTP://svrx"
"BkUpIfClean"=dword:00000001
"CompressedLayer"=dword:00000002
"CleanFailedAction"=dword:00000003
"CleanFailedMoveDir"="HTTP://svrx"
"Enable"=dword:00000001
"AllowCfg"=dword:00000000
"ScanRemoveable"=dword:00000001
"ScanFixedDisk"=dword:00000001
"ScanCDRom"=dword:00000001
"IntelliScan"=dword:00000001
"ActiveAction"=dword:00000000
"ScanHiddenFolder"=dword:00000000
"ScanSpyware"=dword:00000001
"EnableExclusion"=dword:00000001
"CustAction"="Universe-3-2,Joke-2-4,Trojan-2-4,Virus-3-2,Test_Virus-0-0,Spyware-2-4,Packer-2-0,Other-3-2,"
"EnableUniAct"=dword:00000001
"ScanSpeed"=dword:00000000
"ExcludedFile"=""
"ExcludedFolder"=""
"ExcludedExt"=""
"ExcludeTrendProduct"=dword:00000001
"ZipCleanOnOff"=dword:00000000
"OleLayer"=dword:00000003

[HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Schedule Clean]
"ScheduleCleanInterval"=dword:00003840
"LastCleanTime"=dword:4417c74a

[HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Schedule Update]
"ScheduleCheckGlobalSetting"=dword:00000000
"ScheduleUpdateInterval"=dword:00015180
"TimeStamp"=dword:4408faa2
"AllowScheduleUpdate"=dword:00000001
"ScheduleUpdateStartWeekday"=dword:00000007
"ScheduleUpdateStartHour"=dword:00000000
"ScheduleUpdateStartMin"=dword:00000000
"ScheduleUpdateCompletePeriod"=dword:00000e10
"EnableDisable"=dword:00000001
"ScheduledUpdateWithConfigOncePerDay"=dword:00000000
"LastUpdateConfig"=dword:01386944

[HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Spyware Clean]
"AdditionalThreatCleanEnable"=dword:00000001
"AdditionalThreatExclusionList"=dword:00000000
"AdditionalThreatExclusionInfo"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\TSC Status]
"Status"=dword:00000000
"VirusCount"=dword:00000000
"NeedReboot"=dword:00000000
"NeedReClean"=dword:00000000
"VerifyTSC"=dword:00000000
"RunTick"=dword:0138fb24
"Exception"=dword:00000000