API tools faq
paste
Advertisement
Jaymie1989

Untitled

Jaymie1989
Jul 29th, 2011
654
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 33.91 KB | None | 0 0
raw download clone embed print report
  1. "Silent Runners.vbs", revision 63, http://www.silentrunners.org/
  2. Operating System: Windows 7 SP1
  3. Output limited to non-default values, except where indicated by "{++}"
  4.  
  5.  
  6. Startup items buried in registry:
  7. ---------------------------------
  8.  
  9. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
  10.  
  11. {318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\(Default) = (no title provided)
  12. -> {HKLM...CLSID} = "avast! WebRep"
  13. \InProcServer32\(Default) = "C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll" [null data]
  14.  
  15. {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
  16. -> {HKLM...CLSID} = "Windows Live ID Sign-in Helper"
  17. \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
  18.  
  19. {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
  20. -> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper"
  21. \InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]
  22.  
  23. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
  24.  
  25. 00avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
  26. -> {HKLM...CLSID} = "avast"
  27. \InProcServer32\(Default) = "C:\Program Files\AVAST Software\Avast\ashShA64.dll" ["AVAST Software"]
  28.  
  29. DropboxExt1\(Default) = "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
  30. -> {HKCU...CLSID} = "DropboxExt"
  31. \InProcServer32\(Default) = "C:\Users\Freestyle Dust\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll" ["Dropbox, Inc."]
  32.  
  33. DropboxExt2\(Default) = "{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
  34. -> {HKCU...CLSID} = "DropboxExt"
  35. \InProcServer32\(Default) = "C:\Users\Freestyle Dust\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll" ["Dropbox, Inc."]
  36.  
  37. DropboxExt3\(Default) = "{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
  38. -> {HKCU...CLSID} = "DropboxExt"
  39. \InProcServer32\(Default) = "C:\Users\Freestyle Dust\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll" ["Dropbox, Inc."]
  40.  
  41. DropboxExt4\(Default) = "{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
  42. -> {HKCU...CLSID} = "DropboxExt"
  43. \InProcServer32\(Default) = "C:\Users\Freestyle Dust\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll" ["Dropbox, Inc."]
  44.  
  45. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
  46.  
  47. "{B41DB860-64E4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  48. -> {HKLM...CLSID} = "WinRAR"
  49. \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
  50.  
  51. "{83238FAE-D346-4E12-8734-D42F7554B3E6}" = "DivX Thumbnail Provider"
  52. -> {HKLM...CLSID} = "DivX Thumbnail Provider"
  53. \InProcServer32\(Default) = "C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll" ["DivX, Inc."]
  54.  
  55. "{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992}" = "DivX Property Handler"
  56. -> {HKLM...CLSID} = "DivX Property Handler"
  57. \InProcServer32\(Default) = "C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll" ["DivX, Inc."]
  58.  
  59. "{872A9397-E0D6-4e28-B64D-52B8D0A7EA35}" = "Display CPL Extension"
  60. -> {HKLM...CLSID} = "DisplayCplExt Class"
  61. \InProcServer32\(Default) = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiama64.dll" ["Advanced Micro Devices, Inc."]
  62.  
  63. "{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
  64. -> {HKLM...CLSID} = "SimpleShlExt Class"
  65. \InProcServer32\(Default) = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll" ["Advanced Micro Devices, Inc."]
  66.  
  67. "{AD392E40-428C-459F-961E-9B147782D099}" = "UltraISO"
  68. -> {HKLM...CLSID} = "UIContextMenu Class"
  69. \InProcServer32\(Default) = "C:\Program Files (x86)\UltraISO\isoshl64.dll" ["EZB Systems, Inc."]
  70.  
  71. "{2C5515DC-2A7E-4BFD-B813-CACC2B685EB7}" = "Revo Uninstaller Pro Extension"
  72. -> {HKLM...CLSID} = "RUShellExt Class"
  73. \InProcServer32\(Default) = "C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll" ["VS Revo Group"]
  74.  
  75. "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
  76. -> {HKLM...CLSID} = (no title provided)
  77. \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MSOHEVI.DLL" [MS]
  78.  
  79. "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
  80. -> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
  81. \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
  82.  
  83. "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
  84. -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
  85. \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
  86.  
