API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 24th, 2017
808
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 57.79 KB | None | 0 0
raw download clone embed print report
  1. "Silent Runners.vbs", revision 71, http://www.silentrunners.org/
  2. Operating System: Microsoft Windows 10 Pro (64-bit), Version 1703
  3. Output limited to non-default values, except where indicated by "{++}"
  4.  
  5.  
  6. Startup items buried in registry:
  7. ---------------------------------
  8.  
  9. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
  10. OneDrive = "C:\Users\bgrze\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [MS]
  11. f.lux = "C:\Users\bgrze\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow [Flux Software LLC]
  12. Steam = "D:\Steam\steam.exe" -silent [Valve Corporation]
  13. Discord = C:\Users\bgrze\AppData\Local\Discord\app-0.0.298\Discord.exe [Discord Inc.]
  14. CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [Piriform Ltd]
  15. GalaxyClient = D:\Gry\GOG Galaxy\GalaxyClient.exe /launchViaAutoStart [GOG.com]
  16. MiPhoneManager = "C:\Users\bgrze\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe" [null data]
  17.  
  18. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
  19. SecurityHealth = C:\Program Files\Windows Defender\MSASCuiL.exe
  20. RTHDVCPL = "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s [Realtek Semiconductor]
  21. AdobeAAMUpdater-1.0 = "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [Adobe Systems Incorporated]
  22. XboxStat = "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [MS]
  23. AdAwareTray = "C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareTray.exe" [adaware]
  24.  
  25. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}
  26. Immunet Protect = "C:\Program Files\Immunet\6.0.6\iptray.exe" [Immunet]
  27. Razer Imperator Driver = C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe [Razer USA Ltd]
  28. LogMeIn Hamachi Ui = "D:\Programy\Hamachi\hamachi-2-ui.exe" --auto-start [LogMeIn Inc.]
  29.  
  30. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
  31.  
  32. OneDrive6\(Default) = {9AA2F32D-362A-42D9-9328-24A483E2CCC3}
  33. -> {HKCU...CLSID} = ReadOnlyOverlayHandler Class
  34. \InProcServer32\(Default) = C:\Users\bgrze\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileSyncShell64.dll [MS]
  35.  
  36. EldosIconOverlay-cbfs6\(Default) = {384C8B1A-AA4E-4EBB-BF07-375123BDCCCD}
  37. -> {HKLM...CLSID} = VSMntNtfOverlayIcon Class
  38. \InProcServer32\(Default) = C:\WINDOWS\system32\cbfsMntNtf6.dll [/n software, Inc.]
  39.  
  40. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
  41.  
  42. OneDrive6\(Default) = {9AA2F32D-362A-42D9-9328-24A483E2CCC3}
  43. -> {HKCU...Wow...CLSID} = ReadOnlyOverlayHandler Class
  44. \InProcServer32\(Default) = C:\Users\bgrze\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\FileSyncShell.dll [MS]
  45.  
  46. EldosIconOverlay-cbfs6\(Default) = {384C8B1A-AA4E-4EBB-BF07-375123BDCCCD}
  47. -> {HKLM...Wow...CLSID} = VSMntNtfOverlayIcon Class
  48. \InProcServer32\(Default) = C:\WINDOWS\SysWOW64\cbfsMntNtf6.dll [/n software, Inc.]
  49.  
  50. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\
  51.  
  52. {29719B01-1E78-4989-A847-FE24ECE23992}
  53. -> {HKLM...CLSID} = Virtual Storage Mount Notification
  54. \InProcServer32\(Default) = C:\WINDOWS\system32\cbfsMntNtf6.dll [/n software, Inc.]
  55.  
  56. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\
  57.  
  58. {29719B01-1E78-4989-A847-FE24ECE23992}
  59. -> {HKLM...Wow...CLSID} = Virtual Storage Mount Notification
  60. \InProcServer32\(Default) = C:\WINDOWS\SysWOW64\cbfsMntNtf6.dll [/n software, Inc.]
  61.  
  62. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
  63.  
  64. {09A47860-11B0-4DA5-AFA5-26D86198A780} = EPP
  65. -> {HKLM...CLSID} = (no title provided)
  66. \InProcServer32\(Default) = C:\Program Files\Windows Defender\ShellExt.dll [MS]
  67.  
  68. {A70C977A-BF00-412C-90B7-034C51DA2439} = NvCpl DesktopContext Class
  69. -> {HKLM...CLSID} = DesktopContext Class
  70. \InProcServer32\(Default) = C:\Program Files\NVIDIA Corporation\Display\nvui.dll [NVIDIA Corporation]
  71.  
  72. {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} = NVIDIA Play On My TV Context Menu Extension
  73. -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension
  74. \InProcServer32\(Default) = C:\WINDOWS\system32\nvshext.dll [NVIDIA Corporation]
  75.  
  76. {A929C4CE-FD36-4270-B4F5-34ECAC5BD63C} = NvAppShExt extension
  77. -> {HKLM...CLSID} = NvAppShExt Class
  78. \InProcServer32\(Default) = C:\WINDOWS\system32\nv3dappshext.dll [NVIDIA Corporation]
  79.  
  80. {E97DEC16-A50D-49bb-AE24-CF682282E08D} = OpenGLShExt extension
  81. -> {HKLM...CLSID} = OpenGLShExt Class
  82. \InProcServer32\(Default) = C:\WINDOWS\system32\nv3dappshext.dll [NVIDIA Corporation]
  83.  
  84. {c5aec3ec-e812-4677-a9a7-4fee1f9aa000} = Icaros Thumbnail Provider
  85. -> {HKLM...CLSID} = Icaros Thumbnail Provider
  86. \InProcServer32\(Default) = C:\Program Files (x86)\K-Lite Codec Pack\Icaros\64-bit\IcarosThumbnailProvider.dll [Tabibito Technology]
  87.  
  88. {0C08E3BB-D10B-4CC9-B1B3-701F5BE9D6EC} = Icaros Property Handler
  89. -> {HKLM...CLSID} = Icaros Property Handler
  90. \InProcServer32\(Default) = C:\Program Files (x86)\K-Lite Codec Pack\Icaros\64-bit\IcarosPropertyHandler.dll [Tabibito Technology]
  91.  
  92. {AD392E40-428C-459F-961E-9B147782D099} = UltraISO
  93. -> {HKLM...CLSID} = UIContextMenu Class
  94. \InProcServer32\(Default) = C:\Program Files (x86)\UltraISO\isoshl64.dll [EZB Systems, Inc.]
  95.  
  96. {AE424E85-F6DF-4910-A6A9-438797986431} = OpenOffice Property Handler
  97. -> {HKLM...CLSID} = OpenOffice Property Handler
  98. \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll [Apache Software Foundation]
  99.  
  100. {29719B01-1E78-4989-A847-FE24ECE23992} = Virtual Storage Mount Notification
  101. -> {HKLM...CLSID} = Virtual Storage Mount Notification
  102. \InProcServer32\(Default) = C:\WINDOWS\system32\cbfsMntNtf6.dll [/n software, Inc.]
  103.  
  104. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
  105.  
  106. {c5aec3ec-e812-4677-a9a7-4fee1f9aa000} = Icaros Thumbnail Provider
  107. -> {HKLM...Wow...CLSID} = Icaros Thumbnail Provider
  108. \InProcServer32\(Default) = C:\Program Files (x86)\K-Lite Codec Pack\Icaros\32-bit\IcarosThumbnailProvider.dll [Tabibito Technology]
  109.  
