"Silent Runners.vbs", revision 61,
Operating System: Windows 7 SP1
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"TOSHIBA Online Product Information" = "C:\Program Files\TOSHIBA\TOSHIBA Online Product Information\topi.exe" ["TOSHIBA"]
"Lingoes" = "C:\Program Files\Lingoes\Translator2\Lingoes.exe -minimize" ["Lingoes Project"]
"Google Update" = ""C:\Users\sama7\AppData\Local\Google\Update\GoogleUpdate.exe" /c" ["Google Inc."]
"Sidebar" = "C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" [MS]
"Badoo Desktop" = "C:\ProgramData\Badoo\Badoo Desktop\1.6.58.1220\Badoo.Desktop.exe" ["Badoo"]
"Yontoo Desktop" = ""C:\Users\sama7\AppData\Roaming\Yontoo\YontooDesktop.exe"" [null data]
"Desk 365" = ""C:\Program Files\Desk 365\desk365.exe" /autorun" ["337 Technology Limited."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"IgfxTray" = "C:\Windows\system32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:\Windows\system32\hkcmd.exe" ["Intel Corporation"]
"Persistence" = "C:\Windows\system32\igfxpers.exe" ["Intel Corporation"]
"cAudioFilterAgent" = "C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" ["Conexant Systems, Inc."]
"TPwrMain" = "C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE"
"SmoothView" = "C:\Program Files\Toshiba\SmoothView\SmoothView.exe"
"00TCrdMain" = "C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe"
"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"TosReelTimeMonitor" = "C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe"
"TosNC" = "C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe"
"NBAgent" = ""c:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart" ["Nero AG"]
"Microsoft Default Manager" = ""C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume" [MS]
"Toshiba TEMPRO" = "C:\Program Files\Toshiba TEMPRO\TemproTray.exe" [null data]
"TWebCamera" = ""C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun"
"SmartFaceVWatcher" = "C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe"
"TosSENotify" = "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe"
"TosVolRegulator" = "C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" ["TOSHIBA Corporation"]
"Toshiba Registration" = "C:\Program Files\Toshiba\Registration\ToshibaReminder.exe" [null data]
"Babylon Client" = "C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart" ["Babylon Ltd."]
"CanonMyPrinter" = "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon" ["CANON INC."]
"CanonSolutionMenuEx" = "C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon" ["CANON INC."]
"AVP" = ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"" ["Kaspersky Lab ZAO"]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."]
"FromDocToPDF_65 Browser Plugin Loader" = "C:\PROGRA~1\FROMDO~2\bar\1.bin\65brmon.exe" ["VER_COMPANY_NAME"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{11111111-1111-1111-1111-110011501160}\(Default) = "CrossriderApp0005060"
-> {HKLM...CLSID} = "Savings Sidekick"
\InProcServer32\(Default) = "C:\Program Files\Savings Sidekick\Savings Sidekick.dll" ["215 Apps"]
{18DBB6CE-3148-4FEC-B481-103CB3290427}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Speed Analysis 2"
\InProcServer32\(Default) = "C:\Program Files\Speed Analysis 2\ScriptHost.dll" ["SpeedAnalysis.com"]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub"
-> {HKLM...CLSID} = "Adobe PDF Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"]
{2EECD738-5844-4a99-B4B6-146BF802613B}\(Default) = "Babylon toolbar helper"
-> {HKLM...CLSID} = "Babylon toolbar helper"
\InProcServer32\(Default) = "C:\Program Files\BabylonToolbar\BabylonToolbar\1.8.11.10\bh\BabylonToolbar.dll" ["Babylon BHO"]
{3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided)
-> {HKLM...CLSID} = "RealNetworks Download and Record Plugin for Internet Explorer"
\InProcServer32\(Default) = "C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll" ["RealDownloader"]
{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}\(Default) = "ContentBlockerBrowserHelperObject"
-> {HKLM...CLSID} = "Content Blocker Plugin"
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll" ["Kaspersky Lab ZAO"]
{73455575-E40C-433C-9784-C78DC7761455}\(Default) = "VirtualKeyboardBrowserHelperObject"
-> {HKLM...CLSID} = "Virtual Keyboard Plugin"
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll" ["Kaspersky Lab ZAO"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java(tm) Plug-In SSV Helper"
\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\ssv.dll" ["Sun Microsystems, Inc."]