  87. "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
  88. -> {HKLM...CLSID} = "avast"
  89. \InProcServer32\(Default) = "C:\Program Files\AVAST Software\Avast\ashShA64.dll" ["AVAST Software"]
  90.  
  91. "{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2}" = "IntelliType Pro Key Settings Control Panel Property Page"
  92. -> {HKLM...CLSID} = "IntelliType Pro Key Settings Property Page"
  93. \InProcServer32\(Default) = "c:\Program Files\Microsoft IntelliType Pro\itcplkey.dll" [MS]
  94.  
  95. "{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB}" = "IntelliType Pro Scrolling Control Panel Property Page"
  96. -> {HKLM...CLSID} = "IntelliType Pro Scrolling Property Page"
  97. \InProcServer32\(Default) = "c:\Program Files\Microsoft IntelliType Pro\itcplwhl.dll" [MS]
  98.  
  99. "{97FA8AA2-EE77-4FF2-9449-424D8924EF21}" = "IntelliType Pro Zooming Control Panel Property Page"
  100. -> {HKLM...CLSID} = "IntelliType Pro Zooming Property Page"
  101. \InProcServer32\(Default) = "c:\Program Files\Microsoft IntelliType Pro\itcplzm.dll" [MS]
  102.  
  103. "{1825D0FA-5B0C-4e20-A929-3EFD15B6DF71}" = "IntelliType Pro Touchpad Control Property Page"
  104. -> {HKLM...CLSID} = "IntelliType Pro Touchpad Control Property Page"
  105. \InProcServer32\(Default) = "c:\Program Files\Microsoft IntelliType Pro\itcpltp.dll" [MS]
  106.  
  107. "{A2569D1F-4E06-43EC-9825-0088B471BE47}" = "IntelliType Pro Wireless Control Panel Property Page"
  108. -> {HKLM...CLSID} = "IntelliType Pro Wireless Control Panel Property Page"
  109. \InProcServer32\(Default) = "c:\Program Files\Microsoft IntelliType Pro\itcplwir.dll" [MS]
  110.  
  111. "{C1051DD2-472F-4B24-B47A-06769096CE34}" = "Easeus ShellFolder!"
  112. -> {HKLM...CLSID} = "Easeus ShellFolder!"
  113. \InProcServer32\(Default) = "C:\Program Files (x86)\EASEUS\Todo Backup\bin\x64\ImageSh.dll" ["CHENGDU YIWO Tech Development Co.,Ltd"]
  114.  
  115. "{1558C2A3-E0E5-4d16-89B2-7E894BD8F350}" = "Spyware Terminator 64bit Context Menu Extension"
  116. -> {HKLM...CLSID} = "Spyware Terminator 64bit Context Menu Extension"
  117. \InProcServer32\(Default) = "C:\PROGRA~2\SPYWAR~2\SPTCON~2.DLL" [null data]
  118.  
  119. HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
  120. <<!>> ("livessp" [MS]) "Security Packages" = "kerberos"|"msv1_0"|"schannel"|"wdigest"|"tspkg"|"pku2u"|"livessp"
  121.  
  122. HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
  123. <<!>> "BootExecute" = "autocheck autochk *"| [file not found]
  124.  
  125. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\
  126.  
  127. {F8A0B131-5F68-486c-8040-7E8FC3C85BB6}\(Default) = "WLIDCredentialProvider"
  128. -> {HKLM...CLSID} = "WLIDCredentialProvider"
  129. \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL" [MS]
  130.  
  131. HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
  132.  
  133. <<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
  134. -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
  135. \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]
  136.  
  137. HKCU\Software\Classes\*\shellex\ContextMenuHandlers\
  138.  
  139. DropboxExt\(Default) = "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
  140. -> {HKCU...CLSID} = "DropboxExt"
  141. \InProcServer32\(Default) = "C:\Users\Freestyle Dust\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll" ["Dropbox, Inc."]
  142.  
  143. HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
  144.  
  145. avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
  146. -> {HKLM...CLSID} = "avast"
  147. \InProcServer32\(Default) = "C:\Program Files\AVAST Software\Avast\ashShA64.dll" ["AVAST Software"]
  148.  
  149. LockHunterShellExt\(Default) = "{0BB27CDA-7029-4C0E-9C56-D922B229F0EB}"
  150. -> {HKLM...CLSID} = "LockHunterShellExtensionHandler Class"
  151. \InProcServer32\(Default) = "C:\Program Files\LockHunter\LHShellExt.dll" ["TODO: <Company name>"]
  152.  