  110. {0C08E3BB-D10B-4CC9-B1B3-701F5BE9D6EC} = Icaros Property Handler
  111. -> {HKLM...Wow...CLSID} = Icaros Property Handler
  112. \InProcServer32\(Default) = C:\Program Files (x86)\K-Lite Codec Pack\Icaros\32-bit\IcarosPropertyHandler.dll [Tabibito Technology]
  113.  
  114. {B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR shell extension
  115. -> {HKLM...Wow...CLSID} = WinRAR
  116. \InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext.dll [Alexander Roshal]
  117.  
  118. {AE424E85-F6DF-4910-A6A9-438797986431} = OpenOffice Property Handler
  119. -> {HKLM...Wow...CLSID} = OpenOffice Property Handler
  120. \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl.dll [Apache Software Foundation]
  121.  
  122. {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} = OpenOffice Column Handler
  123. -> {HKLM...Wow...CLSID} = (no title provided)
  124. \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl.dll [Apache Software Foundation]
  125.  
  126. {087B3AE3-E237-4467-B8DB-5A38AB959AC9} = OpenOffice Infotip Handler
  127. -> {HKLM...Wow...CLSID} = (no title provided)
  128. \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl.dll [Apache Software Foundation]
  129.  
  130. {63542C48-9552-494A-84F7-73AA6A7C99C1} = OpenOffice Property Sheet Handler
  131. -> {HKLM...Wow...CLSID} = (no title provided)
  132. \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl.dll [Apache Software Foundation]
  133.  
  134. {3B092F0C-7696-40E3-A80F-68D74DA84210} = OpenOffice Thumbnail Viewer
  135. -> {HKLM...Wow...CLSID} = (no title provided)
  136. \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl.dll [Apache Software Foundation]
  137.  
  138. {00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided)
  139. -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
  140. \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
  141.  
  142. {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim
  143. -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Shim
  144. \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
  145.  
  146. {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim
  147. -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Editor Shim
  148. \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
  149.  
  150. {00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim
  151. -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
  152. \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
  153.  
  154. {29719B01-1E78-4989-A847-FE24ECE23992} = Virtual Storage Mount Notification
  155. -> {HKLM...Wow...CLSID} = Virtual Storage Mount Notification
  156. \InProcServer32\(Default) = C:\WINDOWS\SysWOW64\cbfsMntNtf6.dll [/n software, Inc.]
  157.  
  158. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
  159.  
  160. <<!>> {29719B01-1E78-4989-A847-FE24ECE23992} = Virtual Storage Mount Notification
  161. -> {HKLM...CLSID} = Virtual Storage Mount Notification
  162. \InProcServer32\(Default) = C:\WINDOWS\system32\cbfsMntNtf6.dll [/n software, Inc.]
  163.  
  164. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
  165.  
  166. <<!>> {29719B01-1E78-4989-A847-FE24ECE23992} = Virtual Storage Mount Notification
  167. -> {HKLM...Wow...CLSID} = Virtual Storage Mount Notification
  168. \InProcServer32\(Default) = C:\WINDOWS\SysWOW64\cbfsMntNtf6.dll [/n software, Inc.]
  169.  
  170. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
  171.  
  172. EldosMountNotificator-cbfs6 = {29719B01-1E78-4989-A847-FE24ECE23992}
  173. -> {HKLM...CLSID} = Virtual Storage Mount Notification
  174. \InProcServer32\(Default) = C:\WINDOWS\system32\cbfsMntNtf6.dll [/n software, Inc.]
  175.  
  176. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
  177.  
  178. EldosMountNotificator-cbfs6 = {29719B01-1E78-4989-A847-FE24ECE23992}
  179. -> {HKLM...Wow...CLSID} = Virtual Storage Mount Notification
  180. \InProcServer32\(Default) = C:\WINDOWS\SysWOW64\cbfsMntNtf6.dll [/n software, Inc.]
  181.  
  182. HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
  183. <<!>> ("" [file not found]) Security Packages = ""
  184.  
  185. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\
  186. {169EBF44-942F-4C43-87CE-13C93996EBBE}\DllName = AppManagementConfiguration.dll [MS]
  187. {2A8FDC61-2347-4C87-92F6-B05EB91A201A}\DllName = C:\Windows\System32\gpprefcl.dll [MS]
  188. {2BFCC077-22D2-48DE-BDE1-2F618D9B476D}\DllName = AppManagementConfiguration.dll [MS]
  189. {4B7C3B0F-E993-4E06-A241-3FBE06943684}\DllName = C:\Windows\System32\gpprefcl.dll [MS]
  190. {9650FDBC-053A-4715-AD14-FC2DC65E8330}\DllName = hvsigpext.dll [null data]
  191. {F312195E-3D9D-447A-A3F5-08DFFA24735E}\DllName = dggpext.dll [MS]
  192. {FC491EF1-C4AA-4CE1-B329-414B101DB823}\DllName = dggpext.dll [MS]
  193.  
  194. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\
  195. {2A8FDC61-2347-4C87-92F6-B05EB91A201A}\DllName = C:\Windows\SysWOW64\gpprefcl.dll [MS]
  196. {4B7C3B0F-E993-4E06-A241-3FBE06943684}\DllName = C:\Windows\SysWOW64\gpprefcl.dll [MS]
  197.  
  198. HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
  199.  
  200. WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
  201. -> {HKLM...CLSID} = WinRAR
  202. \InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext64.dll [Alexander Roshal]
  203.  
  204. WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
  205. -> {HKLM...Wow...CLSID} = WinRAR
  206. \InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext.dll [Alexander Roshal]
  207.  
  208. {73C0B1F1-F242-4213-944E-31584749AB2C}\(Default) = (no title provided)
  209. -> {HKLM...CLSID} = Immunet Protect Context Menu Handler
  210. \InProcServer32\(Default) = C:\Program Files\Immunet\6.0.6\dcm.dll [Immunet Corporation]
  211.  
  212. HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
  213.  
  214. AdAwareContextMenu\(Default) = {5B64240D-5B36-4B9F-A75F-4925B6A53D5B}
  215. -> {HKLM...CLSID} = AdAwareContextMenu Class
  216. \InProcServer32\(Default) = C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareShellExtension.dll [adaware]
  217.  
  218. HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
  219.  
  220. UltraISO\(Default) = {AD392E40-428C-459F-961E-9B147782D099}
  221. -> {HKLM...CLSID} = UIContextMenu Class
  222. \InProcServer32\(Default) = C:\Program Files (x86)\UltraISO\isoshl64.dll [EZB Systems, Inc.]
  223.  
  224. {73C0B1F1-F242-4213-944E-31584749AB2C}\(Default) = (no title provided)
  225. -> {HKLM...CLSID} = Immunet Protect Context Menu Handler
  226. \InProcServer32\(Default) = C:\Program Files\Immunet\6.0.6\dcm.dll [Immunet Corporation]
  227.  
  228. HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\
  229.  
  230. NvCplDesktopContext\(Default) = {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9}
  231. -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension
  232. \InProcServer32\(Default) = C:\WINDOWS\system32\nvshext.dll [NVIDIA Corporation]
  233.  
  234. HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
  235.  
  236. {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = OpenOffice Column Handler
  237. -> {HKLM...CLSID} = (no title provided)
  238. \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll [Apache Software Foundation]
  239. -> {HKLM...Wow...CLSID} = (no title provided)
  240. \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl.dll [Apache Software Foundation]
  241.  
  242. HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
  243.  
  244. PintoStartScreen\(Default) = {470C0EBD-5D73-4d58-9CED-E91E22E23282}
  245. -> {HKLM...CLSID} = Pin To Start Screen verb handler
  246. \InProcServer32\(Default) = C:\Windows\System32\appresolver.dll [MS]
  247. -> {HKLM...Wow...CLSID} = Pin To Start Screen verb handler
  248. \InProcServer32\(Default) = C:\Windows\SysWOW64\appresolver.dll [MS]
  249.  
