Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- "Silent Runners.vbs", revision 63, http://www.silentrunners.org/
- Operating System: Windows 7 SP1
- Output limited to non-default values, except where indicated by "{++}"
- Startup items buried in registry:
- ---------------------------------
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
- {318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\(Default) = (no title provided)
- -> {HKLM...CLSID} = "avast! WebRep"
- \InProcServer32\(Default) = "C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll" [null data]
- {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
- -> {HKLM...CLSID} = "Windows Live ID Sign-in Helper"
- \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
- {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
- -> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper"
- \InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
- 00avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
- -> {HKLM...CLSID} = "avast"
- \InProcServer32\(Default) = "C:\Program Files\AVAST Software\Avast\ashShA64.dll" ["AVAST Software"]
- DropboxExt1\(Default) = "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
- -> {HKCU...CLSID} = "DropboxExt"
- \InProcServer32\(Default) = "C:\Users\Freestyle Dust\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll" ["Dropbox, Inc."]
- DropboxExt2\(Default) = "{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
- -> {HKCU...CLSID} = "DropboxExt"
- \InProcServer32\(Default) = "C:\Users\Freestyle Dust\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll" ["Dropbox, Inc."]
- DropboxExt3\(Default) = "{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
- -> {HKCU...CLSID} = "DropboxExt"
- \InProcServer32\(Default) = "C:\Users\Freestyle Dust\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll" ["Dropbox, Inc."]
- DropboxExt4\(Default) = "{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
- -> {HKCU...CLSID} = "DropboxExt"
- \InProcServer32\(Default) = "C:\Users\Freestyle Dust\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll" ["Dropbox, Inc."]
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
- "{B41DB860-64E4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
- -> {HKLM...CLSID} = "WinRAR"
- \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
- "{83238FAE-D346-4E12-8734-D42F7554B3E6}" = "DivX Thumbnail Provider"
- -> {HKLM...CLSID} = "DivX Thumbnail Provider"
- \InProcServer32\(Default) = "C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll" ["DivX, Inc."]
- "{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992}" = "DivX Property Handler"
- -> {HKLM...CLSID} = "DivX Property Handler"
- \InProcServer32\(Default) = "C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll" ["DivX, Inc."]
- "{872A9397-E0D6-4e28-B64D-52B8D0A7EA35}" = "Display CPL Extension"
- -> {HKLM...CLSID} = "DisplayCplExt Class"
- \InProcServer32\(Default) = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiama64.dll" ["Advanced Micro Devices, Inc."]
- "{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
- -> {HKLM...CLSID} = "SimpleShlExt Class"
- \InProcServer32\(Default) = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll" ["Advanced Micro Devices, Inc."]
- "{AD392E40-428C-459F-961E-9B147782D099}" = "UltraISO"
- -> {HKLM...CLSID} = "UIContextMenu Class"
- \InProcServer32\(Default) = "C:\Program Files (x86)\UltraISO\isoshl64.dll" ["EZB Systems, Inc."]
- "{2C5515DC-2A7E-4BFD-B813-CACC2B685EB7}" = "Revo Uninstaller Pro Extension"
- -> {HKLM...CLSID} = "RUShellExt Class"
- \InProcServer32\(Default) = "C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll" ["VS Revo Group"]
- "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
- -> {HKLM...CLSID} = (no title provided)
- \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MSOHEVI.DLL" [MS]
- "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
- -> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
- \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
- "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
- -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
- \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
- "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
- -> {HKLM...CLSID} = "avast"
- \InProcServer32\(Default) = "C:\Program Files\AVAST Software\Avast\ashShA64.dll" ["AVAST Software"]
- "{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2}" = "IntelliType Pro Key Settings Control Panel Property Page"
- -> {HKLM...CLSID} = "IntelliType Pro Key Settings Property Page"
- \InProcServer32\(Default) = "c:\Program Files\Microsoft IntelliType Pro\itcplkey.dll" [MS]
- "{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB}" = "IntelliType Pro Scrolling Control Panel Property Page"
- -> {HKLM...CLSID} = "IntelliType Pro Scrolling Property Page"
- \InProcServer32\(Default) = "c:\Program Files\Microsoft IntelliType Pro\itcplwhl.dll" [MS]
- "{97FA8AA2-EE77-4FF2-9449-424D8924EF21}" = "IntelliType Pro Zooming Control Panel Property Page"
- -> {HKLM...CLSID} = "IntelliType Pro Zooming Property Page"
- \InProcServer32\(Default) = "c:\Program Files\Microsoft IntelliType Pro\itcplzm.dll" [MS]
- "{1825D0FA-5B0C-4e20-A929-3EFD15B6DF71}" = "IntelliType Pro Touchpad Control Property Page"
- -> {HKLM...CLSID} = "IntelliType Pro Touchpad Control Property Page"
- \InProcServer32\(Default) = "c:\Program Files\Microsoft IntelliType Pro\itcpltp.dll" [MS]
- "{A2569D1F-4E06-43EC-9825-0088B471BE47}" = "IntelliType Pro Wireless Control Panel Property Page"
- -> {HKLM...CLSID} = "IntelliType Pro Wireless Control Panel Property Page"
- \InProcServer32\(Default) = "c:\Program Files\Microsoft IntelliType Pro\itcplwir.dll" [MS]
- "{C1051DD2-472F-4B24-B47A-06769096CE34}" = "Easeus ShellFolder!"