{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}\(Default) = "Safe Money Plugin"
-> {HKLM...CLSID} = "Safe Money Plugin"
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll" ["Kaspersky Lab ZAO"]
{a235e1e3-6296-4710-af39-104a7faa6c7c}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Toolbar BHO"
\InProcServer32\(Default) = "C:\PROGRA~1\FROMDO~2\bar\1.bin\65bar.dll" ["MindSpark"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll" ["Google Inc."]
{B399EDE8-1525-458C-8DD9-31EADF632D06}\(Default) = "LyricsTube"
-> {HKLM...CLSID} = "LyricsTube"
\InProcServer32\(Default) = "C:\Program Files\LyricsTube\lrcstube.dll" ["Hansen & Destar Apps"]
{C1AF5FA5-852C-4C90-812E-A7F75E011D87}\(Default) = "delta Helper Object"
-> {HKLM...CLSID} = "delta Helper Object"
\InProcServer32\(Default) = "C:\Program Files\Delta\delta\1.8.16.16\bh\delta.dll" ["Delta-search.com"]
{d0230100-3044-43b1-a44e-70dc12fd418c}\(Default) = "eType Toolbar"
-> {HKLM...CLSID} = "eType Toolbar"
\InProcServer32\(Default) = "C:\Program Files\etype\file2linktemplateX.dll" [null data]
{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper"
\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]
{E33CF602-D945-461A-83F0-819F76A199F8}\(Default) = "link filter bho"
-> {HKLM...CLSID} = "URL Advisor Plugin"
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll" ["Kaspersky Lab ZAO"]
{EEE6C35C-6118-11DC-9C72-001320C79847}\(Default) = "SWEETIE"
-> {HKLM...CLSID} = "SweetPacks Browser Helper"
\InProcServer32\(Default) = "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" ["SweetIM Technologies Ltd."]
{f236ca79-3123-4afb-9f74-e98117ad5625}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Search Assistant BHO"
\InProcServer32\(Default) = "C:\Program Files\FromDocToPDF_65\bar\1.bin\65SrcAs.dll" ["MindSpark"]
{F3C88694-EFFA-4d78-B409-54B7B2535B14}\(Default) = (no title provided)
-> {HKLM...CLSID} = "TOSHIBA Media Controller Plug-in"
\InProcServer32\(Default) = "C:\Program Files\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll" ["<TOSHIBA>"]
{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\(Default) = "Yontoo Layers"
-> {HKLM...CLSID} = "Yontoo"
\InProcServer32\(Default) = "C:\Program Files\Yontoo\YontooIEClient.dll" ["Yontoo LLC"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics Incorporated"]
"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
-> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
\InProcServer32\(Default) = "C:\PROGRA~1\MIF5BA~1\Office12\ONFILTER.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]
"{00F33137-EE26-412F-8D71-F84E4C2C6625}" = (no title provided)
-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]
"{00F346CB-35A4-465B-8B8F-65A29DBAB1F6}" = "Windows Live Photo Gallery Viewer Drop Target Shim"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Shim"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]
"{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D}" = "Windows Live Photo Gallery Editor Drop Target Shim"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Editor Shim"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]
"{00F30F90-3E96-453B-AFCD-D71989ECC2C7}" = "Windows Live Photo Gallery Autoplay Drop Target Shim"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "c:\program files\real\realplayer\rpshell.dll" ["RealNetworks, Inc."]