  250. UltraISO\(Default) = {AD392E40-428C-459F-961E-9B147782D099}
  251. -> {HKLM...CLSID} = UIContextMenu Class
  252. \InProcServer32\(Default) = C:\Program Files (x86)\UltraISO\isoshl64.dll [EZB Systems, Inc.]
  253.  
  254. WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
  255. -> {HKLM...CLSID} = WinRAR
  256. \InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext64.dll [Alexander Roshal]
  257.  
  258. WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
  259. -> {HKLM...Wow...CLSID} = WinRAR
  260. \InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext.dll [Alexander Roshal]
  261.  
  262. {73C0B1F1-F242-4213-944E-31584749AB2C}\(Default) = (no title provided)
  263. -> {HKLM...CLSID} = Immunet Protect Context Menu Handler
  264. \InProcServer32\(Default) = C:\Program Files\Immunet\6.0.6\dcm.dll [Immunet Corporation]
  265.  
  266. HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\
  267.  
  268. WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
  269. -> {HKLM...CLSID} = WinRAR
  270. \InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext64.dll [Alexander Roshal]
  271.  
  272. WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
  273. -> {HKLM...Wow...CLSID} = WinRAR
  274. \InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext.dll [Alexander Roshal]
  275.  
  276.  
  277. Group Policies {GPedit.msc branch and setting}:
  278. -----------------------------------------------
  279.  
  280. Note: detected settings may not have any effect.
  281.  
  282. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\
  283.  
  284. NoRecentDocsHistory = (REG_DWORD) dword:0x00000000
  285. {unrecognized setting}
  286.  
  287. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
  288.  
  289. DSCAutomationHostEnabled = (REG_DWORD) dword:0x00000002
  290. {unrecognized setting}
  291.  
  292. EnableCursorSuppression = (REG_DWORD) dword:0x00000001
  293. {unrecognized setting}
  294.  
  295. PromptOnSecureDesktop = (REG_DWORD) dword:0x00000000
  296. {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
  297. User Account Control: Switch to the secure desktop when prompting for elevation}
  298.  
  299.  
  300. Active Desktop and Wallpaper:
  301. -----------------------------
  302.  
  303. Active Desktop may be disabled at this entry:
  304. HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
  305.  
  306. Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
  307. HKCU\Control Panel\Desktop\
  308. Wallpaper = C:\WINDOWS\web\wallpaper\Windows\img0.jpg
  309.  
  310.  
  311. Windows Portable Device AutoPlay Handlers
  312. -----------------------------------------
  313.  
  314. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
  315.  
  316. FindAppPlayDVDMovieOnArrival\
  317. Provider = @mferror.dll,-115
  318. InvokeProgID = FindApp.DVD
  319. InvokeVerb = play
  320. HKLM\SOFTWARE\Classes\FindApp.DVD\shell\play\command\(Default) = explorer "ms-windows-store://search/?query=DVD" [MS]
  321.  
  322. MPCPlayBluRayOnArrival\
  323. Provider = Media Player Classic
  324. InvokeProgID = MediaPlayerClassic.Autorun
  325. InvokeVerb = PlayBlurayMovie
  326. HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayBlurayMovie\command\(Default) = "C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe" %L\BDMV\INDEX.BDMV [MPC-HC Team]
  327.  
  328. MPCPlayCDAudioOnArrival\
  329. Provider = Media Player Classic
  330. InvokeProgID = MediaPlayerClassic.Autorun
  331. InvokeVerb = PlayCDAudio
  332. HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = "C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe" %1 /cd [MPC-HC Team]
  333.  
  334. MPCPlayDVDMovieOnArrival\
  335. Provider = Media Player Classic
  336. InvokeProgID = MediaPlayerClassic.Autorun
  337. InvokeVerb = PlayDVDMovie
  338. HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = "C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe" %1 /dvd [MPC-HC Team]
  339.  
  340. MPCPlayMusicFilesOnArrival\
  341. Provider = Media Player Classic
  342. InvokeProgID = MediaPlayerClassic.Autorun
  343. InvokeVerb = PlayMusicFiles
  344. HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = "C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe" %1 [MPC-HC Team]
  345.  
  346. MPCPlayVideoFilesOnArrival\
  347. Provider = Media Player Classic
  348. InvokeProgID = MediaPlayerClassic.Autorun
  349. InvokeVerb = PlayVideoFiles
  350. HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = "C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe" %1 [MPC-HC Team]
  351.  
  352. MSFhConfigBackup\
  353. Provider = @C:\WINDOWS\system32\fhautoplay.dll,-100
  354. InvokeProgID = FHConfig.AutoPlayHandler
  355. InvokeVerb = config
  356. HKLM\SOFTWARE\Classes\FHConfig.AutoPlayHandler\shell\config\command\(Default) = fhmanagew -autoplay [MS]
  357.  
  358. MSLiveShowPicturesOnArrival\
  359. Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
  360. InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1
  361. InvokeVerb = open
  362. HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7}
  363. -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
  364. \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]
  365.  
  366. MSPlayCDAudioOnArrival\
  367. Provider = @wmploc.dll,-6502
  368. InvokeProgID = WMP.AudioCD
  369. InvokeVerb = play
  370. HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]
  371.  
  372. MSPlayDVDMovieOnArrival\
  373. Provider = @wmploc.dll,-6502
  374. InvokeProgID = WMP.DVD
  375. InvokeVerb = play
  376. HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS]
  377.  
  378. MSPlaySuperVideoCDMovieOnArrival\
  379. Provider = @wmploc.dll,-6502
  380. InvokeProgID = WMP.VCD
  381. InvokeVerb = play
  382. HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]
  383.  
  384. MSPlayVideoCDMovieOnArrival\
  385. Provider = @wmploc.dll,-6502
  386. InvokeProgID = WMP.VCD
  387. InvokeVerb = play
  388. HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]
  389.  
  390. MSPromptEachTime\
  391. Provider = @C:\WINDOWS\system32\shell32.dll,-17411
  392. ProgID = Shell.Autoplay
  393. InitCmdLine = PromptEachTime
  394. HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Default) = {995C996E-D918-4a8c-A302-45719A6F4EA7}
  395. -> {HKLM...CLSID} = Shell Hardware Mixed Content Handler
  396. \LocalServer32\(Default) = C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS]
  397.  
  398. MSPromptEachTimeNoContent\
  399. Provider = @C:\WINDOWS\system32\shell32.dll,-17411
  400. ProgID = Shell.Autoplay
  401. InitCmdLine = PromptEachTimeNoContent
  402. HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Default) = {995C996E-D918-4a8c-A302-45719A6F4EA7}
  403. -> {HKLM...CLSID} = Shell Hardware Mixed Content Handler
  404. \LocalServer32\(Default) = C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS]
  405.  
  406. MSStorageSense\
  407. Provider = @C:\WINDOWS\System32\SettingsHandlers_StorageSense.dll,-100
  408. InvokeProgID = MSStorageSense
  409. InvokeVerb = open
  410. HKLM\SOFTWARE\Classes\MSStorageSense\shell\open\command\(Default) = explorer ms-settings:storagesense [MS]
  411.  
  412. MSWMPBurnCDOnArrival\
  413. Provider = @wmploc.dll,-6502
  414. InvokeProgID = WMP.BurnCD
  415. InvokeVerb = Burn
  416. HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]
  417.  
  418.  
  419. Startup items in "bgrze" & "All Users" startup folders:
  420. -------------------------------------------------------
  421.  
  422. C:\Users\bgrze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup {++}
  423. <<!>> CurseClientStartup.ccip [null data]
  424. Twitch -> shortcut to: C:\Users\bgrze\AppData\Roaming\Twitch\Bin\Twitch.exe /startup [null data]
  425.  