- -> {HKLM...CLSID} = "Easeus ShellFolder!"
- \InProcServer32\(Default) = "C:\Program Files (x86)\EASEUS\Todo Backup\bin\x64\ImageSh.dll" ["CHENGDU YIWO Tech Development Co.,Ltd"]
- "{1558C2A3-E0E5-4d16-89B2-7E894BD8F350}" = "Spyware Terminator 64bit Context Menu Extension"
- -> {HKLM...CLSID} = "Spyware Terminator 64bit Context Menu Extension"
- \InProcServer32\(Default) = "C:\PROGRA~2\SPYWAR~2\SPTCON~2.DLL" [null data]
- HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
- <<!>> ("livessp" [MS]) "Security Packages" = "kerberos"|"msv1_0"|"schannel"|"wdigest"|"tspkg"|"pku2u"|"livessp"
- HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
- <<!>> "BootExecute" = "autocheck autochk *"| [file not found]
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\
- {F8A0B131-5F68-486c-8040-7E8FC3C85BB6}\(Default) = "WLIDCredentialProvider"
- -> {HKLM...CLSID} = "WLIDCredentialProvider"
- \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL" [MS]
- HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
- <<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
- -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
- \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]
- HKCU\Software\Classes\*\shellex\ContextMenuHandlers\
- DropboxExt\(Default) = "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
- -> {HKCU...CLSID} = "DropboxExt"
- \InProcServer32\(Default) = "C:\Users\Freestyle Dust\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll" ["Dropbox, Inc."]
- HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
- avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
- -> {HKLM...CLSID} = "avast"
- \InProcServer32\(Default) = "C:\Program Files\AVAST Software\Avast\ashShA64.dll" ["AVAST Software"]
- LockHunterShellExt\(Default) = "{0BB27CDA-7029-4C0E-9C56-D922B229F0EB}"
- -> {HKLM...CLSID} = "LockHunterShellExtensionHandler Class"
- \InProcServer32\(Default) = "C:\Program Files\LockHunter\LHShellExt.dll" ["TODO: <Company name>"]
- Notepad++64\(Default) = "{B298D29A-A6ED-11DE-BA8C-A68E55D89593}"
- -> {HKLM...CLSID} = "Notepad++64"
- \InProcServer32\(Default) = "C:\Program Files (x86)\Notepad++\NppShell_04.dll" [null data]
- SptContmenu64\(Default) = "{1558C2A3-E0E5-4d16-89B2-7E894BD8F350}"
- -> {HKLM...CLSID} = "Spyware Terminator 64bit Context Menu Extension"
- \InProcServer32\(Default) = "C:\PROGRA~2\SPYWAR~2\SPTCON~2.DLL" [null data]
- WinRAR\(Default) = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"
- -> {HKLM...CLSID} = "WinRAR"
- \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
- {CA8ACAFA-5FBB-467B-B348-90DD488DE003}\(Default) = "SUPERAntiSpyware Context Menu"
- -> {HKLM...CLSID} = "SASContextMenu Class"
- \InProcServer32\(Default) = "C:\Program Files\SUPERAntiSpyware\SASCTXMN64.DLL" ["SUPERAntiSpyware.com"]
- HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
- 00avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
- -> {HKLM...CLSID} = "avast"
- \InProcServer32\(Default) = "C:\Program Files\AVAST Software\Avast\ashShA64.dll" ["AVAST Software"]
- MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
- -> {HKLM...CLSID} = "MBAMShlExt Class"
- \InProcServer32\(Default) = "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll" [file not found]
- HKCU\Software\Classes\Directory\shellex\ContextMenuHandlers\
- DropboxExt\(Default) = "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
- -> {HKCU...CLSID} = "DropboxExt"
- \InProcServer32\(Default) = "C:\Users\Freestyle Dust\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll" ["Dropbox, Inc."]
- HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
- LockHunterShellExt\(Default) = "{0BB27CDA-7029-4C0E-9C56-D922B229F0EB}"
- -> {HKLM...CLSID} = "LockHunterShellExtensionHandler Class"
- \InProcServer32\(Default) = "C:\Program Files\LockHunter\LHShellExt.dll" ["TODO: <Company name>"]
- SptContmenu64\(Default) = "{1558C2A3-E0E5-4d16-89B2-7E894BD8F350}"
- -> {HKLM...CLSID} = "Spyware Terminator 64bit Context Menu Extension"
- \InProcServer32\(Default) = "C:\PROGRA~2\SPYWAR~2\SPTCON~2.DLL" [null data]
- UltraISO\(Default) = "{AD392E40-428C-459F-961E-9B147782D099}"
- -> {HKLM...CLSID} = "UIContextMenu Class"
- \InProcServer32\(Default) = "C:\Program Files (x86)\UltraISO\isoshl64.dll" ["EZB Systems, Inc."]
- WinRAR\(Default) = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"
- -> {HKLM...CLSID} = "WinRAR"
- \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
- {CA8ACAFA-5FBB-467B-B348-90DD488DE003}\(Default) = "SUPERAntiSpyware Context Menu"
- -> {HKLM...CLSID} = "SASContextMenu Class"
- \InProcServer32\(Default) = "C:\Program Files\SUPERAntiSpyware\SASCTXMN64.DLL" ["SUPERAntiSpyware.com"]
- HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\
- FileZilla3CopyHook\(Default) = "{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}"
- -> {HKLM...CLSID} = "FileZilla 3 Shell Extension"
- \InProcServer32\(Default) = "C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll" [null data]
- HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\
- WinRAR\(Default) = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"
- -> {HKLM...CLSID} = "WinRAR"
- \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
- HKCU\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
- DropboxExt\(Default) = "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
- -> {HKCU...CLSID} = "DropboxExt"
- \InProcServer32\(Default) = "C:\Users\Freestyle Dust\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll" ["Dropbox, Inc."]
- HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\
- ACE\(Default) = "{5E2121EE-0300-11D4-8D3B-444553540000}"
- -> {HKLM...CLSID} = "SimpleShlExt Class"
- \InProcServer32\(Default) = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll" ["Advanced Micro Devices, Inc."]
- HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
- avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
- -> {HKLM...CLSID} = "avast"
- \InProcServer32\(Default) = "C:\Program Files\AVAST Software\Avast\ashShA64.dll" ["AVAST Software"]
- MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
- -> {HKLM...CLSID} = "MBAMShlExt Class"
- \InProcServer32\(Default) = "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll" [file not found]
- RUShellExt\(Default) = "{2C5515DC-2A7E-4BFD-B813-CACC2B685EB7}"
- -> {HKLM...CLSID} = "RUShellExt Class"
- \InProcServer32\(Default) = "C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll" ["VS Revo Group"]
- SptContmenu64\(Default) = "{1558C2A3-E0E5-4d16-89B2-7E894BD8F350}"
- -> {HKLM...CLSID} = "Spyware Terminator 64bit Context Menu Extension"
- \InProcServer32\(Default) = "C:\PROGRA~2\SPYWAR~2\SPTCON~2.DLL" [null data]
- UltraISO\(Default) = "{AD392E40-428C-459F-961E-9B147782D099}"
- -> {HKLM...CLSID} = "UIContextMenu Class"
- \InProcServer32\(Default) = "C:\Program Files (x86)\UltraISO\isoshl64.dll" ["EZB Systems, Inc."]