"{dd230880-495a-11d1-b064-008048ec2fc5}" = "Scan with Kaspersky Anti-Virus"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\shellex.dll" ["Kaspersky Lab ZAO"]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
<<!>> "AppInit_DLLs" = "c:\progra~2\browse~1\261249~1.132\{c16c1~1\browse~1.dll " ["PerformerSoft LLC"]
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
<<!>> ("livessp" [MS]) "Security Packages" = "kerberos"|"msv1_0"|"schannel"|"wdigest"|"tspkg"|"pku2u"|"livessp"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\
{B65F237C-AAFF-4df7-8872-91B65663E41F}\(Default) = "SmartFaceVCP"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Toshiba\SmartFaceV\SmartFaceVCP.dll" ["TOSHIBA Corporation"]
{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}\(Default) = "WLIDCredentialProvider"
-> {HKLM...CLSID} = "WLIDCredentialProvider"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL" [file not found]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\
<<!>> wlmailhtml\CLSID = "{03C514A3-1EFB-4856-9F99-10D7BE1653C0}"
-> {HKLM...CLSID} = "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Mail\mailcomm.dll" [MS]
<<!>> wlpg\CLSID = "{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}"
-> {HKLM...CLSID} = "Album Download IE Asynchronous Pluggable Protocol Interface"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll" [MS]
<<!>> x-excid\CLSID = "{9D6CC632-1337-4a33-9214-2DA092E776F4}"
-> {HKLM...CLSID} = "DB2XMLPlugProt Class"
\InProcServer32\(Default) = "C:\Windows\Downloaded Program Files\mimectl.dll" [MS]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\shellex.dll" ["Kaspersky Lab ZAO"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
{919E454D-BA29-4923-A9FE-692457764B18}\(Default) = (no title provided)
-> {HKLM...CLSID} = "NBShellHook Class"
\InProcServer32\(Default) = "c:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBShell.dll" ["Nero AG"]
HKLM\SOFTWARE\Classes\*\shellex\DragDropHandlers\
NBShellHook\(Default) = "{919E454D-BA29-4923-A9FE-692457764B18}"
-> {HKLM...CLSID} = "NBShellHook Class"
\InProcServer32\(Default) = "c:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBShell.dll" ["Nero AG"]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\shellex.dll" ["Kaspersky Lab ZAO"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\
igfxcui\(Default) = "{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}"
-> {HKLM...CLSID} = "GraphicsShellExt Class"
\InProcServer32\(Default) = "C:\Windows\system32\igfxpph.dll" ["Intel Corporation"]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\shellex.dll" ["Kaspersky Lab ZAO"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
{919E454D-BA29-4923-A9FE-692457764B18}\(Default) = (no title provided)
-> {HKLM...CLSID} = "NBShellHook Class"
\InProcServer32\(Default) = "c:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBShell.dll" ["Nero AG"]
HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\
NBShellHook\(Default) = "{919E454D-BA29-4923-A9FE-692457764B18}"
-> {HKLM...CLSID} = "NBShellHook Class"
\InProcServer32\(Default) = "c:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBShell.dll" ["Nero AG"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Users\sama7\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg"
Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
CanonMPNEX40PictureOnArrival\
"Provider" = "MP Navigator EX Ver4.0"
"InvokeProgID" = "MPNavigatorEX40.AutoplayHandler"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\MPNavigatorEX40.AutoplayHandler\shell\open\command\(Default) = "C:\Program Files\Canon\MP Navigator EX 4.0\mpnex40.exe /AUTOPLAY %1" [file not found]
iTunesBurnCDOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.BurnCD"
"InvokeVerb" = "burn"
HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L"" ["Apple Inc."]
iTunesImportSongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.ImportSongsOnCD"
"InvokeVerb" = "import"
HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L"" ["Apple Inc."]
iTunesPlaySongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.PlaySongsOnCD"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /playCD "%L"" ["Apple Inc."]
iTunesShowSongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.ShowSongsOnCD"
"InvokeVerb" = "showsongs"
HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L"" ["Apple Inc."]
MSLivePhotoAcqHWEventHandler\
"Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10"
"ProgID" = "Microsoft.LivePhotoAcqHWEventHandler"
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqHWEventHandler\CLSID\(Default) = "{3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F}"
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe" [MS]
MSLivePhotoAcquireDropHandler\
"Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10"
"InvokeProgID" = "Microsoft.LivePhotoAcqDTShim.1"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = "{00F33137-EE26-412F-8D71-F84E4C2C6625}"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]
MSLiveShowPicturesOnArrival\
"Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10"
"InvokeProgID" = "Microsoft.Photos.LiveAutoplayShim.1"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = "{00F30F90-3E96-453B-AFCD-D71989ECC2C7}"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]