  426.  
  427. Non-disabled Scheduled Tasks: {++}
  428. -----------------------------
  429.  
  430. C:\Windows\System32\Tasks
  431. Adobe Flash Player PPAPI Notifier -> launches: C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_170_pepper.exe -check pepperplugin [Adobe Systems Incorporated]
  432. AdobeAAMUpdater-1.0-MicrosoftAccount-b.grzegorz90@gmail.com -> launches: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled [Adobe Systems Incorporated]
  433. CCleanerSkipUAC -> launches: "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) [Piriform Ltd]
  434. GoogleUpdateTaskMachineCore -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.]
  435. GoogleUpdateTaskMachineUA -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
  436. MurGeeAutoMouseMover -> launches: D:\PROGRA~1\AUTOMO~1\AUTOMO~1.EXE :silent :sccontrol [MurGee.com]
  437. NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> launches: C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log [NVIDIA Corporation]
  438. NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> launches: "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe" [NVIDIA Corporation]
  439. NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> launches: C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe --launcher=TaskScheduler [NVIDIA Corporation]
  440. NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> launches: C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [NVIDIA Corporation]
  441. NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> launches: C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [NVIDIA Corporation]
  442. NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> launches: C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [NVIDIA Corporation]
  443. NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> launches: C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe --logon [NVIDIA Corporation]
  444. NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> launches: C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [NVIDIA Corporation]
  445. OneDrive Standalone Update Task-S-1-5-21-966451903-2946700475-3315859100-1001 -> launches: %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MS]
  446. SystemMaintanceService -> (HIDDEN!) launches: C:\Users\bgrze\AppData\Roaming\Youtubers.Life.v1.0.4.Repack\rgnmo.exe /upgradeid=f561932c-0bef-41b9-9289-b7d5c099b86b [file not found]
  447. {62B2D9F5-0EB6-430D-957C-2EE0B59E3ABC} -> launches: C:\WINDOWS\system32\pcalua.exe -a C:\Users\bgrze\Desktop\xbox\Software\setupstb.exe -d C:\Users\bgrze\Desktop\xbox\Software [MS]
  448.  
  449. C:\Windows\System32\Tasks\Microsoft\Windows\.NET Framework
  450. .NET Framework NGEN v4.0.30319 -> (HIDDEN!) launches: {84F0FAE1-C27B-4F6F-807B-28CF6F96287D}
  451. -> {HKLM...CLSID} = (no title provided)
  452. \InProcServer32\(Default) = C:\Windows\System32\mscoree.dll [MS]
  453. .NET Framework NGEN v4.0.30319 64 -> (HIDDEN!) launches: {429BC048-379E-45E0-80E4-EB1977941B5C}
  454. -> {HKLM...CLSID} = (no title provided)
  455. \InProcServer32\(Default) = C:\Windows\System32\mscoree.dll [MS]
  456.  
  457. C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
  458. AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4D8A-A53E-D81C70CF743C}
  459. -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
  460. \InProcServer32\(Default) = C:\WINDOWS\system32\msdrm.dll [MS]
  461. -> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
  462. \InProcServer32\(Default) = C:\WINDOWS\system32\msdrm.dll [MS]
  463.  
  464. C:\Windows\System32\Tasks\Microsoft\Windows\AppID
  465. EDP Policy Manager -> launches: {DECA92E0-AF85-439E-9204-86679978DA08}
  466. -> {HKLM...CLSID} = EDP Policy Manager Task Handler
  467. \InProcServer32\(Default) = C:\WINDOWS\System32\AppLockerCsp.dll [MS]
  468. SmartScreenSpecific -> launches: {9F2B0085-9218-42A1-88B0-9F0E65851666} [InProcServer32 entry not found]
  469.  
  470. C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
  471. Microsoft Compatibility Appraiser -> launches: %windir%\system32\compattelrunner.exe [MS]
  472. ProgramDataUpdater -> launches: %windir%\system32\compattelrunner.exe -maintenance [MS]
  473. StartupAppTask -> launches: %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask [MS]
  474.  
  475. C:\Windows\System32\Tasks\Microsoft\Windows\ApplicationData
  476. appuriverifierdaily -> launches: %windir%\system32\AppHostRegistrationVerifier.exe [MS]
  477. appuriverifierinstall -> launches: %windir%\system32\AppHostRegistrationVerifier.exe [MS]
  478. CleanupTemporaryState -> launches: %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState [MS]
  479. DsSvcCleanup -> launches: %windir%\system32\dstokenclean.exe [MS]
  480.  
  481. C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
  482. Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]
  483.  
  484. C:\Windows\System32\Tasks\Microsoft\Windows\BitLocker
  485. BitLocker MDM policy Refresh -> launches: {61BCD1B9-340C-40EC-9D41-D7F1C0632F05}
  486. -> {HKLM...CLSID} = (no title provided)
  487. \InProcServer32\(Default) = C:\WINDOWS\System32\edptask.dll [MS]
  488.  
  489. C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
  490. UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS]
  491.  
  492. C:\Windows\System32\Tasks\Microsoft\Windows\BrokerInfrastructure
  493. BgTaskRegistrationMaintenanceTask -> launches: {E984D939-0E00-4DD9-AC3A-7ACA04745521} [InProcServer32 entry not found]
  494.  
  495. C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
  496. AikCertEnrollTask -> launches: {47E30D54-DAC1-473A-AFF7-2355BF78881F}
  497. -> {HKLM...CLSID} = NGC Pregeneration Task Handler
  498. \InProcServer32\(Default) = C:\WINDOWS\system32\ngctasks.dll [MS]
  499. CryptoPolicyTask -> launches: {47E30D54-DAC1-473A-AFF7-2355BF78881F}
  500. -> {HKLM...CLSID} = NGC Pregeneration Task Handler
  501. \InProcServer32\(Default) = C:\WINDOWS\system32\ngctasks.dll [MS]
  502. KeyPreGenTask -> launches: {47E30D54-DAC1-473A-AFF7-2355BF78881F}
  503. -> {HKLM...CLSID} = NGC Pregeneration Task Handler
  504. \InProcServer32\(Default) = C:\WINDOWS\system32\ngctasks.dll [MS]
  505. SystemTask -> launches: {58FB76B9-AC85-4E55-AC04-427593B1D060}
  506. -> {HKLM...CLSID} = Certificate Services Client Task Handler
  507. \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS]
  508. -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
  509. \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS]
  510. UserTask -> launches: {58FB76B9-AC85-4E55-AC04-427593B1D060}
  511. -> {HKLM...CLSID} = Certificate Services Client Task Handler
  512. \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS]
  513. -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
  514. \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS]
  515. UserTask-Roam -> launches: {58FB76B9-AC85-4E55-AC04-427593B1D060}
  516. -> {HKLM...CLSID} = Certificate Services Client Task Handler
  517. \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS]
  518. -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
  519. \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS]
  520.  
  521. C:\Windows\System32\Tasks\Microsoft\Windows\Chkdsk
  522. ProactiveScan -> launches: {CF4270F5-2E43-4468-83B3-A8C45BB33EA1}
  523. -> {HKLM...CLSID} = Proactive Scan
  524. \InProcServer32\(Default) = C:\Windows\System32\pstask.dll [MS]
  525.  
  526. C:\Windows\System32\Tasks\Microsoft\Windows\CloudExperienceHost
  527. CreateObjectTask -> (HIDDEN!) launches: {E4544ABA-62BF-4C54-AAB2-EC246342626C} [InProcServer32 entry not found]
  528.  