  153. Notepad++64\(Default) = "{B298D29A-A6ED-11DE-BA8C-A68E55D89593}"
  154. -> {HKLM...CLSID} = "Notepad++64"
  155. \InProcServer32\(Default) = "C:\Program Files (x86)\Notepad++\NppShell_04.dll" [null data]
  156.  
  157. SptContmenu64\(Default) = "{1558C2A3-E0E5-4d16-89B2-7E894BD8F350}"
  158. -> {HKLM...CLSID} = "Spyware Terminator 64bit Context Menu Extension"
  159. \InProcServer32\(Default) = "C:\PROGRA~2\SPYWAR~2\SPTCON~2.DLL" [null data]
  160.  
  161. WinRAR\(Default) = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"
  162. -> {HKLM...CLSID} = "WinRAR"
  163. \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
  164.  
  165. {CA8ACAFA-5FBB-467B-B348-90DD488DE003}\(Default) = "SUPERAntiSpyware Context Menu"
  166. -> {HKLM...CLSID} = "SASContextMenu Class"
  167. \InProcServer32\(Default) = "C:\Program Files\SUPERAntiSpyware\SASCTXMN64.DLL" ["SUPERAntiSpyware.com"]
  168.  
  169. HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
  170.  
  171. 00avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
  172. -> {HKLM...CLSID} = "avast"
  173. \InProcServer32\(Default) = "C:\Program Files\AVAST Software\Avast\ashShA64.dll" ["AVAST Software"]
  174.  
  175. MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
  176. -> {HKLM...CLSID} = "MBAMShlExt Class"
  177. \InProcServer32\(Default) = "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll" [file not found]
  178.  
  179. HKCU\Software\Classes\Directory\shellex\ContextMenuHandlers\
  180.  
  181. DropboxExt\(Default) = "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
  182. -> {HKCU...CLSID} = "DropboxExt"
  183. \InProcServer32\(Default) = "C:\Users\Freestyle Dust\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll" ["Dropbox, Inc."]
  184.  
  185. HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
  186.  
  187. LockHunterShellExt\(Default) = "{0BB27CDA-7029-4C0E-9C56-D922B229F0EB}"
  188. -> {HKLM...CLSID} = "LockHunterShellExtensionHandler Class"
  189. \InProcServer32\(Default) = "C:\Program Files\LockHunter\LHShellExt.dll" ["TODO: <Company name>"]
  190.  
  191. SptContmenu64\(Default) = "{1558C2A3-E0E5-4d16-89B2-7E894BD8F350}"
  192. -> {HKLM...CLSID} = "Spyware Terminator 64bit Context Menu Extension"
  193. \InProcServer32\(Default) = "C:\PROGRA~2\SPYWAR~2\SPTCON~2.DLL" [null data]
  194.  
  195. UltraISO\(Default) = "{AD392E40-428C-459F-961E-9B147782D099}"
  196. -> {HKLM...CLSID} = "UIContextMenu Class"
  197. \InProcServer32\(Default) = "C:\Program Files (x86)\UltraISO\isoshl64.dll" ["EZB Systems, Inc."]
  198.  
  199. WinRAR\(Default) = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"
  200. -> {HKLM...CLSID} = "WinRAR"
  201. \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
  202.  
  203. {CA8ACAFA-5FBB-467B-B348-90DD488DE003}\(Default) = "SUPERAntiSpyware Context Menu"
  204. -> {HKLM...CLSID} = "SASContextMenu Class"
  205. \InProcServer32\(Default) = "C:\Program Files\SUPERAntiSpyware\SASCTXMN64.DLL" ["SUPERAntiSpyware.com"]
  206.  
  207. HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\
  208.  
  209. FileZilla3CopyHook\(Default) = "{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}"
  210. -> {HKLM...CLSID} = "FileZilla 3 Shell Extension"
  211. \InProcServer32\(Default) = "C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll" [null data]
  212.  
  213. HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\
  214.  
  215. WinRAR\(Default) = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"
  216. -> {HKLM...CLSID} = "WinRAR"
  217. \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
  218.  
  219. HKCU\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
  220.  
  221. DropboxExt\(Default) = "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
  222. -> {HKCU...CLSID} = "DropboxExt"
  223. \InProcServer32\(Default) = "C:\Users\Freestyle Dust\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll" ["Dropbox, Inc."]