MSLiveVideoCameraArrivalCaptureWizard\
"Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10"
"ProgID" = "WLXAutoPlayMgr.WLXHWEventHandler"
"InitCmdLine" = "WLXVideoAcquireWizard"
HKLM\SOFTWARE\Classes\WLXAutoPlayMgr.WLXHWEventHandler\CLSID\(Default) = "{9B5C97F6-B3A5-4A6D-8B03-993EC7291A22}"
-> {HKLM...CLSID} = "WLXWEventHandler Class"
\LocalServer32\(Default) = ""C:\Program Files\Windows Live\Photo Gallery\WLXVideoCameraAutoPlayManager.exe"" [MS]
NeroAutoPlay9CDAudio\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "CDAudio_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "c:\Program Files\Nero\Nero 9\Nero Express\NeroExpress.exe -w /New:AudioCD" ["Nero AG"]
NeroAutoPlay9CopyCD\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay9"
"InvokeVerb" = "CopyCD"
HKLM\SOFTWARE\Classes\Nero.AutoPlay9\shell\CopyCD\command\(Default) = "c:\Program Files\Nero\Nero BackItUp & Burn\Nero Express\NeroExpress.exe -w /Dialog
iscCopy" ["Nero AG"]
NeroAutoPlay9DataDisc\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay9"
"InvokeVerb" = "DataDisc"
HKLM\SOFTWARE\Classes\Nero.AutoPlay9\shell\DataDisc\command\(Default) = "c:\Program Files\Nero\Nero BackItUp & Burn\Nero Express\NeroExpress.exe -w /New:ISODisc" ["Nero AG"]
NeroAutoPlay9LaunchNE\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay9"
"InvokeVerb" = "LanchNE"
HKLM\SOFTWARE\Classes\Nero.AutoPlay9\shell\LanchNE\command\(Default) = "c:\Program Files\Nero\Nero BackItUp & Burn\Nero Express\NeroExpress.exe" ["Nero AG"]
NeroAutoPlay9LaunchNeroStartSmart\
"Provider" = "Nero StartSmart"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "c:\Program Files\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"]
RPCDBurningOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.CDBurn.6"
"InvokeVerb" = "open"
HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = ""c:\program files\real\realplayer\\RealPlay.exe" /burn "%1"" ["RealNetworks, Inc."]
RPDeviceOnArrival\
"Provider" = "RealPlayer"
"ProgID" = "RealPlayer.HWEventHandler"
HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}"
-> {HKLM...CLSID} = "RealNetworks Scheduler"
\LocalServer32\(Default) = ""c:\program files\real\realplayer\Update\realsched.exe" -autoplay" ["RealNetworks, Inc."]
RPDVDBurningOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.DVDBurn.6"
"InvokeVerb" = "open"
HKCU\Software\Classes\RealPlayer.DVDBurn.6\shell\open\command\(Default) = ""c:\program files\real\realplayer\\RealPlay.exe" /burndvd "%1"" ["RealNetworks, Inc."]
RPPlayCDAudioOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AudioCD.6"
"InvokeVerb" = "play"
HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = ""c:\program files\real\realplayer\\RealPlay.exe" /play %1 " ["RealNetworks, Inc."]
RPPlayDVDMovieOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.DVD.6"
"InvokeVerb" = "play"
HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = ""c:\program files\real\realplayer\\RealPlay.exe" /dvd %1 " ["RealNetworks, Inc."]
RPPlayMediaOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AutoPlay.6"
"InvokeVerb" = "open"
HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = ""c:\program files\real\realplayer\\RealPlay.exe" /autoplay "%1"" ["RealNetworks, Inc."]
TosDVDPlayHandler\
"Provider" = "TOSHIBA DVD PLAYER"
"InvokeProgID" = "TosDvdPlayer"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\TosDvdPlayer\shell\play\command\(Default) = ""C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TosHDDVD.exe"" ["TOSHIBA Corporation"]
WIA_{DFFA8C4F-AD63-4CA0-89DF-F71FEC900D1D}\
"Provider" = "WinZip"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = "/WiaCmd;C:\Program Files\WinZip\WINZIP32.EXE /wia;"
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]
WIA_{E18BB3B7-16D8-46A4-BAF8-3151C65FF3AB}\
"Provider" = "MP Navigator EX Ver4.0"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = "/WiaCmd;C:\Program Files\Canon\MP Navigator EX 4.0\mpnex40.exe /StiDevice:%1 /StiEvent:%2;"
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]
Startup items in "sama7" & "All Users" startup folders:
-------------------------------------------------------
C:\Users\sama7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
"OneNote 2007 Screen Clipper and Launcher" -> shortcut to: "C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE /tsr" [MS]
"TRDCReminder" -> shortcut to: "C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe" ["TOSHIBA Europe"]
Windows Sidebar Gadgets:
------------------------
C:\Users\sama7\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
"C:%5CProgram%20Files%5CWindows%20Sidebar%5CShared%20Gadgets%5CKaspersky13.Gadget"
"C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CClock.Gadget"
Non-disabled Scheduled Tasks:
-----------------------------
C:\Windows\System32\Tasks
"Adobe Flash Player Updater" -> launches: "C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe" ["Adobe Systems Incorporated"]
"Adobe online update program" -> launches: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [file not found]
"AmiUpdXp" -> launches: "C:\Users\sama7\AppData\Local\SwvUpdater\Updater.exe" ["Amonetize ltd."]