  529. C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
  530. Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS]
  531. KernelCeipTask -> (HIDDEN!) launches: {E7ED314F-2816-4C26-AEB5-54A34D02404C}
  532. -> {HKLM...CLSID} = KernelCeipCustomHandler
  533. \InProcServer32\(Default) = C:\WINDOWS\System32\kernelceip.dll [MS]
  534. UsbCeip -> (HIDDEN!) launches: {C27F6B1D-FE0B-45E4-9257-38799FA69BC8}
  535. -> {HKLM...CLSID} = UsbCeip
  536. \InProcServer32\(Default) = C:\WINDOWS\System32\usbceip.dll [MS]
  537. -> {HKLM...Wow...CLSID} = UsbCeip
  538. \InProcServer32\(Default) = C:\WINDOWS\System32\usbceip.dll [MS]
  539.  
  540. C:\Windows\System32\Tasks\Microsoft\Windows\Data Integrity Scan
  541. Data Integrity Scan -> launches: {DCFD3EA8-D960-4719-8206-490AE315F94F}
  542. -> {HKLM...CLSID} = Data Integrity Scan
  543. \InProcServer32\(Default) = C:\Windows\System32\discan.dll [MS]
  544. Data Integrity Scan for Crash Recovery -> (HIDDEN!) launches: {DCFD3EA8-D960-4719-8206-490AE315F94F}
  545. -> {HKLM...CLSID} = Data Integrity Scan
  546. \InProcServer32\(Default) = C:\Windows\System32\discan.dll [MS]
  547.  
  548. C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
  549. ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c -h -o -$ [MS]
  550.  
  551. C:\Windows\System32\Tasks\Microsoft\Windows\Device Information
  552. Device -> launches: %windir%\system32\devicecensus.exe [MS]
  553.  
  554. C:\Windows\System32\Tasks\Microsoft\Windows\Device Setup
  555. Metadata Refresh -> (HIDDEN!) launches: {23C1F3CF-C110-4512-ACA9-7B6174ECE888}
  556. -> {HKLM...CLSID} = DsmRefreshTask Class
  557. \InProcServer32\(Default) = C:\WINDOWS\System32\DeviceSetupManagerAPI.dll [MS]
  558.  
  559. C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient
  560. HandleCommand -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
  561. -> {HKLM...CLSID} = Device Directory Client Handler
  562. \InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS]
  563. HandleWnsCommand -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
  564. -> {HKLM...CLSID} = Device Directory Client Handler
  565. \InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS]
  566. LocateCommandUserSession -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
  567. -> {HKLM...CLSID} = Device Directory Client Handler
  568. \InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS]
  569. RegisterDeviceAccountChange -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
  570. -> {HKLM...CLSID} = Device Directory Client Handler
  571. \InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS]
  572. RegisterDeviceLocationRightsChange -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
  573. -> {HKLM...CLSID} = Device Directory Client Handler
  574. \InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS]
  575. RegisterDevicePeriodic24 -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
  576. -> {HKLM...CLSID} = Device Directory Client Handler
  577. \InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS]
  578. RegisterDevicePolicyChange -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
  579. -> {HKLM...CLSID} = Device Directory Client Handler
  580. \InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS]
  581. RegisterDeviceProtectionStateChanged -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
  582. -> {HKLM...CLSID} = Device Directory Client Handler
  583. \InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS]
  584. RegisterDeviceSettingChange -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
  585. -> {HKLM...CLSID} = Device Directory Client Handler
  586. \InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS]
  587. RegisterUserDevice -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
  588. -> {HKLM...CLSID} = Device Directory Client Handler
  589. \InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS]
  590.  
  591. C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
  592. Scheduled -> (HIDDEN!) launches: {C1F85EF8-BCC2-4606-BB39-70C523715EB3}
  593. -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler
  594. \InProcServer32\(Default) = C:\WINDOWS\System32\sdiagschd.dll [MS]
  595.  
  596. C:\Windows\System32\Tasks\Microsoft\Windows\DiskCleanup
  597. SilentCleanup -> launches: %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive% [MS]
  598.  
  599. C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic
  600. Microsoft-Windows-DiskDiagnosticDataCollector -> (HIDDEN!) launches: %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART [MS]
  601.  
  602. C:\Windows\System32\Tasks\Microsoft\Windows\DiskFootprint
  603. Diagnostics -> launches: %windir%\system32\disksnapshot.exe -z [MS]
  604. StorageSense -> launches: {AB2A519B-03B0-43CE-940A-A73DF850B49A}
  605. -> {HKLM...CLSID} = StorageUsage State Reporter Task Handler
  606. \InProcServer32\(Default) = C:\WINDOWS\system32\StorageUsage.dll [MS]
  607.  
  608. C:\Windows\System32\Tasks\Microsoft\Windows\DUSM
  609. dusmtask -> launches: %SystemRoot%\System32\dusmtask.exe [MS]
  610.  
  611. C:\Windows\System32\Tasks\Microsoft\Windows\EDP
  612. EDP App Launch Task -> launches: {61BCD1B9-340C-40EC-9D41-D7F1C0632F05}
  613. -> {HKLM...CLSID} = (no title provided)
  614. \InProcServer32\(Default) = C:\WINDOWS\System32\edptask.dll [MS]
  615. EDP Auth Task -> launches: {61BCD1B9-340C-40EC-9D41-D7F1C0632F05}
  616. -> {HKLM...CLSID} = (no title provided)
  617. \InProcServer32\(Default) = C:\WINDOWS\System32\edptask.dll [MS]
  618. EDP Inaccessible Credentials Task -> launches: {61BCD1B9-340C-40EC-9D41-D7F1C0632F05}
  619. -> {HKLM...CLSID} = (no title provided)
  620. \InProcServer32\(Default) = C:\WINDOWS\System32\edptask.dll [MS]
  621. StorageCardEncryption Task -> launches: {61BCD1B9-340C-40EC-9D41-D7F1C0632F05}
  622. -> {HKLM...CLSID} = (no title provided)
  623. \InProcServer32\(Default) = C:\WINDOWS\System32\edptask.dll [MS]
  624.  
  625. C:\Windows\System32\Tasks\Microsoft\Windows\EnterpriseMgmt
  626. MDMMaintenenceTask -> launches: %windir%\system32\MDMAgent.exe [MS]
  627.  
  628. C:\Windows\System32\Tasks\Microsoft\Windows\ErrorDetails
  629. EnableErrorDetailsUpdate -> launches: {FE285C8C-5360-41C1-A700-045501C740DE} [InProcServer32 entry not found]
  630.  
  631. C:\Windows\System32\Tasks\Microsoft\Windows\Feedback\Siuf
  632. DmClient -> launches: %windir%\system32\dmclient.exe [MS]
  633. DmClientOnScenarioDownload -> launches: %windir%\system32\dmclient.exe utcwnf [MS]
  634.  
  635. C:\Windows\System32\Tasks\Microsoft\Windows\FileHistory
  636. File History (maintenance mode) -> launches: {89917B7C-A1A6-11DF-8BF6-18A90531A85A}
  637. -> {HKLM...CLSID} = FhTaskHandler Class
  638. \InProcServer32\(Default) = C:\WINDOWS\System32\fhtask.dll [MS]
  639.  
  640. C:\Windows\System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller
  641. Installation -> launches: {6F58F65F-EC0E-4ACA-99FE-FC5A1A25E4BE}
  642. -> {HKLM...CLSID} = Language Components Installer
  643. \InProcServer32\(Default) = C:\Windows\System32\LanguageComponentsInstaller.dll [MS]
  644.  