- WinRAR\(Default) = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"
- -> {HKLM...CLSID} = "WinRAR"
- \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
- HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\
- WinRAR\(Default) = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"
- -> {HKLM...CLSID} = "WinRAR"
- \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
- Default executables:
- --------------------
- HKLM\SOFTWARE\Classes\.hta\(Default) = "htafile"
- <<!>> HKLM\SOFTWARE\Classes\htafile\shell\open\command\(Default) = "C:\Windows\SysWOW64\mshta.exe "%1" %*" [MS]
- Group Policies {GPedit.msc branch and setting}:
- -----------------------------------------------
- Note: detected settings may not have any effect.
- HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
- "NoDrives" = (REG_DWORD) dword:0x00000000
- {unrecognized setting}
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\
- "NoDrives" = (REG_DWORD) dword:0x00000000
- {unrecognized setting}
- HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
- "disableregistrytools" = (REG_DWORD) dword:0x00000000
- {User Configuration|Administrative Templates|System|
- Prevent access to registry editing tools}
- HKCU\Software\Policies\Microsoft\Windows\System\
- "disablecmd" = (REG_DWORD) dword:0x00000000
- {User Configuration|Administrative Templates|System|
- Prevent access to the command prompt}
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
- "ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000000
- {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
- User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}
- "EnableLUA" = (REG_DWORD) dword:0x00000000
- {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
- User Account Control: Run All Administrators In Admin Approval Mode}
- "PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000000
- {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
- User Account Control: Switch to the secure desktop when prompting for elevation}
- "DisableRegistryTools" = (REG_DWORD) dword:0x00000000
- {unrecognized setting}
- Active Desktop and Wallpaper:
- -----------------------------
- Active Desktop may be disabled at this entry:
- HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
- Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
- HKCU\Control Panel\Desktop\
- "Wallpaper" = "C:\Users\Freestyle Dust\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg"
- Windows Portable Device AutoPlay Handlers
- -----------------------------------------
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
- MSLivePhotoAcquireDropHandler\
- "Provider" = "@%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10"
- "InvokeProgID" = "Microsoft.LivePhotoAcqDTShim.1"
- "InvokeVerb" = "open"
- HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = "{00F33137-EE26-412F-8D71-F84E4C2C6625}"
- -> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"
- \InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll" [MS]
- MSLiveShowPicturesOnArrival\
- "Provider" = "@%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10"
- "InvokeProgID" = "Microsoft.Photos.LiveAutoplayShim.1"
- "InvokeVerb" = "open"
- HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = "{00F30F90-3E96-453B-AFCD-D71989ECC2C7}"
- -> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"
- \InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll" [MS]
- MSPlayCDAudioOnArrival\
- "Provider" = "@wmploc.dll,-6502"
- "InvokeProgID" = "WMP.AudioCD"
- "InvokeVerb" = "play"
- HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L"" [MS]
- MSPlayDVDMovieOnArrival\
- "Provider" = "@wmploc.dll,-6502"
- "InvokeProgID" = "WMP.DVD"
- "InvokeVerb" = "play"
- HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L"" [MS]
- MSPlaySuperVideoCDMovieOnArrival\
- "Provider" = "@wmploc.dll,-6502"
- "InvokeProgID" = "WMP.VCD"
- "InvokeVerb" = "play"
- HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L"" [MS]
- MSPlayVideoCDMovieOnArrival\
- "Provider" = "@wmploc.dll,-6502"
- "InvokeProgID" = "WMP.VCD"
- "InvokeVerb" = "play"
- HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L"" [MS]
- MSWMPBurnCDOnArrival\
- "Provider" = "@wmploc.dll,-6502"
- "InvokeProgID" = "WMP.BurnCD"
- "InvokeVerb" = "Burn"
- HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L"" [MS]
- WIA_{F1B46CDD-0438-49B4-96C4-2AEBFE1D6621}\
- "Provider" = "Microsoft Office Word"
- "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
- "InitCmdLine" = "/WiaCmd;C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE /IMG_WIA;"
- -> {HKLM...CLSID} = "WPDShextAutoplay"
- \LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]
- Startup items in "Freestyle Dust" & "All Users" startup folders:
- ----------------------------------------------------------------
- C:\Users\Freestyle Dust\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
- "Dropbox" -> shortcut to: "C:\Users\Freestyle Dust\AppData\Roaming\Dropbox\bin\Dropbox.exe" ["Dropbox, Inc."]