  224.  
  225. HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\
  226.  
  227. ACE\(Default) = "{5E2121EE-0300-11D4-8D3B-444553540000}"
  228. -> {HKLM...CLSID} = "SimpleShlExt Class"
  229. \InProcServer32\(Default) = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll" ["Advanced Micro Devices, Inc."]
  230.  
  231. HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
  232.  
  233. avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
  234. -> {HKLM...CLSID} = "avast"
  235. \InProcServer32\(Default) = "C:\Program Files\AVAST Software\Avast\ashShA64.dll" ["AVAST Software"]
  236.  
  237. MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
  238. -> {HKLM...CLSID} = "MBAMShlExt Class"
  239. \InProcServer32\(Default) = "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll" [file not found]
  240.  
  241. RUShellExt\(Default) = "{2C5515DC-2A7E-4BFD-B813-CACC2B685EB7}"
  242. -> {HKLM...CLSID} = "RUShellExt Class"
  243. \InProcServer32\(Default) = "C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll" ["VS Revo Group"]
  244.  
  245. SptContmenu64\(Default) = "{1558C2A3-E0E5-4d16-89B2-7E894BD8F350}"
  246. -> {HKLM...CLSID} = "Spyware Terminator 64bit Context Menu Extension"
  247. \InProcServer32\(Default) = "C:\PROGRA~2\SPYWAR~2\SPTCON~2.DLL" [null data]
  248.  
  249. UltraISO\(Default) = "{AD392E40-428C-459F-961E-9B147782D099}"
  250. -> {HKLM...CLSID} = "UIContextMenu Class"
  251. \InProcServer32\(Default) = "C:\Program Files (x86)\UltraISO\isoshl64.dll" ["EZB Systems, Inc."]
  252.  
  253. WinRAR\(Default) = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"
  254. -> {HKLM...CLSID} = "WinRAR"
  255. \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
  256.  
  257. HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\
  258.  
  259. WinRAR\(Default) = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"
  260. -> {HKLM...CLSID} = "WinRAR"
  261. \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
  262.  
  263.  
  264. Default executables:
  265. --------------------
  266.  
  267. HKLM\SOFTWARE\Classes\.hta\(Default) = "htafile"
  268. <<!>> HKLM\SOFTWARE\Classes\htafile\shell\open\command\(Default) = "C:\Windows\SysWOW64\mshta.exe "%1" %*" [MS]
  269.  
  270.  
  271. Group Policies {GPedit.msc branch and setting}:
  272. -----------------------------------------------
  273.  
  274. Note: detected settings may not have any effect.
  275.  
  276. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
  277.  
  278. "NoDrives" = (REG_DWORD) dword:0x00000000
  279. {unrecognized setting}
  280.  
  281. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\
  282.  
  283. "NoDrives" = (REG_DWORD) dword:0x00000000
  284. {unrecognized setting}
  285.  
  286. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
  287.  
  288. "disableregistrytools" = (REG_DWORD) dword:0x00000000
  289. {User Configuration|Administrative Templates|System|
  290. Prevent access to registry editing tools}
  291.  
  292. HKCU\Software\Policies\Microsoft\Windows\System\
  293.  
  294. "disablecmd" = (REG_DWORD) dword:0x00000000
  295. {User Configuration|Administrative Templates|System|
  296. Prevent access to the command prompt}
  297.  
  298. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
  299.  
  300. "ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000000
  301. {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
  302. User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}
  303.  
  304. "EnableLUA" = (REG_DWORD) dword:0x00000000
  305. {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
  306. User Account Control: Run All Administrators In Admin Approval Mode}
  307.  
  308. "PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000000
  309. {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
  310. User Account Control: Switch to the secure desktop when prompting for elevation}
  311.  
  312. "DisableRegistryTools" = (REG_DWORD) dword:0x00000000
  313. {unrecognized setting}
  314.  
  315.  
  316. Active Desktop and Wallpaper:
  317. -----------------------------
  318.  
  319. Active Desktop may be disabled at this entry:
  320. HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
  321.  
  322. Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
  323. HKCU\Control Panel\Desktop\
  324. "Wallpaper" = "C:\Users\Freestyle Dust\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg"
  325.  
  326.  
  327. Windows Portable Device AutoPlay Handlers
  328. -----------------------------------------
  329.  