  645. C:\Windows\System32\Tasks\Microsoft\Windows\License Manager
  646. TempSignedLicenseExchange -> (HIDDEN!) launches: {77646A68-AD14-4D53-897D-7BE4DDE5F929}
  647. -> {HKLM...CLSID} = TempSignedLicenseExchangeTask
  648. \InProcServer32\(Default) = C:\Windows\System32\TempSignedLicenseExchangeTask.dll [MS]
  649. -> {HKLM...Wow...CLSID} = TempSignedLicenseExchangeTask
  650. \InProcServer32\(Default) = C:\Windows\SysWOW64\TempSignedLicenseExchangeTask.dll [MS]
  651.  
  652. C:\Windows\System32\Tasks\Microsoft\Windows\Location
  653. Notifications -> launches: %windir%\System32\LocationNotificationWindows.exe [MS]
  654. WindowsActionDialog -> launches: %windir%\System32\WindowsActionDialog.exe [MS]
  655.  
  656. C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
  657. WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D}
  658. -> {HKLM...CLSID} = WinSAT Task Manger Task
  659. \InProcServer32\(Default) = C:\WINDOWS\system32\WinSATAPI.dll [MS]
  660. -> {HKLM...Wow...CLSID} = WinSAT Task Manger Task
  661. \InProcServer32\(Default) = C:\WINDOWS\system32\WinSATAPI.dll [MS]
  662.  
  663. C:\Windows\System32\Tasks\Microsoft\Windows\Management\Provisioning
  664. Cellular -> (HIDDEN!) launches: %windir%\system32\ProvTool.exe /turn 7 /source CellStateChangeTask [MS]
  665. Logon -> (HIDDEN!) launches: %windir%\system32\ProvTool.exe /turn 5 /source LogonIdleTask [MS]
  666.  
  667. C:\Windows\System32\Tasks\Microsoft\Windows\Maps
  668. MapsToastTask -> (HIDDEN!) launches: {9885AEF2-BD9F-41E0-B15E-B3141395E803}
  669. -> {HKLM...CLSID} = (no title provided)
  670. \InProcServer32\(Default) = C:\WINDOWS\System32\mapstoasttask.dll [MS]
  671. -> {HKLM...Wow...CLSID} = (no title provided)
  672. \InProcServer32\(Default) = C:\WINDOWS\System32\mapstoasttask.dll [MS]
  673. MapsUpdateTask -> launches: {B9033E87-33CF-4D77-BC9B-895AFBBA72E4}
  674. -> {HKLM...CLSID} = (no title provided)
  675. \InProcServer32\(Default) = C:\WINDOWS\System32\mapsupdatetask.dll [MS]
  676. -> {HKLM...Wow...CLSID} = (no title provided)
  677. \InProcServer32\(Default) = C:\WINDOWS\System32\mapsupdatetask.dll [MS]
  678.  
  679. C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
  680. ProcessMemoryDiagnosticEvents -> (HIDDEN!) launches: {8168E74A-B39F-46D8-ADCD-7BED477B80A3}
  681. -> {HKLM...CLSID} = MemoryDiagnosticTaskHandler
  682. \InProcServer32\(Default) = C:\WINDOWS\System32\MemoryDiagnostic.dll [MS]
  683. RunFullMemoryDiagnostic -> (HIDDEN!) launches: {8168E74A-B39F-46D8-ADCD-7BED477B80A3}
  684. -> {HKLM...CLSID} = MemoryDiagnosticTaskHandler
  685. \InProcServer32\(Default) = C:\WINDOWS\System32\MemoryDiagnostic.dll [MS]
  686.  
  687. C:\Windows\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts
  688. MNO Metadata Parser -> launches: %SystemRoot%\System32\MbaeParserTask.exe [MS]
  689.  
  690. C:\Windows\System32\Tasks\Microsoft\Windows\MUI
  691. LPRemove -> launches: %windir%\system32\lpremove.exe [MS]
  692.  
  693. C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
  694. SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
  695. -> {HKLM...CLSID} = Microsoft PlaySoundService Class
  696. \InProcServer32\(Default) = C:\WINDOWS\System32\PlaySndSrv.dll [MS]
  697. -> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class
  698. \InProcServer32\(Default) = C:\WINDOWS\System32\PlaySndSrv.dll [MS]
  699.  
  700. C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
  701. GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data]
  702.  
  703. C:\Windows\System32\Tasks\Microsoft\Windows\NlaSvc
  704. WiFiTask -> (HIDDEN!) launches: %SystemRoot%\System32\WiFiTask.exe nla [MS]
  705.  
  706. C:\Windows\System32\Tasks\Microsoft\Windows\PI
  707. Secure-Boot-Update -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4}
  708. -> {HKLM...CLSID} = TPM Maintenance Task Handler
  709. \InProcServer32\(Default) = C:\WINDOWS\system32\TpmTasks.dll [MS]
  710. Sqm-Tasks -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4}
  711. -> {HKLM...CLSID} = TPM Maintenance Task Handler
  712. \InProcServer32\(Default) = C:\WINDOWS\system32\TpmTasks.dll [MS]
  713.  
  714. C:\Windows\System32\Tasks\Microsoft\Windows\Plug and Play
  715. Device Install Group Policy -> (HIDDEN!) launches: {60400283-B242-4FA8-8C25-CAF695B88209}
  716. -> {HKLM...CLSID} = Device Installation Group Policy Task Handler
  717. \InProcServer32\(Default) = C:\Windows\System32\pnppolicy.dll [MS]
  718. Device Install Reboot Required -> (HIDDEN!) launches: {48794782-6A1F-47B9-BD52-1D5F95D49C1B}
  719. -> {HKLM...CLSID} = Device Installation Reboot Dialog Task
  720. \InProcServer32\(Default) = C:\Windows\System32\pnpui.dll [MS]
  721. Plug and Play Cleanup -> launches: {DEF03232-9688-11E2-BE7F-B4B52FD966FF} [InProcServer32 entry not found]
  722. Sysprep Generalize Drivers -> launches: %SystemRoot%\System32\drvinst.exe 6 [MS]
  723.  
  724. C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
  725. AnalyzeSystem -> launches: {927EA2AF-1C54-43D5-825E-0074CE028EEE}
  726. -> {HKLM...CLSID} = (no title provided)
  727. \InProcServer32\(Default) = C:\WINDOWS\System32\energytask.dll [MS]
  728.  
  729. C:\Windows\System32\Tasks\Microsoft\Windows\Ras
  730. MobilityManager -> launches: {C463A0FC-794F-4FDF-9201-01938CEACAFA}
  731. -> {HKLM...CLSID} = RasMobilityManager
  732. \InProcServer32\(Default) = C:\WINDOWS\system32\rasmbmgr.dll [MS]
  733.  
  734. C:\Windows\System32\Tasks\Microsoft\Windows\Registry
  735. RegIdleBackup -> (HIDDEN!) launches: {CA767AA8-9157-4604-B64B-40747123D5F2}
  736. -> {HKLM...CLSID} = RegistryIdleBackupHandler
  737. \InProcServer32\(Default) = C:\WINDOWS\System32\regidle.dll [MS]
  738.  
  739. C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
  740. RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]
  741.  
  742. C:\Windows\System32\Tasks\Microsoft\Windows\RemovalTools
  743. MRT_HB -> launches: C:\WINDOWS\system32\MRT.exe /EHB /Q [MS]
  744.  
  745. C:\Windows\System32\Tasks\Microsoft\Windows\Servicing
  746. StartComponentCleanup -> launches: {752073A1-23F2-4396-85F0-8FDB879ED0ED} [InProcServer32 entry not found]
  747.  