- Windows Sidebar Gadgets:
- ------------------------
- C:\Users\Freestyle Dust\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
- "C:%5CProgram%20Files%5CWindows%20Sidebar%5CShared%20Gadgets%5CaswSidebar.gadget"
- Non-disabled Scheduled Tasks:
- -----------------------------
- C:\Windows\System32\Tasks
- "Microsoft_Hardware_Launch_IType_exe" -> (HIDDEN!) launches: "c:\Program Files\Microsoft IntelliType Pro\IType.exe" [MS]
- "User_Feed_Synchronization-{2356A7FA-44A5-4580-9A43-2B84F3A19DC3}" -> (HIDDEN!) launches: "C:\Windows\system32\msfeedssync.exe sync" [MS]
- C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
- "AD RMS Rights Policy Template Management (Manual)" -> launches: "{BF5CB148-7C77-4d8a-A53E-D81C70CF743C}"
- -> {HKLM...CLSID} = "AD RMS Rights Policy Template Management (Manual) Task Handler"
- \InProcServer32\(Default) = "C:\Windows\system32\msdrm.dll" [MS]
- C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
- "AitAgent" -> launches: "aitagent" [MS]
- "ProgramDataUpdater" -> launches: "%windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate" [MS]
- C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
- "Proxy" -> launches: "%windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations" [MS]
- C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
- "UninstallDeviceTask" -> launches: "BthUdTask.exe $(Arg0)" [MS]
- C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
- "SystemTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
- -> {HKLM...CLSID} = "Certificate Services Client Task Handler"
- \InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]
- "UserTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
- -> {HKLM...CLSID} = "Certificate Services Client Task Handler"
- \InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]
- C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
- "Consolidator" -> launches: "%SystemRoot%\System32\wsqmcons.exe" [MS]
- "KernelCeipTask" -> (HIDDEN!) launches: "{e7ed314f-2816-4c26-aeb5-54a34d02404c}"
- -> {HKLM...CLSID} = "KernelCeipCustomHandler"
- \InProcServer32\(Default) = "C:\Windows\System32\kernelceip.dll" [MS]
- "UsbCeip" -> (HIDDEN!) launches: "{c27f6b1d-fe0b-45e4-9257-38799fa69bc8}"
- -> {HKLM...CLSID} = "UsbCeip"
- \InProcServer32\(Default) = "C:\Windows\System32\usbceip.dll" [MS]
- C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
- "ScheduledDefrag" -> launches: "%windir%\system32\defrag.exe -c" [MS]
- C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
- "Scheduled" -> (HIDDEN!) launches: "{c1f85ef8-bcc2-4606-bb39-70c523715eb3}"
- -> {HKLM...CLSID} = "ScheduledDiagnosticCustomHandler"
- \InProcServer32\(Default) = "C:\Windows\System32\sdiagschd.dll" [MS]
- C:\Windows\System32\Tasks\Microsoft\Windows\Location
- "Notifications" -> launches: "%windir%\System32\LocationNotifications.exe" [MS]
- C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
- "WinSAT" -> launches: "{A9A33436-678B-4C9C-A211-7CC38785E79D}"
- -> {HKLM...CLSID} = "WinSAT Task Manger Task"
- \InProcServer32\(Default) = "C:\Windows\system32\WinSATAPI.dll" [MS]
- C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
- "ActivateWindowsSearch" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch" [MS]
- "ConfigureInternetTimeService" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService" [MS]
- "DispatchRecoveryTasks" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)" [MS]
- "ehDRMInit" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DRMInit" [MS]
- "InstallPlayReady" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)" [MS]
- "mcupdate" -> launches: "%SystemRoot%\ehome\mcupdate $(Arg0)" [MS]
- "MediaCenterRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask" [MS]
- "ObjectStoreRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask" [MS]
- "OCURActivate" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate" [MS]
- "OCURDiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)" [MS]
- "PBDADiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery" [MS]
- "PBDADiscoveryW1" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery" [MS]
- "PBDADiscoveryW2" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery" [MS]
- "PvrRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask" [MS]
- "PvrScheduleTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -PvrSchedule" [MS]
- "RegisterSearch" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)" [MS]