"CCleanerSkipUAC" -> launches: ""C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)" ["Piriform Ltd"]
"ConfigFree Startup Programs" -> launches: "C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe" ["TOSHIBA CORPORATION"]
"DealPly" -> launches: "C:\Users\sama7\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE /Check" [null data]
"Desk 365 RunAsStdUser" -> launches: "C:\Program Files\Desk 365\desk365.exe /autorun" ["337 Technology Limited."]
"GoforFilesUpdate" -> launches: "C:\Program Files\GoforFiles\GFFUpdater.exe" [file not found]
"Google Updater and Installer" -> launches: "C:\Users\sama7\AppData\Local\Google\Update\GoogleUpdate.exe /c" ["Google Inc."]
"GoogleUpdateTaskMachineCore" -> launches: "C:\Program Files\Google\Update\GoogleUpdate.exe /c" ["Google Inc."]
"GoogleUpdateTaskMachineUA" -> launches: "C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."]
"GoogleUpdateTaskUserS-1-5-21-3522845029-2519291586-37702198-1001Core" -> launches: "C:\Users\sama7\AppData\Local\Google\Update\GoogleUpdate.exe /c" ["Google Inc."]
"GoogleUpdateTaskUserS-1-5-21-3522845029-2519291586-37702198-1001UA" -> launches: "C:\Users\sama7\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."]
"Java Update Scheduler" -> launches: "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [file not found]
"Real Player online update program" -> launches: "c:\program files\real\realplayer\Update\realsched.exe -osboot" ["RealNetworks, Inc."]
"RealDownloaderDownloaderScheduledTaskS-1-5-21-3522845029-2519291586-37702198-1001" -> launches: "C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe /bgrecordaliveevent" ["RealNetworks, Inc."]
"RealDownloaderRealUpgradeLogonTaskS-1-5-21-3522845029-2519291586-37702198-1001" -> launches: "C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe /logoncheck" ["RealNetworks, Inc."]
"RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3522845029-2519291586-37702198-1001" -> launches: "C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe /scheduledcheck" ["RealNetworks, Inc."]
"RealPlayerRealUpgradeLogonTaskS-1-5-21-3522845029-2519291586-37702198-1001" -> launches: "C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /logoncheck" ["RealNetworks, Inc."]
"RealPlayerRealUpgradeScheduledTaskS-1-5-21-3522845029-2519291586-37702198-1001" -> launches: "C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck" ["RealNetworks, Inc."]
"RealUpgradeLogonTaskS-1-5-21-3522845029-2519291586-37702198-1000" -> launches: "C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /logoncheck" ["RealNetworks, Inc."]
"RealUpgradeLogonTaskS-1-5-21-3522845029-2519291586-37702198-1001" -> launches: "C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /logoncheck" ["RealNetworks, Inc."]
"RealUpgradeScheduledTaskS-1-5-21-3522845029-2519291586-37702198-1000" -> launches: "C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck" ["RealNetworks, Inc."]
"RealUpgradeScheduledTaskS-1-5-21-3522845029-2519291586-37702198-1001" -> launches: "C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck" ["RealNetworks, Inc."]