  330. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
  331.  
  332. MSLivePhotoAcquireDropHandler\
  333. "Provider" = "@%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10"
  334. "InvokeProgID" = "Microsoft.LivePhotoAcqDTShim.1"
  335. "InvokeVerb" = "open"
  336. HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = "{00F33137-EE26-412F-8D71-F84E4C2C6625}"
  337. -> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"
  338. \InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll" [MS]
  339.  
  340. MSLiveShowPicturesOnArrival\
  341. "Provider" = "@%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10"
  342. "InvokeProgID" = "Microsoft.Photos.LiveAutoplayShim.1"
  343. "InvokeVerb" = "open"
  344. HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = "{00F30F90-3E96-453B-AFCD-D71989ECC2C7}"
  345. -> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"
  346. \InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll" [MS]
  347.  
  348. MSPlayCDAudioOnArrival\
  349. "Provider" = "@wmploc.dll,-6502"
  350. "InvokeProgID" = "WMP.AudioCD"
  351. "InvokeVerb" = "play"
  352. HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L"" [MS]
  353.  
  354. MSPlayDVDMovieOnArrival\
  355. "Provider" = "@wmploc.dll,-6502"
  356. "InvokeProgID" = "WMP.DVD"
  357. "InvokeVerb" = "play"
  358. HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L"" [MS]
  359.  
  360. MSPlaySuperVideoCDMovieOnArrival\
  361. "Provider" = "@wmploc.dll,-6502"
  362. "InvokeProgID" = "WMP.VCD"
  363. "InvokeVerb" = "play"
  364. HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L"" [MS]
  365.  
  366. MSPlayVideoCDMovieOnArrival\
  367. "Provider" = "@wmploc.dll,-6502"
  368. "InvokeProgID" = "WMP.VCD"
  369. "InvokeVerb" = "play"
  370. HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L"" [MS]
  371.  
  372. MSWMPBurnCDOnArrival\
  373. "Provider" = "@wmploc.dll,-6502"
  374. "InvokeProgID" = "WMP.BurnCD"
  375. "InvokeVerb" = "Burn"
  376. HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L"" [MS]
  377.  
  378. WIA_{F1B46CDD-0438-49B4-96C4-2AEBFE1D6621}\
  379. "Provider" = "Microsoft Office Word"
  380. "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
  381. "InitCmdLine" = "/WiaCmd;C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE /IMG_WIA;"
  382. -> {HKLM...CLSID} = "WPDShextAutoplay"
  383. \LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]
  384.  
  385.  
  386. Startup items in "Freestyle Dust" & "All Users" startup folders:
  387. ----------------------------------------------------------------
  388.  
  389. C:\Users\Freestyle Dust\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
  390. "Dropbox" -> shortcut to: "C:\Users\Freestyle Dust\AppData\Roaming\Dropbox\bin\Dropbox.exe" ["Dropbox, Inc."]
  391.  
  392.  
  393. Windows Sidebar Gadgets:
  394. ------------------------
  395.  
  396. C:\Users\Freestyle Dust\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
  397. "C:%5CProgram%20Files%5CWindows%20Sidebar%5CShared%20Gadgets%5CaswSidebar.gadget"
  398.  
  399.  
  400. Non-disabled Scheduled Tasks:
  401. -----------------------------
  402.  
  403. C:\Windows\System32\Tasks
  404. "Microsoft_Hardware_Launch_IType_exe" -> (HIDDEN!) launches: "c:\Program Files\Microsoft IntelliType Pro\IType.exe" [MS]
  405. "User_Feed_Synchronization-{2356A7FA-44A5-4580-9A43-2B84F3A19DC3}" -> (HIDDEN!) launches: "C:\Windows\system32\msfeedssync.exe sync" [MS]
  406.  
  407. C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
  408. "AD RMS Rights Policy Template Management (Manual)" -> launches: "{BF5CB148-7C77-4d8a-A53E-D81C70CF743C}"
  409. -> {HKLM...CLSID} = "AD RMS Rights Policy Template Management (Manual) Task Handler"
  410. \InProcServer32\(Default) = "C:\Windows\system32\msdrm.dll" [MS]
  411.  
  412. C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
  413. "AitAgent" -> launches: "aitagent" [MS]
  414. "ProgramDataUpdater" -> launches: "%windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate" [MS]
  415.  