  748. C:\Windows\System32\Tasks\Microsoft\Windows\SettingSync
  749. BackgroundUploadTask -> (HIDDEN!) launches: {59B9640B-3F70-4D1C-B159-F26EEB8A4C87}
  750. -> {HKLM...CLSID} = Delayed Background Upload Task Handler
  751. \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS]
  752. -> {HKLM...Wow...CLSID} = Delayed Background Upload Task Handler
  753. \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS]
  754. BackupTask -> (HIDDEN!) launches: {60A4C78C-E2B8-4E6E-876F-DA203B02C05E}
  755. -> {HKLM...CLSID} = Backup Upload Task Handler
  756. \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS]
  757. -> {HKLM...Wow...CLSID} = Backup Upload Task Handler
  758. \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS]
  759. NetworkStateChangeTask -> (HIDDEN!) launches: {A4173A49-F373-4475-9A0F-2D615204DC20}
  760. -> {HKLM...CLSID} = Network State Change Task Handler
  761. \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS]
  762. -> {HKLM...Wow...CLSID} = Network State Change Task Handler
  763. \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS]
  764.  
  765. C:\Windows\System32\Tasks\Microsoft\Windows\Shell
  766. CreateObjectTask -> (HIDDEN!) launches: {990A9F8F-301F-45F7-8D0E-68C5952DBA43}
  767. -> {HKLM...CLSID} = Shell Create Object Task Delegate
  768. \InProcServer32\(Default) = C:\WINDOWS\system32\shell32.dll [MS]
  769. -> {HKLM...Wow...CLSID} = Shell Create Object Task Delegate
  770. \InProcServer32\(Default) = C:\WINDOWS\system32\shell32.dll [MS]
  771. FamilySafetyMonitor -> launches: %windir%\System32\wpcmon.exe [MS]
  772. FamilySafetyRefreshTask -> launches: {C844C79D-AED8-4DCE-AB25-4D359BED84F8}
  773. -> {HKLM...CLSID} = FamilySafetyRefreshTask
  774. \InProcServer32\(Default) = C:\WINDOWS\System32\WpcRefreshTask.dll [MS]
  775. IndexerAutomaticMaintenance -> launches: {3FBA60A6-7BF5-4868-A2CA-6623B3DFFEA6}
  776. -> {HKLM...CLSID} = Automatic Maintenance task to enable Windows Search to make progress while in Connected Standby
  777. \InProcServer32\(Default) = C:\WINDOWS\System32\srchadmin.dll [MS]
  778. -> {HKLM...Wow...CLSID} = Automatic Maintenance task to enable Windows Search to make progress while in Connected Standby
  779. \InProcServer32\(Default) = C:\WINDOWS\System32\srchadmin.dll [MS]
  780.  
  781. C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform
  782. SvcRestartTask -> (HIDDEN!) launches: {B1AEBB5D-EAD9-4476-B375-9C3ED9F32AFC}
  783. -> {HKLM...CLSID} = SppSvcRestartTaskHandler Class
  784. \InProcServer32\(Default) = C:\WINDOWS\System32\sppcext.dll [MS]
  785. -> {HKLM...Wow...CLSID} = SppSvcRestartTaskHandler Class
  786. \InProcServer32\(Default) = C:\WINDOWS\System32\sppcext.dll [MS]
  787.  
  788. C:\Windows\System32\Tasks\Microsoft\Windows\SpacePort
  789. SpaceAgentTask -> launches: %windir%\system32\SpaceAgent.exe [MS]
  790. SpaceManagerTask -> launches: %windir%\system32\spaceman.exe /Work [MS]
  791.  
  792. C:\Windows\System32\Tasks\Microsoft\Windows\Speech
  793. SpeechModelDownloadTask -> launches: %windir%\system32\speech_onecore\common\SpeechModelDownload.exe [MS]
  794.  
  795. C:\Windows\System32\Tasks\Microsoft\Windows\Storage Tiers Management
  796. Storage Tiers Management Initialization -> launches: {5C9AB547-345D-4175-9AF6-65133463A100} [InProcServer32 entry not found]
  797.  
  798. C:\Windows\System32\Tasks\Microsoft\Windows\Subscription
  799. EnableLicenseAcquisition -> (HIDDEN!) launches: %SystemRoot%\system32\ClipRenew.exe -e [MS]
  800.  
  801. C:\Windows\System32\Tasks\Microsoft\Windows\Sysmain
  802. ResPriStaticDbSync -> launches: {297EE78C-BA95-4E94-81D3-D6E7F089C7B5}
  803. -> {HKLM...CLSID} = Reserved Priority Static Db Sync Task
  804. \InProcServer32\(Default) = C:\WINDOWS\system32\sysmain.dll [MS]
  805. WsSwapAssessmentTask -> launches: %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask [MS]
  806.  
  807. C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
  808. SR -> launches: %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation [MS]
  809.  
  810. C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
  811. Interactive -> (HIDDEN!) launches: {855FEC53-D2E4-4999-9E87-3414E9CF0FF4}
  812. -> {HKLM...CLSID} = RunTask
  813. \InProcServer32\(Default) = C:\WINDOWS\system32\wdc.dll [MS]
  814. -> {HKLM...Wow...CLSID} = RunTask
  815. \InProcServer32\(Default) = C:\WINDOWS\system32\wdc.dll [MS]
  816.  
  817. C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
  818. MsCtfMonitor -> (HIDDEN!) launches: {01575CFE-9A55-4003-A5E1-F38D1EBDCBE1}
  819. -> {HKLM...CLSID} = MsCtfMonitor task handler
  820. \InProcServer32\(Default) = C:\WINDOWS\system32\MsCtfMonitor.dll [MS]
  821. -> {HKLM...Wow...CLSID} = MsCtfMonitor task handler
  822. \InProcServer32\(Default) = C:\WINDOWS\system32\MsCtfMonitor.dll [MS]
  823.  
  824. C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
  825. ForceSynchronizeTime -> launches: {A31AD6C2-FF4C-43D4-8E90-7101023096F9}
  826. -> {HKLM...CLSID} = Time Synchronization Task Handler
  827. \InProcServer32\(Default) = C:\WINDOWS\system32\TimeSyncTask.dll [MS]
  828. SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS]
  829.  
  830. C:\Windows\System32\Tasks\Microsoft\Windows\Time Zone
  831. SynchronizeTimeZone -> launches: %windir%\system32\tzsync.exe [MS]
  832.  
  833. C:\Windows\System32\Tasks\Microsoft\Windows\TPM
  834. Tpm-HASCertRetr -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4}
  835. -> {HKLM...CLSID} = TPM Maintenance Task Handler
  836. \InProcServer32\(Default) = C:\WINDOWS\system32\TpmTasks.dll [MS]
  837. Tpm-Maintenance -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4}
  838. -> {HKLM...CLSID} = TPM Maintenance Task Handler
  839. \InProcServer32\(Default) = C:\WINDOWS\system32\TpmTasks.dll [MS]
  840.  
  841. C:\Windows\System32\Tasks\Microsoft\Windows\UNP
  842. RunCampaignManager -> launches: %windir%\System32\UNP\UNPCampaignManager.exe [MS]
  843.  
  844. C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator
  845. Refresh Settings -> launches: %systemroot%\system32\usoclient.exe RefreshSettings [MS]
  846. Schedule Scan -> launches: %systemroot%\system32\usoclient.exe StartScan [MS]
  847. USO_UxBroker_Display -> launches: %systemroot%\system32\MusNotification.exe Display [MS]
  848. USO_UxBroker_ReadyToReboot -> launches: %systemroot%\system32\MusNotification.exe ReadyToReboot [MS]
  849.  
  850. C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
  851. UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS]
  852.  
  853. C:\Windows\System32\Tasks\Microsoft\Windows\WCM
  854. WiFiTask -> (HIDDEN!) launches: %SystemRoot%\System32\WiFiTask.exe [MS]
  855.  