"SidebarExecute" -> launches: "C:\Program Files\Windows Sidebar\sidebar.exe" [MS]
"SmartDefrag_Startup" -> launches: "C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe /STARTUP" ["IObit"]
"User_Feed_Synchronization-{2948F5A3-F23B-48D3-BDD7-27535D4A8AE1}" -> (HIDDEN!) launches: "C:\Windows\system32\msfeedssync.exe sync" [MS]
"User_Feed_Synchronization-{5C4DA161-0655-4E80-BB85-679429A4879B}" -> (HIDDEN!) launches: "C:\Windows\system32\msfeedssync.exe sync" [MS]
"{18E3F230-856F-48C0-A520-513D27E4A5FE}" -> launches: "C:\Windows\system32\pcalua.exe -a "C:\Program Files\Babylon\Babylon-Pro\Utils\uninstbb.exe"" [MS]
"{49A52170-E736-4263-9E20-EE64499F4A90}" -> launches: ""c:\program files\internet explorer\iexplore.exe"
" [MS]
"{573FC55B-6893-44B8-95A0-F2BAF00D036C}" -> launches: "C:\Windows\system32\pcalua.exe -a "C:\Program Files\Mobily Connect Card\uninst.exe"" [MS]
"{5ECC7D53-E649-4981-956A-8CCB9C480DE0}" -> launches: "C:\Windows\system32\pcalua.exe -a "E:\Driver\USB 2.0 TO HDMI\Windows 2000\DisplayLink-5.3.25973.exe" -d "E:\Driver\USB 2.0 TO HDMI\Windows 2000"" [MS]
"{64B7AB0D-D27B-469E-BD22-C9258353B84B}" -> launches: "C:\Windows\system32\pcalua.exe -a "C:\Program Files\Mobile Broadband\uninst.exe"" [MS]
"{90DB1FEC-1CAC-4824-8DB9-35757CE5E209}" -> launches: ""c:\program files\internet explorer\iexplore.exe"
" [MS]
"{9F73895E-0F0F-40E1-8198-EBB0F19D2303}" -> launches: "C:\Windows\system32\pcalua.exe -a C:\Users\sama7\Desktop\vcs_diamond_aff.exe -d C:\Users\sama7\Desktop" [MS]
"{BC2D4D43-F4C9-478F-BC11-BAB4771205CB}" -> launches: "C:\Windows\system32\pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}\setup.exe" -c -runfromtemp -l0x0009 -removeonly" [MS]
"{C0306F4B-487C-4F51-A93D-6018039E9410}" -> launches: "C:\Windows\system32\pcalua.exe -a C:\تعاريف\Win7Vista_151719.exe -d C:\Users\sama7\Desktop" [MS]
C:\Windows\System32\Tasks\Apple
"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]
C:\Windows\System32\Tasks\Games
"UpdateCheck_S-1-5-21-3522845029-2519291586-37702198-1000" -> (HIDDEN!) launches: "{CA22F5B1-E06F-4A2B-94FC-21E87FE53781}"
-> {HKLM...CLSID} = "GameUpdateTask Class"
\InProcServer32\(Default) = "C:\Windows\System32\gameux.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
"AD RMS Rights Policy Template Management (Manual)" -> launches: "{BF5CB148-7C77-4d8a-A53E-D81C70CF743C}"
-> {HKLM...CLSID} = "AD RMS Rights Policy Template Management (Manual) Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\msdrm.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
"AitAgent" -> launches: "aitagent" [MS]
"ProgramDataUpdater" -> launches: "%windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
"Proxy" -> launches: "%windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
"UninstallDeviceTask" -> launches: "BthUdTask.exe $(Arg0)" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
"SystemTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
-> {HKLM...CLSID} = "Certificate Services Client Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]
"UserTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
-> {HKLM...CLSID} = "Certificate Services Client Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
"Consolidator" -> launches: "%SystemRoot%\System32\wsqmcons.exe" [MS]
"KernelCeipTask" -> (HIDDEN!) launches: "{e7ed314f-2816-4c26-aeb5-54a34d02404c}"
-> {HKLM...CLSID} = "KernelCeipCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\kernelceip.dll" [MS]
"UsbCeip" -> (HIDDEN!) launches: "{c27f6b1d-fe0b-45e4-9257-38799fa69bc8}"
-> {HKLM...CLSID} = "UsbCeip"
\InProcServer32\(Default) = "C:\Windows\System32\usbceip.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
"ScheduledDefrag" -> launches: "%windir%\system32\defrag.exe -c" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
"Scheduled" -> (HIDDEN!) launches: "{c1f85ef8-bcc2-4606-bb39-70c523715eb3}"
-> {HKLM...CLSID} = "ScheduledDiagnosticCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\sdiagschd.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Location
"Notifications" -> launches: "%windir%\System32\LocationNotifications.exe" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
"WinSAT" -> launches: "{A9A33436-678B-4C9C-A211-7CC38785E79D}"
-> {HKLM...CLSID} = "WinSAT Task Manger Task"
\InProcServer32\(Default) = "C:\Windows\system32\WinSATAPI.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
"CorruptionDetector" -> (HIDDEN!) launches: "{190BA3F6-0205-4f46-B589-95C6822899D2}"
-> {HKLM...CLSID} = "MemoryDiagnosticCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\memdiag.dll" [MS]
"DecompressionFailureDetector" -> (HIDDEN!) launches: "{190BA3F6-0205-4f46-B589-95C6822899D2}"
-> {HKLM...CLSID} = "MemoryDiagnosticCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\memdiag.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
"HotStart" -> launches: "{06DA0625-9701-43da-BFD7-FBEEA2180A1E}"