  416. C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
  417. "Proxy" -> launches: "%windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations" [MS]
  418.  
  419. C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
  420. "UninstallDeviceTask" -> launches: "BthUdTask.exe $(Arg0)" [MS]
  421.  
  422. C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
  423. "SystemTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
  424. -> {HKLM...CLSID} = "Certificate Services Client Task Handler"
  425. \InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]
  426. "UserTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
  427. -> {HKLM...CLSID} = "Certificate Services Client Task Handler"
  428. \InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]
  429.  
  430. C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
  431. "Consolidator" -> launches: "%SystemRoot%\System32\wsqmcons.exe" [MS]
  432. "KernelCeipTask" -> (HIDDEN!) launches: "{e7ed314f-2816-4c26-aeb5-54a34d02404c}"
  433. -> {HKLM...CLSID} = "KernelCeipCustomHandler"
  434. \InProcServer32\(Default) = "C:\Windows\System32\kernelceip.dll" [MS]
  435. "UsbCeip" -> (HIDDEN!) launches: "{c27f6b1d-fe0b-45e4-9257-38799fa69bc8}"
  436. -> {HKLM...CLSID} = "UsbCeip"
  437. \InProcServer32\(Default) = "C:\Windows\System32\usbceip.dll" [MS]
  438.  
  439. C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
  440. "ScheduledDefrag" -> launches: "%windir%\system32\defrag.exe -c" [MS]
  441.  
  442. C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
  443. "Scheduled" -> (HIDDEN!) launches: "{c1f85ef8-bcc2-4606-bb39-70c523715eb3}"
  444. -> {HKLM...CLSID} = "ScheduledDiagnosticCustomHandler"
  445. \InProcServer32\(Default) = "C:\Windows\System32\sdiagschd.dll" [MS]
  446.  
  447. C:\Windows\System32\Tasks\Microsoft\Windows\Location
  448. "Notifications" -> launches: "%windir%\System32\LocationNotifications.exe" [MS]
  449.  
  450. C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
  451. "WinSAT" -> launches: "{A9A33436-678B-4C9C-A211-7CC38785E79D}"
  452. -> {HKLM...CLSID} = "WinSAT Task Manger Task"
  453. \InProcServer32\(Default) = "C:\Windows\system32\WinSATAPI.dll" [MS]
  454.  
  455. C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
  456. "ActivateWindowsSearch" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch" [MS]
  457. "ConfigureInternetTimeService" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService" [MS]
  458. "DispatchRecoveryTasks" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)" [MS]
  459. "ehDRMInit" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DRMInit" [MS]
  460. "InstallPlayReady" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)" [MS]
  461. "mcupdate" -> launches: "%SystemRoot%\ehome\mcupdate $(Arg0)" [MS]
  462. "MediaCenterRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask" [MS]
  463. "ObjectStoreRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask" [MS]
  464. "OCURActivate" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate" [MS]
  465. "OCURDiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)" [MS]
  466. "PBDADiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery" [MS]
  467. "PBDADiscoveryW1" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery" [MS]
  468. "PBDADiscoveryW2" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery" [MS]
  469. "PvrRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask" [MS]
  470. "PvrScheduleTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -PvrSchedule" [MS]
  471. "RegisterSearch" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)" [MS]
  472. "ReindexSearchRoot" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot" [MS]
  473. "SqlLiteRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask" [MS]
  474. "UpdateRecordPath" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)" [MS]
  475.  
  476. C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
  477. "CorruptionDetector" -> (HIDDEN!) launches: "{190BA3F6-0205-4f46-B589-95C6822899D2}"
  478. -> {HKLM...CLSID} = "MemoryDiagnosticCustomHandler"
  479. \InProcServer32\(Default) = "C:\Windows\System32\memdiag.dll" [MS]
  480. "DecompressionFailureDetector" -> (HIDDEN!) launches: "{190BA3F6-0205-4f46-B589-95C6822899D2}"
  481. -> {HKLM...CLSID} = "MemoryDiagnosticCustomHandler"
  482. \InProcServer32\(Default) = "C:\Windows\System32\memdiag.dll" [MS]
  483.  
  484. C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
  485. "HotStart" -> launches: "{06DA0625-9701-43da-BFD7-FBEEA2180A1E}"
  486. -> {HKLM...CLSID} = "HotStart User Agent"
  487. \InProcServer32\(Default) = "C:\Windows\System32\HotStartUserAgent.dll" [MS]
  488.  