  856. C:\Windows\System32\Tasks\Microsoft\Windows\WDI
  857. ResolutionHost -> (HIDDEN!) launches: {900BE39D-6BE8-461A-BC4D-B0FA71F5ECB1}
  858. -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler
  859. \InProcServer32\(Default) = C:\WINDOWS\System32\wdi.dll [MS]
  860. -> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler
  861. \InProcServer32\(Default) = C:\WINDOWS\System32\wdi.dll [MS]
  862.  
  863. C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
  864. QueueReporting -> launches: %windir%\system32\wermgr.exe -upload [MS]
  865.  
  866. C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
  867. BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]
  868.  
  869. C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
  870. UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]
  871.  
  872. C:\Windows\System32\Tasks\Microsoft\Windows\WindowsUpdate
  873. Automatic App Update -> launches: {A6BA00FE-40E8-477C-B713-C64A14F18ADB}
  874. -> {HKLM...CLSID} = (no title provided)
  875. \InProcServer32\(Default) = C:\Windows\System32\wuautoappupdate.dll [MS]
  876. Scheduled Start -> launches: C:\WINDOWS\system32\sc.exe start wuauserv [MS]
  877. sih -> (HIDDEN!) launches: %systemroot%\System32\sihclient.exe [MS]
  878. sihboot -> (HIDDEN!) launches: %systemroot%\System32\sihclient.exe /boot [MS]
  879.  
  880. C:\Windows\System32\Tasks\Microsoft\Windows\Wininet
  881. CacheTask -> launches: {0358B920-0AC7-461F-98F4-58E32CD89148}
  882. -> {HKLM...CLSID} = Wininet Cache task object
  883. \InProcServer32\(Default) = C:\WINDOWS\system32\wininet.dll [MS]
  884. -> {HKLM...Wow...CLSID} = Wininet Cache task object
  885. \InProcServer32\(Default) = C:\WINDOWS\system32\wininet.dll [MS]
  886.  
  887. C:\Windows\System32\Tasks\Microsoft\Windows\WOF
  888. WIM-Hash-Management -> launches: {B7BFFB5A-EFA8-4D8C-BBDE-C8D5FAAF54A1}
  889. -> {HKLM...CLSID} = WOF Task Handler
  890. \InProcServer32\(Default) = C:\WINDOWS\system32\WofTasks.dll [MS]
  891. WIM-Hash-Validation -> launches: {B7BFFB5A-EFA8-4D8C-BBDE-C8D5FAAF54A1}
  892. -> {HKLM...CLSID} = WOF Task Handler
  893. \InProcServer32\(Default) = C:\WINDOWS\system32\WofTasks.dll [MS]
  894.  
  895. C:\Windows\System32\Tasks\Microsoft\Windows\Work Folders
  896. Work Folders Logon Synchronization -> launches: {97D47D56-3777-49FB-8E8F-90D7E30E1A1E}
  897. -> {HKLM...CLSID} = Work Folder Logon Trigger Class
  898. \InProcServer32\(Default) = C:\Windows\System32\WorkFoldersShell.dll [MS]
  899. Work Folders Maintenance Work -> launches: {63260BCE-A3FB-4A34-AA51-D4D8E877B62B}
  900. -> {HKLM...CLSID} = Work Folder Maintenance Task Class
  901. \InProcServer32\(Default) = C:\Windows\System32\WorkFoldersShell.dll [MS]
  902.  
  903. C:\Windows\System32\Tasks\Microsoft\Windows\WwanSvc
  904. NotificationTask -> (HIDDEN!) launches: %SystemRoot%\System32\WiFiTask.exe wwan [MS]
  905.  
  906. C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE
  907. Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1}
  908. -> {HKLM...Wow...CLSID} = Windows Live Social Object Extractor Engine Definition Updater
  909. \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS]
  910.  
  911. C:\Windows\System32\Tasks\Microsoft\XblGameSave
  912. XblGameSaveTask -> launches: %windir%\System32\XblGameSaveTask.exe standby [MS]
  913. XblGameSaveTaskLogon -> launches: %windir%\System32\XblGameSaveTask.exe logon [MS]
  914.  
  915.  
  916. Winsock2 Service Provider DLLs:
  917. -------------------------------
  918.  
  919. Namespace Service Providers
  920.  
  921. HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
  922. 000000000001\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
  923. 000000000002\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
  924. 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
  925. 000000000004\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
  926. 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
  927. 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
  928. 000000000007\LibraryPath = %SystemRoot%\System32\wshbth.dll [MS]
  929.  
  930. HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++}
  931. 000000000001\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
  932. 000000000002\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
  933. 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
  934. 000000000004\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
  935. 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
  936. 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
  937. 000000000007\LibraryPath = %SystemRoot%\System32\wshbth.dll [MS]
  938.  
  939. Transport Service Providers
  940.  
  941. HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
  942. 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
  943. %SystemRoot%\system32\mswsock.dll [MS], 01 - 13
  944.  
  945. HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++}
  946. 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
  947. %SystemRoot%\system32\mswsock.dll [MS], 01 - 13
  948.  
  949.  
  950. Running Services (Display Name, Service Name, Path {Service DLL}):
  951. ------------------------------------------------------------------
  952.  
  953. Chrome Remote Desktop Service, chromoting, "C:\Program Files (x86)\Google\Chrome Remote Desktop\61.0.3163.20\remoting_host.exe" --type=daemon --host-config="C:\ProgramData\Google\Chrome Remote Desktop\host.json" [Google Inc.]
  954. Immunet 6.0.6, ImmunetProtect_6.0.6, "C:\Program Files\Immunet\6.0.6\sfc.exe" [Cisco Systems, Inc.]
  955. NVIDIA Display Container LS, NVDisplay.ContainerLocalSystem, "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 [NVIDIA Corporation]
  956. NVIDIA LocalSystem Container, NvContainerLocalSystem, "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll" [NVIDIA Corporation]
  957. NVIDIA Telemetry Container, NvTelemetryContainer, "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r [NVIDIA Corporation]
  958. Origin Web Helper Service, Origin Web Helper Service, "C:\Program Files (x86)\Origin\OriginWebHelperService.exe" [Electronic Arts]
  959. PnkBstrA, PnkBstrA, C:\WINDOWS\system32\PnkBstrA.exe [file not found]
  960. TokenBroker, TokenBroker, (null value) [file not found]
  961.  
  962.  
  963. Safe Mode Drivers & Services (subkey name, subkey default value):
  964. -----------------------------------------------------------------
  965.  
  966. HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\
  967.  
  968. <<!>> iai2c.sys, Driver
  969. <<!>> {F2E7DD72-6468-4E36-B6F1-6488F42C1B52}, Firmware
  970.  
  971. HKLM\System\CurrentControlSet\Control\SafeBoot\Network\
  972.  
  973. <<!>> NetSetupSvc, Service
  974. <<!>> {F2E7DD72-6468-4E36-B6F1-6488F42C1B52}, Firmware
  975.  
  976.  
  977. Print Monitors:
  978. ---------------
  979.  
  980. HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
  981. Appmon\Driver = AppMon.dll [MS]
  982. IppMon\Driver = IPPMon.dll [MS]
  983.  
  984.  
  985. ---------- (launch time: 2017-10-24 16:54:15)
  986. <<!>>: Suspicious data at a malware launch point.
  987.  
  988. + This report excludes default entries except where indicated.
  989. + To see *everywhere* the script checks and *everything* it finds,
  990. launch it from a command prompt or a shortcut with the -all parameter.
  991. + The search for DESKTOP.INI DLL launch points on all local fixed drives
  992. took 270 seconds.
  993. ---------- (total run time: 336 seconds)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!