-> {HKLM...CLSID} = "HotStart User Agent"
\InProcServer32\(Default) = "C:\Windows\System32\HotStartUserAgent.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MUI
"LPRemove" -> launches: "%windir%\system32\lpremove.exe" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
"SystemSoundsService" -> launches: "{2DEA658F-54C1-4227-AF9B-260AB5FC3543}"
-> {HKLM...CLSID} = "Microsoft PlaySoundService Class"
\InProcServer32\(Default) = "C:\Windows\System32\PlaySndSrv.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
"GatherNetworkInfo" -> launches: "%windir%\system32\gatherNetworkInfo.vbs" [null data]
C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
"AnalyzeSystem" -> launches: "%SystemRoot%\System32\powercfg.exe -energy -auto" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\RAC
"RacTask" -> (HIDDEN!) launches: "{42060D27-CA53-41f5-96E4-B1E8169308A6}"
-> {HKLM...CLSID} = "ReliabilityAnalysisCustomHandler"
\InProcServer32\(Default) = "C:\Windows\system32\RacEngn.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Ras
"MobilityManager" -> launches: "{c463a0fc-794f-4fdf-9201-01938ceacafa}"
-> {HKLM...CLSID} = "RasMobilityManager"
\InProcServer32\(Default) = "C:\Windows\system32\rasmbmgr.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Registry
"RegIdleBackup" -> (HIDDEN!) launches: "{ca767aa8-9157-4604-b64b-40747123d5f2}"
-> {HKLM...CLSID} = "RegistryIdleBackupHandler"
\InProcServer32\(Default) = "C:\Windows\System32\regidle.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
"RemoteAssistanceTask" -> (HIDDEN!) launches: "%windir%\system32\RAServer.exe /offerraupdate" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
"SR" -> launches: "%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
"Interactive" -> (HIDDEN!) launches: "{855fec53-d2e4-4999-9e87-3414e9cf0ff4}"
-> {HKLM...CLSID} = "RunTask"
\InProcServer32\(Default) = "C:\Windows\system32\wdc.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
"IpAddressConflict1" -> launches: "%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem" [MS]
"IpAddressConflict2" -> launches: "%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
"MsCtfMonitor" -> (HIDDEN!) launches: "{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}"
-> {HKLM...CLSID} = "MsCtfMonitor task handler"
\InProcServer32\(Default) = "C:\Windows\system32\MsCtfMonitor.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
"SynchronizeTime" -> launches: "%windir%\system32\sc.exe start w32time task_started" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
"UPnPHostConfig" -> launches: "sc.exe config upnphost start= auto" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\WDI
"ResolutionHost" -> (HIDDEN!) launches: "{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}"
-> {HKLM...CLSID} = "DiagnosticInfrastructureCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\wdi.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
"QueueReporting" -> launches: "%windir%\system32\wermgr.exe -queuereporting" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
"BfeOnServiceStartTypeChange" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
"UpdateLibrary" -> launches: ""%ProgramFiles%\Windows Media Player\wmpnscfg.exe"" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
"AutomaticBackup" -> launches: "%systemroot%\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup" [MS]
"Windows Backup Monitor" -> launches: "%systemroot%\system32\sdclt.exe /CHECKSKIPPED" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows Defender
"MP Scheduled Scan" -> (HIDDEN!) launches: "c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE
"Extractor Definitions Update Task" -> launches: "{3519154C-227E-47F3-9CC9-12C3F05817F1}"
-> {HKLM...CLSID} = "Windows Live Social Object Extractor Engine Definition Updater"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\SOXE\wlsoxe.dll" [MS]
C:\Windows\System32\Tasks\WPD
"SqmUpload_S-1-5-21-3522845029-2519291586-37702198-1001" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe portabledeviceapi.dll,#1" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000005\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000006\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000007\LibraryPath = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL" [MS]
000000000008\LibraryPath = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL" [MS]
000000000009\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Inc."]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 36
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "Google Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll" ["Google Inc."]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"
-> {HKLM...CLSID} = "SweetPacks Toolbar for Internet Explorer"
\InProcServer32\(Default) = "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" ["SweetIM Technologies Ltd."]