  489. C:\Windows\System32\Tasks\Microsoft\Windows\MUI
  490. "LPRemove" -> launches: "%windir%\system32\lpremove.exe" [MS]
  491.  
  492. C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
  493. "SystemSoundsService" -> launches: "{2DEA658F-54C1-4227-AF9B-260AB5FC3543}"
  494. -> {HKLM...CLSID} = "Microsoft PlaySoundService Class"
  495. \InProcServer32\(Default) = "C:\Windows\System32\PlaySndSrv.dll" [MS]
  496.  
  497. C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
  498. "AnalyzeSystem" -> launches: "%SystemRoot%\System32\powercfg.exe -energy -auto" [MS]
  499.  
  500. C:\Windows\System32\Tasks\Microsoft\Windows\RAC
  501. "RacTask" -> (HIDDEN!) launches: "{42060D27-CA53-41f5-96E4-B1E8169308A6}"
  502. -> {HKLM...CLSID} = "ReliabilityAnalysisCustomHandler"
  503. \InProcServer32\(Default) = "C:\Windows\system32\RacEngn.dll" [MS]
  504.  
  505. C:\Windows\System32\Tasks\Microsoft\Windows\Ras
  506. "MobilityManager" -> launches: "{c463a0fc-794f-4fdf-9201-01938ceacafa}"
  507. -> {HKLM...CLSID} = "RasMobilityManager"
  508. \InProcServer32\(Default) = "C:\Windows\system32\rasmbmgr.dll" [MS]
  509.  
  510. C:\Windows\System32\Tasks\Microsoft\Windows\Registry
  511. "RegIdleBackup" -> (HIDDEN!) launches: "{ca767aa8-9157-4604-b64b-40747123d5f2}"
  512. -> {HKLM...CLSID} = "RegistryIdleBackupHandler"
  513. \InProcServer32\(Default) = "C:\Windows\System32\regidle.dll" [MS]
  514.  
  515. C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
  516. "RemoteAssistanceTask" -> (HIDDEN!) launches: "%windir%\system32\RAServer.exe /offerraupdate" [MS]
  517.  
  518. C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
  519. "GadgetManager" -> launches: "{FF87090D-4A9A-4f47-879B-29A80C355D61}"
  520. -> {HKLM...CLSID} = "GadgetsManager Class"
  521. \InProcServer32\(Default) = "C:\Windows\System32\AuxiliaryDisplayServices.dll" [MS]
  522.  
  523. C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
  524. "SR" -> launches: "%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation" [MS]
  525.  
  526. C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
  527. "Interactive" -> (HIDDEN!) launches: "{855fec53-d2e4-4999-9e87-3414e9cf0ff4}"
  528. -> {HKLM...CLSID} = "RunTask"
  529. \InProcServer32\(Default) = "C:\Windows\system32\wdc.dll" [MS]
  530.  
  531. C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
  532. "IpAddressConflict1" -> launches: "%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem" [MS]
  533. "IpAddressConflict2" -> launches: "%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem" [MS]
  534.  
  535. C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
  536. "MsCtfMonitor" -> (HIDDEN!) launches: "{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}"
  537. -> {HKLM...CLSID} = "MsCtfMonitor task handler"
  538. \InProcServer32\(Default) = "C:\Windows\system32\MsCtfMonitor.dll" [MS]
  539.  
  540. C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
  541. "SynchronizeTime" -> launches: "%windir%\system32\sc.exe start w32time task_started" [MS]
  542.  
  543. C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
  544. "UPnPHostConfig" -> launches: "sc.exe config upnphost start= auto" [MS]
  545.  
  546. C:\Windows\System32\Tasks\Microsoft\Windows\WDI
  547. "ResolutionHost" -> (HIDDEN!) launches: "{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}"
  548. -> {HKLM...CLSID} = "DiagnosticInfrastructureCustomHandler"
  549. \InProcServer32\(Default) = "C:\Windows\System32\wdi.dll" [MS]
  550.  
  551. C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies
  552. "ValidationTask" -> (HIDDEN!) launches: "%SystemRoot%\system32\Wat\WatAdminSvc.exe /run" [MS]
  553. "ValidationTaskDeadline" -> (HIDDEN!) launches: "%SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"" [MS]
  554.  
  555. C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
  556. "QueueReporting" -> launches: "%windir%\system32\wermgr.exe -queuereporting" [MS]
  557.  
  558. C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
  559. "BfeOnServiceStartTypeChange" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange" [MS]
  560.  
  561. C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
  562. "ConfigNotification" -> launches: "%systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION" [MS]
  563.  
  564. C:\Windows\System32\Tasks\WPD
  565. "SqmUpload_S-1-5-21-2605978935-3684104221-935809672-1001" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe portabledeviceapi.dll,#1" [MS]
  566.  
  567.  
  568. Winsock2 Service Provider DLLs:
  569. -------------------------------
  570.  
  571. Namespace Service Providers
  572.  
  573. HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
  574. 000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]
  575. 000000000002\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]
  576. 000000000003\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
  577. 000000000004\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
  578. 000000000005\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
  579. 000000000006\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
  580. 000000000007\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]
  581. 000000000008\LibraryPath = "C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL" [MS]
  582. 000000000009\LibraryPath = "C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL" [MS]
  583.  
  584. Transport Service Providers
  585.  
  586. HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
  587. 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
  588. %SystemRoot%\system32\mswsock.dll [MS], 01 - 11
  589.  
  590.  
  591. Toolbars, Explorer Bars, Extensions:
  592. ------------------------------------
  593.  
  594. Toolbars
  595.  
  596. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
  597. "{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}" = (no title provided)
  598. -> {HKLM...CLSID} = "avast! WebRep"
  599. \InProcServer32\(Default) = "C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll" [null data]
  600.  
  601.  
  602. Running Services (Display Name, Service Name, Path {Service DLL}):
  603. ------------------------------------------------------------------
  604.  
  605. Adobe Acrobat Update Service, AdobeARMservice, ""C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"" ["Adobe Systems Incorporated"]
  606. AMD External Events Utility, AMD External Events Utility, "C:\Windows\system32\atiesrxx.exe" ["AMD"]
  607. AMD FUEL Service, AMD FUEL Service, "C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /launchService" ["Advanced Micro Devices, Inc."]
  608. Apache2.2, Apache2.2, ""c:\xampp\apache\bin\httpd.exe" -k runservice" ["Apache Software Foundation"]
  609. avast! Antivirus, avast! Antivirus, ""C:\Program Files\AVAST Software\Avast\AvastSvc.exe"" ["AVAST Software"]
  610. EASEUS Agent, EASEUS Agent, "C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe" ["CHENGDU YIWO Tech Development Co., Ltd"]
  611. mysql, mysql, "c:\xampp\mysql\bin\mysqld.exe --defaults-file=c:\xampp\mysql\bin\my.ini mysql" [null data]
  612. PC Tools Firewall Plus, PCToolsFirewallPlus, "C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe" ["PC Tools"]
  613. SAS Core Service, !SASCORE, ""C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"" ["SUPERAntiSpyware.com"]
  614. Spyware Terminator Realtime Shield Service, sp_rssrv, ""C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe"" ["Crawler.com"]
  615. Windows Live ID Sign-in Assistant, wlidsvc, ""C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"" [MS]
  616.  
  617.  
  618. Safe Mode Drivers & Services (subkey name, subkey default value):
  619. -----------------------------------------------------------------
  620.  
  621. HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\
  622.  
  623. <<!>> !SASCORE, (null value)
  624.  
  625. HKLM\System\CurrentControlSet\Control\SafeBoot\Network\
  626.  
  627. <<!>> !SASCORE, (null value)
  628. <<!>> hitmanpro35, (null value)
  629. <<!>> hitmanpro35.sys, (null value)
  630. <<!>> HitmanPro35Crusader, (null value)
  631.  
  632.  
  633. ---------- (launch time: 2011-07-29 23:54:02)
  634. <<!>>: Suspicious data at a malware launch point.
  635.  
  636. + This report excludes default entries except where indicated.
  637. + To see *everywhere* the script checks and *everything* it finds,
  638. launch it from a command prompt or a shortcut with the -all parameter.
  639. + To search all directories of local fixed drives for DESKTOP.INI
  640. DLL launch points, use the -supp parameter or answer "No" at the
  641. first message box and "Yes" at the second message box.
  642. ---------- (total run time: 80 seconds, including 34 seconds for message boxes)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!