- "ReindexSearchRoot" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot" [MS]
- "SqlLiteRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask" [MS]
- "UpdateRecordPath" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)" [MS]
- C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
- "CorruptionDetector" -> (HIDDEN!) launches: "{190BA3F6-0205-4f46-B589-95C6822899D2}"
- -> {HKLM...CLSID} = "MemoryDiagnosticCustomHandler"
- \InProcServer32\(Default) = "C:\Windows\System32\memdiag.dll" [MS]
- "DecompressionFailureDetector" -> (HIDDEN!) launches: "{190BA3F6-0205-4f46-B589-95C6822899D2}"
- -> {HKLM...CLSID} = "MemoryDiagnosticCustomHandler"
- \InProcServer32\(Default) = "C:\Windows\System32\memdiag.dll" [MS]
- C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
- "HotStart" -> launches: "{06DA0625-9701-43da-BFD7-FBEEA2180A1E}"
- -> {HKLM...CLSID} = "HotStart User Agent"
- \InProcServer32\(Default) = "C:\Windows\System32\HotStartUserAgent.dll" [MS]
- C:\Windows\System32\Tasks\Microsoft\Windows\MUI
- "LPRemove" -> launches: "%windir%\system32\lpremove.exe" [MS]
- C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
- "SystemSoundsService" -> launches: "{2DEA658F-54C1-4227-AF9B-260AB5FC3543}"
- -> {HKLM...CLSID} = "Microsoft PlaySoundService Class"
- \InProcServer32\(Default) = "C:\Windows\System32\PlaySndSrv.dll" [MS]
- C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
- "AnalyzeSystem" -> launches: "%SystemRoot%\System32\powercfg.exe -energy -auto" [MS]
- C:\Windows\System32\Tasks\Microsoft\Windows\RAC
- "RacTask" -> (HIDDEN!) launches: "{42060D27-CA53-41f5-96E4-B1E8169308A6}"
- -> {HKLM...CLSID} = "ReliabilityAnalysisCustomHandler"
- \InProcServer32\(Default) = "C:\Windows\system32\RacEngn.dll" [MS]
- C:\Windows\System32\Tasks\Microsoft\Windows\Ras
- "MobilityManager" -> launches: "{c463a0fc-794f-4fdf-9201-01938ceacafa}"
- -> {HKLM...CLSID} = "RasMobilityManager"
- \InProcServer32\(Default) = "C:\Windows\system32\rasmbmgr.dll" [MS]
- C:\Windows\System32\Tasks\Microsoft\Windows\Registry
- "RegIdleBackup" -> (HIDDEN!) launches: "{ca767aa8-9157-4604-b64b-40747123d5f2}"
- -> {HKLM...CLSID} = "RegistryIdleBackupHandler"
- \InProcServer32\(Default) = "C:\Windows\System32\regidle.dll" [MS]
- C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
- "RemoteAssistanceTask" -> (HIDDEN!) launches: "%windir%\system32\RAServer.exe /offerraupdate" [MS]
- C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
- "GadgetManager" -> launches: "{FF87090D-4A9A-4f47-879B-29A80C355D61}"
- -> {HKLM...CLSID} = "GadgetsManager Class"
- \InProcServer32\(Default) = "C:\Windows\System32\AuxiliaryDisplayServices.dll" [MS]
- C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
- "SR" -> launches: "%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation" [MS]
- C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
- "Interactive" -> (HIDDEN!) launches: "{855fec53-d2e4-4999-9e87-3414e9cf0ff4}"
- -> {HKLM...CLSID} = "RunTask"
- \InProcServer32\(Default) = "C:\Windows\system32\wdc.dll" [MS]
- C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
- "IpAddressConflict1" -> launches: "%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem" [MS]
- "IpAddressConflict2" -> launches: "%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem" [MS]
- C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
- "MsCtfMonitor" -> (HIDDEN!) launches: "{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}"
- -> {HKLM...CLSID} = "MsCtfMonitor task handler"
- \InProcServer32\(Default) = "C:\Windows\system32\MsCtfMonitor.dll" [MS]
- C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
- "SynchronizeTime" -> launches: "%windir%\system32\sc.exe start w32time task_started" [MS]
- C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
- "UPnPHostConfig" -> launches: "sc.exe config upnphost start= auto" [MS]
- C:\Windows\System32\Tasks\Microsoft\Windows\WDI
- "ResolutionHost" -> (HIDDEN!) launches: "{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}"
- -> {HKLM...CLSID} = "DiagnosticInfrastructureCustomHandler"
- \InProcServer32\(Default) = "C:\Windows\System32\wdi.dll" [MS]
- C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies
- "ValidationTask" -> (HIDDEN!) launches: "%SystemRoot%\system32\Wat\WatAdminSvc.exe /run" [MS]
- "ValidationTaskDeadline" -> (HIDDEN!) launches: "%SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"" [MS]
- C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