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{EEE6C35B-6118-11DC-9C72-001320C79847}" = (no title provided)
-> {HKLM...CLSID} = "SweetPacks Toolbar for Internet Explorer"
\InProcServer32\(Default) = "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" ["SweetIM Technologies Ltd."]
"{D0230100-3044-43B1-A44E-70DC12FD418C}" = "eType Toolbar"
-> {HKLM...CLSID} = "eType Toolbar"
\InProcServer32\(Default) = "C:\Program Files\etype\file2linktemplateX.dll" [null data]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll" ["Google Inc."]
"{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}" = (no title provided)
-> {HKLM...CLSID} = "FromDocToPDF"
\InProcServer32\(Default) = "C:\Program Files\FromDocToPDF_65\bar\1.bin\65bar.dll" ["MindSpark"]
"{82E1477C-B154-48D3-9891-33D83C26BCD3}" = "Delta Toolbar"
-> {HKLM...CLSID} = "Delta Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Delta\delta\1.8.16.16\deltaTlbr.dll" ["Delta-search.com"]
Explorer Bars
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL" [MS]
Miscellaneous IE Hijack Points
------------------------------
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{4c60e5ab-5c68-4c59-abaa-885010b24b32}" = (no title provided)
-> {HKCU...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\FromDocToPDF_65\bar\1.bin\65SrcAs.dll" ["MindSpark"]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Apple Mobile Device, Apple Mobile Device, ""C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"" ["Apple Inc."]
Bonjour Service, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Inc."]
BrowserProtect, BrowserProtect, "C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe" ["PerformerSoft LLC"]
Canon Inkjet Printer/Scanner/Fax Extended Survey Program, IJPLMSVC, "C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE" [null data]
ConfigFree Service, ConfigFree Service, ""C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe"" ["TOSHIBA CORPORATION"]
ConfigFree WiMAX Service, cfWiMAXService, ""C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe"" ["TOSHIBA CORPORATION"]
Desk 365 service, desksvc, "C:\Program Files\Desk 365\deskSvc.exe" ["337 Technology Limited."]
eSafe Service, eSafeSvc, "C:\ProgramData\eSafe\eGdpSvc.exe" ["eSafe Security Co., Ltd."]
FromDocToPDFService, FromDocToPDF_65Service, "C:\PROGRA~1\FROMDO~2\bar\1.bin\65barsvc.exe" ["COMPANYVERS_NAME"]
iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Inc."]
Kaspersky Anti-Virus Service, AVP, ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" -r" ["Kaspersky Lab ZAO"]
Nero BackItUp Scheduler 4.0, Nero BackItUp Scheduler 4.0, "c:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe" ["Nero AG"]
PandoraService, PanService, "C:\Program Files\PANDORA.TV\PanService\PandoraService.exe" ["Pandora.TV"]
RealNetworks Downloader Resolver Service, RealNetworks Downloader Resolver Service, ""C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe"" [null data]
TOSHIBA HDD SSD Alert Service, TOSHIBA HDD SSD Alert Service, ""C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe"" ["TOSHIBA Corporation"]
TOSHIBA Optical Disc Drive Service, TODDSrv, "C:\Windows\system32\TODDSrv.exe" ["TOSHIBA Corporation"]
TOSHIBA Power Saver, TosCoSrv, ""C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe"" ["TOSHIBA Corporation"]
Updater Service, IBUpdaterService, ""C:\ProgramData\IBUpdaterService\ibsvc.exe" /SERVICE" [empty string]
Windows Live ID Sign-in Assistant, wlidsvc, ""C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"" [MS]
Yontoo Desktop Updater, Yontoo Desktop Updater, ""C:\Program Files\Yontoo\Y2Desktop.Updater.exe" "C:\Users\sama7\AppData\Roaming\Yontoo\YontooDesktop.exe"" [null data]
Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\
<<!>> MCODS, (null value)
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\
<<!>> MCODS, (null value)
Keyboard Driver Filters:
------------------------
HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
<<!>> "UpperFilters" = <<!>> "klkbdflt" ["Kaspersky Lab"],<<!>> "kbdclass" [MS]
Print Monitors:
---------------
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor MG5200 series\Driver = "CNMLMAE.DLL" ["CANON INC."]
Canon BJNP Port\Driver = "CNMNPPM.DLL" ["CANON INC."]
Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]
---------- (launch time: 2013-05-08 19:59:57)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 60 seconds, including 18 seconds for message boxes)