- "QueueReporting" -> launches: "%windir%\system32\wermgr.exe -queuereporting" [MS]
- C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
- "BfeOnServiceStartTypeChange" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange" [MS]
- C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
- "ConfigNotification" -> launches: "%systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION" [MS]
- C:\Windows\System32\Tasks\WPD
- "SqmUpload_S-1-5-21-2605978935-3684104221-935809672-1001" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe portabledeviceapi.dll,#1" [MS]
- Winsock2 Service Provider DLLs:
- -------------------------------
- Namespace Service Providers
- HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
- 000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]
- 000000000002\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]
- 000000000003\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
- 000000000004\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
- 000000000005\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
- 000000000006\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
- 000000000007\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]
- 000000000008\LibraryPath = "C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL" [MS]
- 000000000009\LibraryPath = "C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL" [MS]
- Transport Service Providers
- HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
- 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
- %SystemRoot%\system32\mswsock.dll [MS], 01 - 11
- Toolbars, Explorer Bars, Extensions:
- ------------------------------------
- Toolbars
- HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
- "{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}" = (no title provided)
- -> {HKLM...CLSID} = "avast! WebRep"
- \InProcServer32\(Default) = "C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll" [null data]
- Running Services (Display Name, Service Name, Path {Service DLL}):
- ------------------------------------------------------------------
- Adobe Acrobat Update Service, AdobeARMservice, ""C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"" ["Adobe Systems Incorporated"]
- AMD External Events Utility, AMD External Events Utility, "C:\Windows\system32\atiesrxx.exe" ["AMD"]
- AMD FUEL Service, AMD FUEL Service, "C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /launchService" ["Advanced Micro Devices, Inc."]
- Apache2.2, Apache2.2, ""c:\xampp\apache\bin\httpd.exe" -k runservice" ["Apache Software Foundation"]
- avast! Antivirus, avast! Antivirus, ""C:\Program Files\AVAST Software\Avast\AvastSvc.exe"" ["AVAST Software"]
- EASEUS Agent, EASEUS Agent, "C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe" ["CHENGDU YIWO Tech Development Co., Ltd"]
- mysql, mysql, "c:\xampp\mysql\bin\mysqld.exe --defaults-file=c:\xampp\mysql\bin\my.ini mysql" [null data]
- PC Tools Firewall Plus, PCToolsFirewallPlus, "C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe" ["PC Tools"]
- SAS Core Service, !SASCORE, ""C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"" ["SUPERAntiSpyware.com"]
- Spyware Terminator Realtime Shield Service, sp_rssrv, ""C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe"" ["Crawler.com"]
- Windows Live ID Sign-in Assistant, wlidsvc, ""C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"" [MS]
- Safe Mode Drivers & Services (subkey name, subkey default value):
- -----------------------------------------------------------------
- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\
- <<!>> !SASCORE, (null value)
- HKLM\System\CurrentControlSet\Control\SafeBoot\Network\
- <<!>> !SASCORE, (null value)
- <<!>> hitmanpro35, (null value)
- <<!>> hitmanpro35.sys, (null value)
- <<!>> HitmanPro35Crusader, (null value)
- ---------- (launch time: 2011-07-29 23:54:02)
- <<!>>: Suspicious data at a malware launch point.
- + This report excludes default entries except where indicated.
- + To see *everywhere* the script checks and *everything* it finds,
- launch it from a command prompt or a shortcut with the -all parameter.
- + To search all directories of local fixed drives for DESKTOP.INI
- DLL launch points, use the -supp parameter or answer "No" at the
- first message box and "Yes" at the second message box.
- ---------- (total run time: 80 seconds, including 34 seconds for message boxes)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement